Day: 15 diciembre, 2020

Multiple QEMU vulnerabilities Security Advisory Security Advisory Description CVE-2020-25742 pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_ ... More info: https://support.f5.com/csp/article/K82008830?utm_source=f5support&utm_medium=RSS

Eclipse Jetty vulnerability CVE-2019-10241 Security Advisory Security Advisory Description In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is ... More info: https://support.f5.com/csp/article/K01869532?utm_source=f5support&utm_medium=RSS

Launching a free plugin to disable the new Application Passwords feature introduced in WordPress version 5.6. The plugin is one line of code. Install and activate to completely disable all of the Application Passwords functionality. To re-enable all Application Passwords, simply deactivate/uninstall the plugin. Easy peasy. Download I literally just submitted this plugin to the […] More info: https://perishablepress.com/wordpress-disable-application-passwords/

On November 4, 2020, the Wordfence Threat Intelligence team found two reflected Cross-Site Scripting (XSS) vulnerabilities in PageLayer, a WordPress plugin installed on over 200,000 sites. These vulnerabilities could lead to an attacker executing malicious Javascript in an administrator’s browser, which could lead to takeover of a vulnerable WordPress site. We contacted the plugin’s publisher, […] More info: https://www.wordfence.com/blog/2020/12/reflected-xss-in-pagelayer-plugin-affects-over-200000-wordpress-sites/

Since April, our team has been tracking the spread of a PHP malware dropper. It’s impacting unsuspecting victims who thought they were downloading a mapping software to monitor the spread of the COVID-19 pandemic. While the attack is likely spread through a variety of vectors, we have verified that bad actors are using other compromised […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/j3lgVy_SQvk/malware-dropper-takes-advantage-of-covid-19-pandemic.html

WordPress 5.6 was released this week with a new feature called application passwords. In this episode we talk about how application passwords work, where to find them in your WordPress installation, and why Wordfence decided to turn these off by default in version 7.4.14. We also talk about a new Magecart attack that places card […] More info: https://www.wordfence.com/blog/2020/12/episode-98-how-application-passwords-work-in-wordpress-5-6/