https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/ Last month, a stored cross-site scripting (XSS) flaw was patched in version 5.2.0 of the popular WordPress plugin Abandoned Cart Lite For WooCommerce. The plugin, which we’ll be referring to by its slug woocommerce-abandoned-cart, allows the owners of WooCommerce sites to track abandoned shopping carts in order to recover those sales. A lack of sanitation […]
More info:
https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/
https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/ Last month, a stored cross-site scripting (XSS) flaw was patched in version 5.2.0 of the popular WordPress plugin Abandoned Cart Lite For WooCommerce. The plugin, which we’ll be referring to by its slug woocommerce-abandoned-cart, allows the owners of WooCommerce sites to track abandoned shopping carts in order to recover those sales. A lack of sanitation […]
More info:
https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/
Red Hat Enterprise Linux: Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core onRed Hat Enterprise Linux.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2019-0757
More info:
http://rhn.redhat.com/errata/RHSA-2019-0544.html
Red Hat Enterprise Linux: Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core onRed Hat Enterprise Linux.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2019-0757
More info:
http://rhn.redhat.com/errata/RHSA-2019-0544.html
El Parlamento Europeo, el Consejo y la Comisión Europea han alcanzado un acuerdo político sobre la Ley de ciberseguridad que refuerza el mandato de la Agencia Europea de Ciberseguridad (ENISA), con el fin de apoyar a los Estados miembros en la lucha contra el cibercrimen.
La ley también establece un marco de la UE para la certificación de la ciberseguridad, impulsando los servicios en línea y los dispositivos de consumo. Propuesta en 2017 como parte de un amplio conjunto de medidas para hacer frente a los ciberataques y crear una fuerte ciberseguridad en la UE, incluye:
- Un mandato permanente para la Agencia Europea de Ciberseguridad, ENISA, que sustituya en 2020 al actual, así como más recursos asignados a la agencia para que pueda cumplir sus objetivos.
- Una base más sólida para la ENISA en el nuevo marco de certificación de ciberseguridad para ayudar a los Estados miembros a responder eficazmente a los ciberataques con un mayor papel en la cooperación y la coordinación a nivel de la Unión.
European Commission (13/03/2019)
Más información
Type: Vulnerability. Microsoft Windows is prone to a remote denial of service vulnerability; fixes are available.
More info:
http://www.symantec.com/security_response/vulnerability.jsp?bid=107265&om_rssid=sr-advisories
Type: Vulnerability. Microsoft Edge is prone to a remote memory-corruption vulnerability; fixes are available.
More info:
http://www.symantec.com/security_response/vulnerability.jsp?bid=107288&om_rssid=sr-advisories
Type: Vulnerability. Microsoft Azure is prone to a security bypass vulnerability; fixes are available.
More info:
http://www.symantec.com/security_response/vulnerability.jsp?bid=107352&om_rssid=sr-advisories
Type: Vulnerability. Microsoft Windows is prone to an information-disclosure vulnerability; fixes are available.
More info:
http://www.symantec.com/security_response/vulnerability.jsp?bid=107270&om_rssid=sr-advisories
Type: Vulnerability. Microsoft Edge is prone to a remote privilege-escalation vulnerability; fixes are available.
More info:
http://www.symantec.com/security_response/vulnerability.jsp?bid=107287&om_rssid=sr-advisories
