Late Sunday night, on March 28, 2021, Nikita Popov, a core PHP committer, released a statement indicating that two malicious commits had been pushed to the php-src git repository. These commits were pushed to create a backdoor that would have effectively allowed attackers to achieve remote code execution through PHP and an HTTP header. Remote […]
More info:
https://www.wordfence.com/blog/2021/03/php-compromised-what-wordpress-users-need-to-know/
The official PHP git repository, http://git.php.net/, was compromised this Sunday, March 28. An attacker was able to modify the PHP source code twice and inject a backdoor into it. Thankfully, both attempts were quickly detected and removed by the PHP team. Per a statement released in PHP’s internal mailing list, the current investigation believes the […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/9GyiBNhWczQ/php-repository-exploited-by-hackers.html
New WordPress plugin and theme vulnerabilities were disclosed during the final week of March. This post covers the recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress […]
More info:
https://ithemes.com/wordpress-vulnerability-report-march-2021-part-4/
If you’re asking what is the best way to backup a WordPress website, then you’ve made a good start. That means you know backing up your WordPress website or blog is necessary. You just want to know which option works best for you. We’re here to help you answer the question. In this blog post, […]
More info:
https://www.wpwhitesecurity.com/wordpress-backup/
Multiple dnsmasq vulnerabilities CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686 Security Advisory Security Advisory Description CVE-2020-25684 A flaw was found in dnsmasq before version 2.83.
More info:
https://support.f5.com/csp/article/K98221124?utm_source=f5support&utm_medium=RSS
Multiple dnsmasq vulnerabilities CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686 Security Advisory Security Advisory Description CVE-2020-25684 A flaw was found in dnsmasq before version 2.83.
More info:
https://support.f5.com/csp/article/K98221124?utm_source=f5support&utm_medium=RSS
Multiple dnsmasq vulnerabilities Security Advisory Security Advisory Description CVE-2020-25681 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the ...
More info:
https://support.f5.com/csp/article/K02931614?utm_source=f5support&utm_medium=RSS
Multiple dnsmasq vulnerabilities Security Advisory Security Advisory Description CVE-2020-25681 A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the ...
More info:
https://support.f5.com/csp/article/K02931614?utm_source=f5support&utm_medium=RSS
Recently, VMware SVP of Security Product, Tom Corn was joined by Jason Rolleston, Chief Product Officer at Kenna Security, to discuss best practices for bridging the gap between information security and IT teams within the context of the new VMware Carbon Black Cloud Workload Protection product. Integral to this mission is finding a way to The post Q&A: Empowering IT and Security with Carbon Black and Kenna Security appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2021/03/qa-empowering-it-and-security-with-carbon-black-and-kenna-security.html?utm_source=rss&utm_medium=rss&utm_campaign=qa-empowering-it-and-security-with-carbon-black-and-kenna-security
Attackers continue to exploit recently patched vulnerabilities in Thrive Themes, though not all of them are successful. Two vulnerabilities are patched in the Facebook for WordPress plugin installed on over half a million sites. Google Chrome version 90 will use HTTPS by default, bringing significant improvements to speed and security. A ransomware insurance provider experiences […]
More info:
https://www.wordfence.com/blog/2021/03/episode-110-active-exploitation-continues-on-unpatched-thrive-themes/
