Ilia Kolochenko, founder and CEO of web security company ImmuniWeb has commented:
The following is our rough coverage of the 2021 Sohn Investment Conference, which is being held virtually and features Brad Gerstner, Bill Gurley, Octahedron's Ram Parameswaran, Glenernie's Andrew Nunneley, and Lux's Josh Wolfe. Q1 2021 hedge fund letters, conferences and more Keep checking back as we will be updating this post as the conference goes Read More
“Technical details of the breach still remain obscure and it would be premature to make any conclusions at this point of time.
Today, all cryptocurrency-related businesses should be well prepared to defend against constant and sophisticated cyber attacks. In reality, however, virtually all of them underestimate or ignore digital risks and allocate scant resources for cybersecurity. Most have to compete on a very aggressive and turbulent market and thus are reducing their costs by all available means. Software development suffers most tremendously as cheap outsourced code cannot be secure by definition.
To bring certainty to the cryptocurrency markets clear regulatory standards are required, such as is PCI and PA DSS. Even if they are not a silver bullet, they greatly reduce both the number and average volume of credit cards theft.”
The new WordPress 5.2 build has shipped with new defense measures against possible supply-chain attacks.
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb has commented on the news:
“This is undoubtedly a robust security enhancement of WordPress plugin management. However, it does not protect against many popular attack vectors involving third-party plugins. For example, a compromise of a plugin developer’s machine will likely allow the push of malicious but signed updates of a purely legitimate appearance. This may create a disastrous situation where victims blindly trust malicious updates.
Worse, authors of some popular plugins will probably readily sell their projects for an amount ten times lower than a well-organized cybercrime group may generate in profits backdooring the plugin. Last, but not least, the vast majority of WordPress plugins today contain numerous, often high-risk, security vulnerabilities enabling the attackers to breach and backdoor virtually all WordPress installations with the plugin without any further complexities.”