Month: mayo 2020

Today is World Password Day and we wanted to share some resources you can use to review your password security. World Password Day reminds us of the importance of having a solid password strategy for all your online accounts. These resources apply to password security in general but also specifically for WordPress websites. Here’s a […] More info: https://ithemes.com/world-password-day-2020-lets-increase-your-password-security/

The post How To Remove Defacement From WordPress Site? appeared first on BlogVault – The Most Reliable WordPress Backup Plugin. More info: https://blogvault.net/deface-wordpress/

Linux kernel vulnerability CVE-2019-10638 Security Advisory Security Advisory Description In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel ... More info: https://support.f5.com/csp/article/K24249971?utm_source=f5support&utm_medium=RSS

Telnet vulnerability CVE-2020-10188 Security Advisory Security Advisory Description utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short ... More info: https://support.f5.com/csp/article/K22130301?utm_source=f5support&utm_medium=RSS

Telnet vulnerability CVE-2020-10188 Security Advisory Security Advisory Description utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short ... More info: https://support.f5.com/csp/article/K22130301?utm_source=f5support&utm_medium=RSS

NGINX Controller AVRD vulnerability CVE-2020-5895 Security Advisory Security Advisory Description AVRD uses world-readable and world-writable permissions on its socket, which allows processes or ... More info: https://support.f5.com/csp/article/K95120415?utm_source=f5support&utm_medium=RSS

NGINX Controller webserver vulnerability CVE-2020-5894 Security Advisory Security Advisory Description The NGINX Controller webserver does not invalidate the server-side session token after users ... More info: https://support.f5.com/csp/article/K13028514?utm_source=f5support&utm_medium=RSS

Our Threat Intelligence Team has been tracking a sudden uptick in attacks targeting Cross-Site Scripting(XSS) vulnerabilities that began on April 28, 2020 and increased over the next few days to approximately 30 times the normal volume we see in our attack data. The majority of these attacks appear to be caused by a single threat […] More info: https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-in-large-scale-attacks/

Today we are excited to release WP 2FA update 1.2. In just a month, our easy-to-use two-factor authentication (2FA) plugin has been downloaded more than 1,000 times. It received very good reception, and many of you sent us feedback. Thank you for that. The highlights of this update are support for WordPress multisite network, configurable […] More info: https://www.wpwhitesecurity.com/wp-2fa-1-2/

• Los ciberdelincuentes consiguieron hacerse con millones de credenciales al robar numerosas bases de datos.

Las autoridades policiales polacas y suizas, con el apoyo de Europol y Eurojust, han desmantelado InfinityBlack, un grupo de ciberdelincuentes que se dedicaba a distribuir credenciales de usuario robadas, crear y distribuir malware y herramientas de hacking, así como a cometer fraudes.

El pasado 29 de abril, la Policía Nacional de Polonia (Policja) registró seis lugares en cinco regiones del país y detuvo a cinco personas que formaban parte del grupo de cibercriminales InfinityBlack. La policía incautó equipos electrónicos, discos duros externos y carteras de hardware con criptografía, todos ellos con un valor de alrededor de 100.000 euros. Asimismo, la policía cerró dos plataformas con bases de datos que contenían más de 170 millones de entradas.

El grupo de hackers, organizado eficientemente en tres equipos definidos, creó plataformas en línea para vender credenciales de acceso de usuarios conocidas como 'combos'. Los desarrolladores crearon herramientas para comprobar la calidad de las bases de datos robadas, mientras que los encargados de probarlas analizaron la idoneidad de los datos de autorización. Tras ello, los responsables del proyecto distribuyeron las suscripciones contra los pagos con criptomonedas.

Europol (05/05/2020)