Month: agosto 2019

https://www.wordfence.com/blog/2019/08/podcast-episode-36-proposals-to-improve-wordpress-include-wp-notify-and-security-backporting-changes/ This week, we talk about our corporate trip to DEF CON, the WordPress security team’s proposal to backport security fixes to fewer releases, a new feature proposal called WP Notify that has a number of very positive implications for WordPress users, Cloudflare’s decision to terminate service for 8Chan, and a European court’s ruling that More info: https://www.wordfence.com/blog/2019/08/podcast-episode-36-proposals-to-improve-wordpress-include-wp-notify-and-security-backporting-changes/

http://feedproxy.google.com/~r/sucuri/blog/~3/2mvkM8gOmCA/autoloaded-server-side-swiper.html Front-end JavaScript-based credit card stealing malware has garnered a lot of attention within the security community. This makes sense, since the “swipers” can be easily detected by simply scanning the web pages of e-commerce sites. However, this isn’t the only way to steal payment details and sensitive user information from compromised sites. Server-side swipers […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/2mvkM8gOmCA/autoloaded-server-side-swiper.html

https://wpvulndb.com/vulnerabilities/9494 More info: https://wpvulndb.com/vulnerabilities/9494

July 02, 2019 2:00 PM PDT CVE Identifier: CVE-2019-11246 AWS is aware of a security issue (CVE-2019-11246) in the Kubernetes kubectl tool that could allow a malicious container to replace or create files on a users workstation. If a user were to run an untrusted container containing a malicious version of the tar command and execute the kubectl cp operation, the kubectl binary unpacking the tar file could overwrite or create files on a users workstation. AWS customers should refrain from using More info: https://aws.amazon.com/security/security-bulletins/AWS-2019-006/

https://wpvulndb.com/vulnerabilities/9495 More info: https://wpvulndb.com/vulnerabilities/9495

https://wpvulndb.com/vulnerabilities/9496 More info: https://wpvulndb.com/vulnerabilities/9496

More info: https://wpvulndb.com/vulnerabilities/9494

http://feedproxy.google.com/~r/sucuri/blog/~3/KfFfwCGn5Tg/malicious-plugin-used-to-encrypt-wordpress-posts.html During a recent cleanup, we found an interesting malicious WordPress plugin, “WP Security”, that was being used to encrypt blog post content. The website owner complained of a newly installed and activated plugin on their website that was rendering their original content unreadable. The plugin encrypted posts with the ‘AES-256-CBC’ method by using the […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/KfFfwCGn5Tg/malicious-plugin-used-to-encrypt-wordpress-posts.html

More info: https://wpvulndb.com/vulnerabilities/9492

More info: https://wpvulndb.com/vulnerabilities/9495