- Los ciberdelincuentes consiguieron hacerse con millones de credenciales al robar numerosas bases de datos.
Las autoridades policiales polacas y suizas, con el apoyo de Europol y Eurojust, han desmantelado InfinityBlack, un grupo de ciberdelincuentes que se dedicaba a distribuir credenciales de usuario robadas, crear y distribuir malware y herramientas de hacking, así como a cometer fraudes.
El pasado 29 de abril, la Policía Nacional de Polonia (Policja) registró seis lugares en cinco regiones del país y detuvo a cinco personas que formaban parte del grupo de cibercriminales InfinityBlack. La policía incautó equipos electrónicos, discos duros externos y carteras de hardware con criptografía, todos ellos con un valor de alrededor de 100.000 euros. Asimismo, la policía cerró dos plataformas con bases de datos que contenían más de 170 millones de entradas.
El grupo de hackers, organizado eficientemente en tres equipos definidos, creó plataformas en línea para vender credenciales de acceso de usuarios conocidas como 'combos'. Los desarrolladores crearon herramientas para comprobar la calidad de las bases de datos robadas, mientras que los encargados de probarlas analizaron la idoneidad de los datos de autorización. Tras ello, los responsables del proyecto distribuyeron las suscripciones contra los pagos con criptomonedas.
Europol (05/05/2020)
The Wordfence Threat Intelligence team unpacked the security updates in WordPress 5.4.1, and they published quite a few blog posts about vulnerabilities in popular plugins like Ninja Forms, LearnPress, and the Real-Time Find and Replace plugin. These plugin vulnerabilities affected over one million WordPress sites. As a few of these were Cross Site Request Forgery […]
More info:
https://www.wordfence.com/blog/2020/05/episode-75-the-wordpress-5-4-1-security-release-more-plugin-vulnerabilities/
The Wordfence Threat Intelligence team unpacked the security updates in WordPress 5.4.1, and they published quite a few blog posts about vulnerabilities in popular plugins like Ninja Forms, LearnPress, and the Real-Time Find and Replace plugin. These plugin vulnerabilities affected over one million WordPress sites. As a few of these were Cross Site Request Forgery […]
More info:
https://www.wordfence.com/blog/2020/05/episode-75-the-wordpress-5-4-1-security-release-more-plugin-vulnerabilities/
Infinispan vulnerability CVE-2019-10174 Security Advisory Security Advisory Description A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ...
More info:
https://support.f5.com/csp/article/K84408873?utm_source=f5support&utm_medium=RSS
New WordPress plugin and theme vulnerabilities were disclosed during the second half of April, so we want to keep you aware. In this post, we cover recent WordPress plugin, theme and core vulnerabilities and what to do if you are running one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup […]
More info:
https://ithemes.com/wordpress-vulnerability-roundup-april-2020-part-2/
WordPress 5.4.1 is now available! This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.4.1 is a short-cycle security and maintenance release. The next […]
More info:
https://wordpress.org/news/2020/04/wordpress-5-4-1/
WordPress Core version 5.4.1 has just been released. Since this release is marked as a combined security and bug fix update, we recommend updating as soon as possible. With that said, most of the security fixes themselves are for vulnerabilities that appear to require specific circumstances to exploit. All in all this release contains 7 […]
More info:
https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
After the introduction of GDPR back in 2018, there’s now another law that’s set to further effect WordPress webmasters in their bid to remain compliant with local data privacy regulations. Its name? The California Consumer Protection Act (or CCPA for short). This new piece of legislation is designed to provide Californians with enhanced protection with regard to […]
More info:
https://www.wpwhitesecurity.com/make-wordpress-website-ccpa-compliant/
After many months of discussion on the mozilla.dev.security.policy mailing list, our Root Store Policy governing Certificate Authorities (CAs) that are trusted in Mozilla products has been updated. Version 2.7 has … Read moreThe post Announcing Version 2.7 of the Mozilla Root Store Policy appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2019/12/11/announcing-version-2-7-of-the-mozilla-root-store-policy/
Privacy is a human right, and is core to Mozilla’s mission. However many companies on the web erode privacy when they collect a significant amount of personal information. Companies record … Read moreThe post Firefox 72 blocks third-party fingerprinting resources appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2020/01/07/firefox-72-fingerprinting/
