We’ve seen a wider variety of PHP web shells being used by attackers this year — including a number of shells that have been significantly updated in an attempt to “improve” them. Depending on the scope of changes and feature enhancements that are added to an existing web shell’s source code, these updates can be […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/ff9X45xiG1E/alfa-team-shell-v4-1-tesla-a-feature-update-analysis.html
During malware analysis, we regularly find variations of this injected script on various compromised websites: . The variable “_0x446d” assigns hex encoded strings in different positions in the array. If we get the ASCII representation of the variable, we’ll end up with the following code: var
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/If9Fxso5KQM/legacy-mauthtoken-malware-continues-to-redirect-mobile-users.html
Today we are happy to announce update 1.6 of the Activity Log for MainWP, the extension that keeps a log of what happens on your MainWP dashboard and also allows you to see all the child sites’ activity logs in the MainWP dashboard. In this update we are introducing a new feature that allows you […]
More info:
https://wpactivitylog.com/activity-log-mainwp-1-6/
The third and last (but not least) plugin update for the day is Activity Log for WooCommerce 1.2, the WP Activity Log plugin extension for WooCommerce store owners who want to keep a log of what is happening in their store (refer to the activity log for WooCommerce for more detailed information on this extension). […]
More info:
https://wpactivitylog.com/woocommerce-extension-1-2/
Today we are excited to announce the release of three plugin updates: WP Activity Log 4.1.5 Activity Log for MainWP 1.6 Activity Log for WooCommerce extension update 1.2 We have to release these three updates at the same time because of a number of new features and changes that we have done in all plugins. […]
More info:
https://wpactivitylog.com/wsal-4-1-5/
by Michael Hawkins. The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk.Severity/Risk:SeriousVersions affected:3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versionsVersions fixed:3.9.2, 3.8.5, 3.7.8 and 3.5.14Reported by:Luuk VerhoevenCVE identifier:CVE-2020-25628Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69340Tracker issue:MDL-69340 Reflected XSS in tag manager
More info:
https://moodle.org/mod/forum/discuss.php?d=410840&parent=1657002
This summer, MalwareBytes researcher Jérôme Segura wrote an article about how criminals use image files (.ico) to hide JavaScript credit card stealers on compromised e-commerce sites. In a tweet, Affable Kraut also reported another similar obfuscation technique using .ico files to conceal JavaScript skimmers. Just something I’ve noticed more recently with digital skimmers/#magecart. Obfuscated code […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/pelL3-1iX6Y/css-js-steganography-in-fake-flash-player-update-malware.html
In the Feature Spotlight posts, we will highlight a feature in the iThemes Security Pro plugin and share a bit about why we developed the feature, who the feature is for, and how to use the feature. Today we are going to cover WordPress Tweaks, a collection of tools to secure your WordPress website. Why You Should Use […]
More info:
https://ithemes.com/ithemes-security-pro-feature-spotlight-wordpress-tweaks/
October 2020 was a notable month for WordPress lovers, thanks to the release of several products and updates. Read on to keep up with all the latest news! The 2020 WordPress Annual Survey is out The team published the 2020 WordPress Annual survey — to help those who build WordPress to understand more about our […]
More info:
https://wordpress.org/news/2020/11/the-month-in-wordpress-october-2020/
WordPress 5.6 Beta 3 is now available for testing! This software is still in development, so we recommend that you run this version on a test site. You can test the WordPress 5.6 beta in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge nightlies” option). Or download the beta here (zip). The current target for the […]
More info:
https://wordpress.org/news/2020/11/wordpress-5-6-beta-3/
