A client recently reported their customers were receiving antivirus warnings when trying to access and purchase products from a Magento ecommerce website. This is almost always a telltale sign that something is amiss, and so I began my investigation. Malware in Database Tables As is pretty common with Magento credit card swiper investigations, my initial […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/V_d9v5EE4-s/bogus-css-injection-leads-to-stolen-credit-card-details.html
Ryan Dewhurst is an ethical hacker and penetration tester who has dedicated many years in helping people in the WordPress community improve the security posture of their websites and protect them from malicious attackers. Ryan is the founder of WPScan, a free, black box WordPress security scanner written for security professionals and blog maintainers to […]
More info:
https://www.wpwhitesecurity.com/interview-ryan-dewhurst-wordpress-vulnerabilities/
PostgreSQL vulnerabilities CVE-2020-25694, CVE-2020-25695 Security Advisory Security Advisory Description CVE-2020-25694 A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11 ...
More info:
https://support.f5.com/csp/article/K53632470?utm_source=f5support&utm_medium=RSS
QEMU buffer-overflow vulnerability CVE-2018-17962 Security Advisory Security Advisory Description Qemu has a Buffer Overflow in pcnet_receive in hw/net/pcnet.c because an incorrect integer data ...
More info:
https://support.f5.com/csp/article/K48641455?utm_source=f5support&utm_medium=RSS
OpenSSH vulnerability CVE-2019-6109 Security Advisory Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious ...
More info:
https://support.f5.com/csp/article/K12252011?utm_source=f5support&utm_medium=RSS
OpenSSH vulnerability CVE-2019-6109 Security Advisory Security Advisory Description An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious ...
More info:
https://support.f5.com/csp/article/K12252011?utm_source=f5support&utm_medium=RSS
QEMU vulnerability CVE-2019-15890 Security Advisory Security Advisory Description libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. (CVE-2019-15890) Impact
More info:
https://support.f5.com/csp/article/K75952001?utm_source=f5support&utm_medium=RSS
QEMU vulnerability CVE-2019-15890 Security Advisory Security Advisory Description libslirp 4.0.0, as used in QEMU 4.1.0, has a use-after-free in ip_reass in ip_input.c. (CVE-2019-15890) Impact
More info:
https://support.f5.com/csp/article/K75952001?utm_source=f5support&utm_medium=RSS
New WordPress plugin and theme vulnerabilities were disclosed during the second half of December. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress […]
More info:
https://ithemes.com/wordpress-vulnerability-roundup-december-2020-part-2/
The SolarWinds supply chain attack is all over the news, impacting government agencies, telecommunications firms, and other large organizations. The security firm FireEye was the first victim of the attack, disclosing that they had been hacked on December 8, 2020. On December 13th the US Treasury Department announced that it had also been compromised. At […]
More info:
https://www.wordfence.com/blog/2020/12/solarwinds-and-supply-chain-attacks-could-it-happen-to-wordpress/
