Dear SWAMP Users,

On Wednesday (10/14/15), our ongoing security monitoring detected malicious modifications to the public SWAMP website (continuousassurance.org) that had been made late the previous evening. We took the website offline to perform forensics and restore the site’s integrity. We apologize for the inconvenience of the site being unavailable.

We have determined that this was a wide-spread attack exploiting vulnerable WordPress plugins on many websites across the Internet. The goal of the attack was to download malware onto visitors of the site. Attacks such as these serve as a reminder to keep your antivirus running and up to date. If you happened to visit the site during the time it was up on October 13th and 14th, we recommend running a malware check on your computer.

We’ve addressed the vulnerability on the SWAMP website, and we’re updating our patching processes to prevent a repeat. We will be reevaluating the site security in general over the next week.

The public website is separate from the SWAMP infrastructure on mir-swamp.org, and we have found no evidence of a compromise of the SWAMP infrastructure or the confidentiality of any user data.

We acknowledge our mistake in our email on this topic including users inappropriately on the To: line of the email. We are working on our procedure to prevent exposing user emails addresses in the future.

If you have any questions, please don’t hesitate to ask,

Thank you,
Von

Von Welch
SWAMP CISO
vwelch@iu.edu

SWAMP Security: security@continuousassurance.org