Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

Vaporizers (AKA E-cigarettes) have been gaining some serious traction and widespread use over the past few years. The sudden surge of popularity isn’t too surprising considering the fact that the health implications of nicotine consumption are vastly more favorable with vaporizers when compared to traditional cigarettes.

Most Vaporizers charge through a propriety connection to USB that looks something like this:

Should be harmless, right?

In a recent reddit post, the poster reported that an executive at a large corporation had a data security breach on his system from malware, the source of which could not be determined initially. The machine was patched up to date, had updated anti-virus protection, and Weblogs were evaluated. “Finally after all traditional means of infection were covered; IT started looking into other possibilities…” The made in china USB charger had malware on it that, when plugged into a computer’s USB port, would phone home and infect the system.

Now for those of you scratching your head going – hang on a minute… Windows hasn’t auto-executed anything from USB in YEARS. USB drivers are loaded from the library on the PC and I would know when it was plugged in and I would have to click and run a file in that folder – this whole story sounds fishy… Let me introduce you to BadUSB. Essentially this USB control chip would be reprogrammed to act as a keyboard + mass storage device. Once plugged in, it sends key-commands to open command prompt and then executes files from the storage. It’s not as if this vector of attack is brand new either – at least conceptually. According to @th3j35t3r (the Jester), a well known cyberwarrior in an article titled ‘What would I do if I was Chinese PLA’, USB charger attacks such as this are “theoretical but entirely possible, if not probable”.

My personal suggestion to those concerned is to only charge USB devices through a wall adapter (they charge faster anyway). If you REALLY need to charge through USB then I suggest getting one of these, dubbed “USB Condoms”, which will make sure that only power is drawn and no data is exchanged.

What kind of defenses exist for this type of attack? Basically not much. Malware scanners cannot access the firmware running on USB devices and USB firewalls that block certain devices do not exist yet. Behavioral detection is unlikely since the device’s behavior is just going to appear as though a user has simply plugged in a new device. It’s very unsettling and the threat is there however unlikely we think it is. While I doubt this is widespread or even remotely common, I did make sure to take apart my charger and made sure that there were no data pins and that it was only drawing power through USB.


Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

This entry was posted in General Security on June 27, 2017 by Mark Maunder

Updated 3:19PM Pacific Time: A method to ‘vaccinate’ yourself against this ransomware variant has been found. I have posted details towards the end of the post along with a batch file you can run. It is as simple as creating the file C:\Windows\perfc and marking it read-only.

Update 2 at 7pm PST on Tuesday: It appears that the initial infection many have come from a company called MeDoc that was breached. Their systems were infected and they then pushed out an update, spreading the infection. MeDoc are disputing the allegation. Sources: Talos quoted on ZDNetForbes and FireEye.

This is a public service announcement from Wordfence due to the widespread and severe nature of this attack. A major ransomware attack targeting Microsoft Windows systems is affecting companies and systems, many of them critical, on a global scale.

What We Know

A new ransomware variant is spreading quickly across the globe at the time of this writing. There is no consensus yet in the security research community, so the following information is provisional in nature:

The ransomware has been dubbed “Petya.” It likely spreads by using two separate exploits. You don’t need to click on anything or take any action. This can spread into your system through the network. That is why it is having such a wide impact and why it is important that you update your system to protect yourself.

For the technically minded: This ransomware is exploiting a vulnerability in Microsoft Office when handling RTF documents (CVE-2017-0199). It also exploits a vulnerability in SMBv1 which is the Microsoft file-sharing protocol. This second vulnerability is described in Microsoft security bulletin MS17-010.

The ransomware has affected a large number of companies, organizations and government entities on an international scale. The following is a screenshot of the ransomware page you are confronted with once your files are encrypted: 150w, 300w, 1024w" sizes="(max-width: 700px) 100vw, 700px" style="padding: 0px; margin: 0px; box-sizing: border-box; display: block; max-width: 100%; height: auto; outline: 0px; border: 0px; color: inherit; text-decoration: none;">

Colin Hardy has provided a behavioral analysis of Petya, which includes a video demonstration of the malware in action:


What To Do

If you have not done so already, you should immediately install the MS17-010 patch from Microsoft.

If you currently run an unpatched Windows system, you may not have time to patch it before you are infected. Consider shutting down your machine, if feasible, and leaving it off the network until there is consensus in the research community on what this exploits and how to protect against it.

If you are technically able to, we recommend you block network access to port 445 on your Windows workstations. You may also want to monitor traffic to that port if you are a security professional.

Keep an eye on the Microsoft Security Response Center where they will hopefully release formal guidance soon.

Update your anti-virus definitions and run a scan on your system. You can find out which anti-virus products are detecting the current variant of Petya on this VirusTotal page. I’ve linked to one of the files involved in the infection. The page shows which AV vendors are currently detecting this file. The green check marks mean the file is not detected by that AV vendor (it’s counterintuitive).

Who This Has Affected So Far

  • A Ukrainian state power company and Kiev’s main airport were among the first to report issues.
  • The Chernobyl nuclear power plant has had to monitor radiation levels manually after they were forced to shut down the Windows systems that their sensors had been using.
  • Antonov aircraft has reported being affected.
  • Copenhagen-based shipping company Maersk is experiencing outages in multiple IT systems and across multiple business units.
  • Food giant Modelez, which makes Oreo and Toblerone, has also been hit.
  • Netherlands-based shipping company TNT was also hit.
  • French construction company St. Gobain has been affected.
  • Pharmaceutical company Merck says they have systems affected.
  • Law firm DLA Piper was hit.
  • Heritage Valley Health System, a US hospital operator, has also been hit.
  • Kiev’s metro system has stopped accepting payment cards because they were affected.

The list is long and growing; the above just a snapshot.

Strong Incentive for Attackers

Many are reporting the belief that the South Korean hosting company that paid attackers a $1M ransom a week ago to recover their data have created a huge incentive for future ransomware attacks.

That has resulted in this new spate of attacks affecting systems globally.

Coverage of This Story

Update 3:19pm PST: A Vaccine has been Found

In the past couple of hours researchers have found a ‘vaccine’ against having your files encrypted by this new variant of Petya. They discovered that if a file exists, the encryption routine will not run.

Amit Serper who found this had their findings confirmed by other security researchers.

To vaccinate a machine against this ransomware, simply create a file called perfc in the C:\Windows folder and mark it read only. The following batch file courtesy of BleepingComputer will do the job for you:

This post in BleepingComputer also includes instructions on how to create the file manually if you would prefer to do that. Once this file is created, the encryption routine for this specific ransomware variant will not run and encrypt your files.


Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

This entry was posted in WordfenceWordPress Security on July 6, 2017 by Mark Maunder


It’s been a tough week for the WP Statistics plugin. Last Friday, Sucuri (now owned by GoDaddy) discovered a SQL injection vulnerability in the WP Statistics plugin version 12.0.7 and older. To exploit the vulnerability, an attacker needs to register an account (or use a compromised account) with subscriber-level access. They can then exploit a weakness in a WP Statistics shortcode to launch a SQL injection attack. This allows them to, for example, create an admin-level user and sign in to your website as an admin.

Then, 2 days ago Ryan Dewhurst discovered a cross site scripting vulnerability in the same plugin, which was fixed within a few hours of discovery.

Over 300,000 websites use WP Statistics. If you use the plugin, you should immediately update to version 12.0.9 which fixes both of these vulnerabilities.

Wordfence includes built-in protection against SQL injection attacks and cross site scripting (XSS) attacks. As a precautionary measure, we’ve released an additional rule to our Wordfence Premium customers in real-time to protect them against the specific SQL injection attack that targets this plugin.

Other WordPress Vulnerabilities You Should Be Aware Of

The All-in-One WP Migration plugin for WordPress reportedly suffered from a cross site scripting vulnerability which was fixed about 6 weeks ago. Wordfence free and Premium has built-in XSS protection, as mentioned above, so even if you were running the vulnerable plugin, you would have been safe. Nevertheless, if you haven’t already, we recommend you update to 6.51, the newest version of All-in-One WP Migration.

A few weeks ago, a reflected cross site scripting vulnerability was discovered in the WordPress Download Manager plugin versions 2.9.51 and older. We suggest you update to 2.9.53, which is the newest version of this plugin. Wordfence also protects against this exploit (free and Premium).

Don’t Forget to Update Your Joomla Installations

Joomla released a security update 48 hours ago which fixes three vulnerabilities. The new release is Joomla 3.7.3 and includes fixes for two XSS vulnerabilities and an information disclosure vulnerability. If you run Joomla on your website, you can visit to run a quick scan on your Joomla site and find out if you are vulnerable and need to take action. Details on the release can be found on and we also mentioned this update on the Gravityscan blog.

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive

from Google's Blog ....

Recently we’ve also seen more and more webmasters adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security), on their website, which is encouraging.

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content— while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

In the coming weeks, we’ll publish detailed best practices (it's in our help center now) to make TLS adoption easier, and to avoid common mistakes. Here are some basic tips to get started:

  • Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  • Use 2048-bit key certificates
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains
  • Check out our Site move article for more guidelines on how to change your website’s address
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

If your website is already serving on HTTPS, you can test its security level and configuration with the Qualys Lab tool. If you are concerned about TLS and your site’s performance, have a look at Is TLS fast yet?. And of course, if you have any questions or concerns, please feel free to post in our Webmaster Help Forums.

We hope to see more websites using HTTPS in the future. Let’s all make the web more secure!


NOTE: All The West Wings Websites can run https free of charge.


Photography is an integral part of any great Website. You only get one chance to make a first impression, so you need to make it a good one.  Any Website can be let down by its weakest link.

Engaging photography can boost success, poor photography can severely hinder.

Having quality imagery is one of the easiest ways to make your business look professional.