Project: Drupal coreDate: 2018-March-28Security risk: Highly critical 24∕25 AC:None/A:None/CI:All/II:All/E:Exploit/TD:DefaultVulnerability: Remote Code Execution CVE IDs: CVE-2018-7600Description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.The security team has written an FAQ about this
More info:
https://www.drupal.org/sa-core-2018-002
More info:
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10987&actp=RSS
https://wpvulndb.com/vulnerabilities/10069
More info:
https://wpvulndb.com/vulnerabilities/10069
https://ithemes.com/new-save-time-securing-wordpress-with-user-groups/The iThemes Security Pro plugin already helps you lock down your WordPress website down to the user-level with the User Security Check and User Logging features. Today, we are excited to roll out the New User Groups feature gives you the power to enforce the right level of security for the right people. Introducing User […]
More info:
https://ithemes.com/new-save-time-securing-wordpress-with-user-groups/
https://300m.com/security/advanced-security-headers/I have some great security headers on this blog, but they are added using a single checkbox on the Sucuri WAF (web application firewall) this site uses. This is what they look like: x-xss-protection: 1; mode=block x-frame-options: SAMEORIGIN x-content-type-options: nosniff …
More info:
https://300m.com/security/advanced-security-headers/
