https://kinsta.com/blog/wordpress-activity-log/When your WordPress website is small, it’s easy to keep tabs on everything that happens within it. However, as it grows in size and complexity it can become a lot harder to keep up. This is particularly true if you enable users to register on your site, run a membership site, or have multiple contributors […]
More info:
https://kinsta.com/blog/wordpress-activity-log/
Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSHlibrary, contains an authentication bypass vulnerability in the servercode. An attacker can take advantage of this flaw to successfullyauthenticate without any credentials by presenting the server anSSH2_MSG_USERAUTH_SUCCESS message in place of theSSH2_MSG_USERAUTH_REQUEST message which the server would expect toinitiate authentication.
More info:
https://www.debian.org/security/2018/dsa-4322
https://www.wpwhitesecurity.com/how-to-vet-employee-before-granting-admin-access-wordpress/In the grand pantheon of nerve-wracking activities that go into growing a business, handing out admin access to someone else might not seem like a top-tier contender, but it’s actually a very awkward milestone — particularly if you’ve previously run everything yourself. Your WordPress website is your creation, the product of your hard work. Ceding […]
More info:
https://www.wpwhitesecurity.com/how-to-vet-employee-before-granting-admin-access-wordpress/
libssh vulnerability CVE-2018-10933. Security Advisory. Security Advisory Description. A vulnerability was found in libsshs ...
More info:
https://support.f5.com/csp/article/K52868493
More info:
https://wpvulndb.com/vulnerabilities/9135
Cross-site scripting (XSS) vulnerability in undisclosed TMUI page CVE-2018-15314. Security Advisory. Security Advisory Description. ...
More info:
https://support.f5.com/csp/article/K04524282
http://feedproxy.google.com/~r/sucuri/blog/~3/u_Q1VUaCOtY/security-monitoring-saves-the-day.html For the second week of National Cyber Security Awareness Month, we would like to focus on a very important part in having a good website security posture: monitoring. How can security monitoring save your day? Most people only care about their website security after something bad has already happened. However, how can you tell […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/u_Q1VUaCOtY/security-monitoring-saves-the-day.html
Cross-site scripting (XSS) vulnerability in undisclosed TMUI page CVE-2018-15313. Security Advisory. Security Advisory Description. ...
More info:
https://support.f5.com/csp/article/K21042153
TL;DR: Firefox Nightly now supports encrypting the TLS Server Name Indication (SNI) extension, which helps prevent attackers on your network from learning your browsing history. You can enable encrypted SNI today and it will automatically work with any site that … Continue readingThe post Encrypted SNI Comes to Firefox Nightly appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/
http://feedproxy.google.com/~r/sucuri/blog/~3/Ge-s7hkF9W0/obfuscated-javascript-cryptominer.html During an incident response investigation, we detected an interesting piece of heavily obfuscated JavaScript malware. Once decoded, we found out that cryptominers were running on visitor’s computers when they accessed our customer’s website. We have previously discussed how cryptomining can happen in many covert ways. In this post, we will show you how a malicious […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/Ge-s7hkF9W0/obfuscated-javascript-cryptominer.html
