Security News – Regin and WordPress

Folks, here is one nasty piece of malware: Regin. Symantec has a fascinating and rather detailed write-up on Regin here. Very scary stuff. Most reports show that Regin has been in the wild since 2008, but I’ve seen a report or two that points further back to 2003. Due to the incredible complexity of Regin, consensus is that a nation state is the author, and the best choices are USA, Great Britain, China, or Israel. (Notice that no infections have been reported in USA or China.)

If you run a blog or website on WordPress (like I do), then note that WordPress has issued an update of their software which fixes a number of bugs and security vulnerabilities, including a critical flaw that could be used in a XSS (Cross-Site Scripting) attack. Exploits for this are most likely already out in the wild, so it is highly recommended that you apply the updates. You can view the security notice here.