Yesterday a number of major news websites were attacked due to a breach at Outbrain, a provider of widgets that display content recommendations. While the breach of Outbrain utilized social engineering, it is clear that Outbrain isn’t properly handling security of their systems, as they don’t even take basic security measures with their own website. One of the basic security measures is keeping software running a website up to date, which Outbrain hasn’t been doing:
Not only is that version over a year out of date, but they have failed to apply four updates that included security fixes (3.4.1, 3.4.2, 3.5.1, and 3.5.2). The release announcement for 3.5.2 included the warning:
This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
Considering how easy it is to update WordPress, their customers should be worrying about what other things they are also failing to do.