Month: noviembre 2020

• La Europol ha trabajado en colaboración con las autoridades de Alemania, Francia, Mónaco, los Países Bajos y Suiza para acabar con un grupo de delincuencia organizada involucrado en delitos contra la propiedad intelectual.

Una operación conjunta entre las autoridades de Alemania, Francia, Mónaco, los Países Bajos y Suiza, en colaboración con la Europol, ha conseguido acabar con un grupo de delincuencia organizada involucrado en delitos contra la propiedad intelectual.

Tras esta operación, en la que los agentes llevaron a cabo nueve registros domiciliarios en todos los países involucrados, arrestaron a tres sospechosos y se incautaron de ocho cuentas bancarias en Suiza. Además, la policía de este país bloqueó el sitio web que distribuía ilegalmente el contenido multimedia.

Esta investigación se inició a raíz de las denuncias presentadas ante las autoridades suizas contra una empresa de dicho país que vendió un reproductor multimedia con más de 82.000 películas y series de televisión. La empresa utilizaba el sitio web que ya ha sido cerrado para compartir el contenido. Según la investigación, se llegaron a vender alrededor de 20.000 reproductores.

Europol (11/11/2020)

 

On October 23, 2020, our Threat Intelligence team responsibly disclosed several vulnerabilities in Ultimate Member, a WordPress plugin installed on over 100,000 sites. These flaws made it possible for attackers to escalate their privileges to those of an administrator and take over a WordPress site. We initially reached out to the plugin’s developer on October […] More info: https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/

WordPress 5.5 “Eckstine” is the second major release for WordPress this year, and it’s jam-packed with exciting features and functionality—it’s also now the current default version of WordPress for all new sites built on WP Engine’s managed WordPress platform. If you’re a current WP Engine customer and you’re unsure which version of WordPress you’re running,… […] More info: https://wpengine.com/blog/wordpress-5-5-now-default-for-new-wp-engine-sites/

A hosting provider exposed over 63 million customer records via an open elastic search database containing verbose logs with plain-text username/password credentials for numerous WordPress, Magento and other sites. We also talk about the security updates in WordPress 5.5.2/5.5.3 and the accidental 5.5.3-alpha autoupdate. We talk about object injection vulnerabilities like the one discovered in […] More info: https://www.wordfence.com/blog/2020/11/episode-94-hosting-provider-exposed-63-million-customer-records/

Update November 08, 2020 Tianfu Cup International PWN Contest 2020 has been wrapped up with no attempts on our products on Day 2. We would like to thank Tianfu Cup organizers for making remote participation possible and continuing the contest. Update November 07, 2020 Day 1 attempts are over for our products at the Tianfu Cup The post VMware and Tianfu Cup 2020 appeared first on Security & Compliance Blog. More info: https://blogs.vmware.com/security/2020/11/vmware-and-tianfu-cup-2020.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-and-tianfu-cup-2020

Update November 08, 2020 Tianfu Cup International PWN Contest 2020 has been wrapped up with no attempts on our products on Day 2. We would like to thank Tianfu Cup organizers for making remote participation possible and continuing the contest. Update November 07, 2020 Day 1 attempts are over for our products at the Tianfu Cup The post VMware and Tianfu Cup 2020 appeared first on Security & Compliance Blog. More info: https://blogs.vmware.com/security/2020/11/vmware-and-tianfu-cup-2020.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-and-tianfu-cup-2020

Update November 07, 2020 Day 1 attempts are over for our products at the Tianfu Cup International PWN Contest 2020. 360 ESG Vulnerability Research Institute has succeeded with their attempt on VMware vSphere ESXi. We are currently investigating the issue after having received the details. We are actively working on its remediation and we plan on publishing The post VMware and Tianfu Cup 2020 appeared first on Security & Compliance Blog. More info: https://blogs.vmware.com/security/2020/11/vmware-and-tianfu-cup-2020.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-and-tianfu-cup-2020

Update November 07, 2020 Day 1 attempts are over for our products at the Tianfu Cup International PWN Contest 2020. 360 ESG Vulnerability Research Institute has succeeded with their attempt on VMware vSphere ESXi. We are currently investigating the issue after having received the details. We are actively working on its remediation and we plan on publishing The post VMware and Tianfu Cup 2020 appeared first on Security & Compliance Blog. More info: https://blogs.vmware.com/security/2020/11/vmware-and-tianfu-cup-2020.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-and-tianfu-cup-2020

Greetings from VMware Security Response Center ! We wanted to post a quick acknowledgement that VMware will be a part of the Tianfu Cup International PWN Contest 2020, this year from our home offices in Palo Alto and Bangalore to review any vulnerabilities that may be demonstrated during the contest. We would like to thank The post VMware and Tianfu Cup 2020 appeared first on Security & Compliance Blog. More info: https://blogs.vmware.com/security/2020/11/vmware-and-tianfu-cup-2020.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-and-tianfu-cup-2020

On October 6, 2020, our Threat Intelligence team discovered a High-Severity Object Injection vulnerability in Welcart e-Commerce, a WordPress plugin with over 20,000 installations that claims top market share in Japan. After we finished our investigation, we contacted the plugin’s publisher, Collne Inc. on October 9, 2020. Full disclosure was sent on October 12, 2020, […] More info: https://www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin/