Month: febrero 2021

OpenSSL vulnerability CVE-2021-23839 Security Advisory Security Advisory Description OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to ... More info: https://support.f5.com/csp/article/K61903372?utm_source=f5support&utm_medium=RSS

OpenSSL vulnerability CVE-2021-23840 Security Advisory Security Advisory Description Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in ... More info: https://support.f5.com/csp/article/K24624116?utm_source=f5support&utm_medium=RSS

Linux kernel vulnerability CVE-2020-25705 Security Advisory Security Advisory Description A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows ... More info: https://support.f5.com/csp/article/K09604370?utm_source=f5support&utm_medium=RSS

On January 20, 2021, our Threat Intelligence team responsibly disclosed four vulnerabilities in Ninja Forms, a WordPress plugin used by over one million sites. One of these flaws made it possible for attackers to redirect site administrators to arbitrary locations. The second flaw made it possible for attackers with subscriber level access or above to […] More info: https://www.wordfence.com/blog/2021/02/one-million-sites-affected-four-severe-vulnerabilities-patched-in-ninja-forms/

WordPress 5.7 Beta 3 is now available for testing! This software is still in development, so it’s not recommended to run this version on a production site. Consider setting up a test site to play with it. You can test the WordPress 5.7 Beta 3 in two ways: Install/activate the WordPress Beta Tester plugin (select the Bleeding […] More info: https://wordpress.org/news/2021/02/wordpress-5-7-beta-3/

Whether your WordPress website has been hacked and you’re currently in damage control, or whether you’re preparing for the worst, this article will guide you through the process of cleaning a hacked WordPress website. The process is documented in an easy to follow step-by-step format to help you accomplish the following: Gain back control of […] More info: https://www.wpwhitesecurity.com/clean-hacked-wordpress-website-blog/

Intel hardware vulnerabilities CVE-2020-8737 CVE-2020-12312 Security Advisory Security Advisory Description CVE-2020-8737 Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware ... More info: https://support.f5.com/csp/article/K20031768?utm_source=f5support&utm_medium=RSS

Intel hardware vulnerabilities CVE-2020-8737 CVE-2020-12312 Security Advisory Security Advisory Description CVE-2020-8737 Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware ... More info: https://support.f5.com/csp/article/K20031768?utm_source=f5support&utm_medium=RSS

This week, the Wordfence team discusses cryptography in depth, including the basics, a brief history, hashing, and the Crypto Wars. We also go over current news, including 2 new findings by the Wordfence Threat Intelligence team, a new milestone for WordPress, and a recent attack on a Florida Town’s water supply. Here are timestamps and […] More info: https://www.wordfence.com/blog/2021/02/episode-104-cryptography-demystified/

Realtime Blackhole Lists (RBLs) can be a great tool in your security arsenal. You may not know you’re using them, but all email providers and company email servers leverage these services to verify whether servers and IP addresses are sending spam or other abusive content against a known list of offenders. These services use a […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/1JyimLhEc7A/uceprotect-when-rbls-go-bad.html