Prior to being able to display a web page within a browser the rendering engine checks and verifies the MIME type of the document being loaded. In case of an html page, for example, the rendering engine expects a MIME … Continue readingThe post Firefox 75 will respect ‘nosniff’ for Page Loads appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2020/04/07/firefox-75-will-respect-nosniff-for-page-loads/
These monthly reports are provided for the WordPress community at large from Pagely’s head of security, Robert Rowley. Rowley and the entire security team keep their finger on the pulse […]
More info:
https://pagely.com/blog/wordpress-security-updates-march-2020/
This week, we look at the WordPress 5.4 release which includes turning distraction free editing on by default. We also look at new plugin vulnerabilities discovered by the Wordfence Threat Intelligence team, including those found in Rank Math and a Contact From 7 helper plugin. We review the new features recently added to Fast or […]
More info:
https://www.wordfence.com/blog/2020/04/episode-72-wordpress-5-4-released-zoom-conferencing-safety-security/
In the previous blog, 2020 Cybersecurity Outlook Report: Key Findings (Part 1 of 2), the topic of discussion revolved around common attacker tactics, techniques, and procedures (TTPs) seen in 2019. To recap, some notable insights from Part 1 included the following: As attacker behavior became more evasive, there was an increase in the use The post 2020 Cybersecurity Outlook Report: Key Findings (Part 2 of 2) appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/04/2020-cybersecurity-outlook-report-key-findings-part-2-of-2.html
In the previous blog, 2020 Cybersecurity Outlook Report: Key Findings (Part 1 of 2), the topic of discussion revolved around common attacker tactics, techniques, and procedures (TTPs) seen in 2019. To recap, some notable insights from Part 1 included the following: As attacker behavior became more evasive, there was an increase in the use The post 2020 Cybersecurity Outlook Report: Key Findings (Part 2 of 2) appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/04/2020-cybersecurity-outlook-report-key-findings-part-2-of-2.html
PHP vulnerability CVE-2020-7066 Security Advisory Security Advisory Description In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using get_headers() with user- ...
More info:
https://support.f5.com/csp/article/K17457324?utm_source=f5support&utm_medium=RSS
On April 1, 2020, the Wordfence Threat Intelligence team discovered a stored Cross Site Scripting (XSS) vulnerability in Contact Form 7 Datepicker, a WordPress plugin installed on over 100,000 sites. As the plugin developer’s github page indicated that the plugin was no longer being maintained, we contacted the WordPress plugins team with our disclosure, and […]
More info:
https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-leads-to-closure-of-plugin-with-over-100000-installations/
With much of the world shifting to working from home due to public health concerns with COVID-19, video conferencing is booming. Businesses, and even schools, are turning to platforms such as Zoom, Microsoft Teams, Google hangouts and other technologies to stay connected. Zoom has come under fire in recent days due to security issues with […]
More info:
https://www.wordfence.com/blog/2020/04/safety-and-security-while-video-conferencing/
Initial Publication Date: 2020/03/31 11:15AM PDT AWS is updating all AWS Federal Information Processing Standard (FIPS) endpoints to a minimum Transport Layer Security (TLS) version of 1.2 across all AWS Regions by March 31, 2021. This update will revoke the ability to use TLS 1.0 and TLS 1.1 on all FIPS endpoints. No other AWS endpoints will be affected by this change. When connecting to an AWS service endpoint, your client provides its TLS minimum and TLS maximum version. The AWS service
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2020-001/
The fourth release candidate for WordPress 5.4 is live! WordPress 5.4 is currently scheduled to land on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! You can test the WordPress 5.4 release candidate in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option) […]
More info:
https://wordpress.org/news/2020/03/wordpress-5-4-rc4/
