Welcome to our new news segment, This Week in InfoSec, where we bring you the big stories in information security from around the world.

WordPress Finally Patches 6 Glaring Security Issues

WordPress is the most popular CMS in the world — and the most hacked. Just last month, hackers engaged in a “feeding frenzy” at the expense of WordPress sites across the web, exploiting a vulnerability found in the WP REST API plugin. After patching that security issue, Automattic, the company behind WordPress, rolled out yet another security patch this week in the form of WordPress 4.7.3.

Read more at CMS Wire

Why Australia Post ransomwared its own staff

When Australia Post employees stopped responding to internal phishing campaigns designed to test staff security awareness, the organisation’s infosec team knew they had to shake things up. Clearly staff were becoming desensitised to the tests, which meant AusPost had to think up new, more engaging ways they could emphasise the risk. The infosec team decided to create their own fake ransomware to get staff’s attention and drive home the real, tangible risks that can eventuate if staff are not careful about what they click on.

Read the entire story at IT News

Local cloud providers ready to capitalise on govt security approval

Two Australian companies were yesterday revealed to be the first cloud providers to have been certified by an Australian Signals Directorate-backed program for use with classified government information. Vault Systems and Sliced Tech have had services certified for use at the PROTECTED level added to the government’s Certified Cloud Services List (CCSL), which is maintained by the ASD and is based on IRAP (Information Security Registered Assessors Program) assessments.

Read more at Computer World