We are pleased to announce that Firefox 87 will introduce a stricter, more privacy-preserving default Referrer Policy. From now on, by default, Firefox will trim path and query string … Read moreThe post Firefox 87 trims HTTP Referrers by default to protect user privacy appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/
We are pleased to announce that Firefox 87 will introduce a stricter, more privacy-preserving default Referrer Policy. From now on, by default, Firefox will trim path and query string … Read moreThe post Firefox 87 trims HTTP Referrers by default to protect user privacy appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2021/03/22/firefox-87-trims-http-referrers-by-default-to-protect-user-privacy/
One of the themes commonly highlighted on this blog includes the many creative methods and techniques attackers employ to steal data from compromised websites. Credit card skimmers, credential and password hijackers, SQL injections, and even malware on the server level can be used for data exfiltration. What’s more, attackers may be able to accomplish this […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/ToSI--EOfuM/server-side-data-exfiltration-via-telegram-api.html
One of the themes commonly highlighted on this blog includes the many creative methods and techniques attackers employ to steal data from compromised websites. Credit card skimmers, credential and password hijackers, SQL injections, and even malware on the server level can be used for data exfiltration. What’s more, attackers may be able to accomplish this […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/ToSI--EOfuM/server-side-data-exfiltration-via-telegram-api.html
An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16. We discuss the recently patched vulnerabilities in Elementor affecting over 7 million WordPress sites and how easily these cross-site scripting vulnerabilities can be exploited. We also talk about the SQL Injection vulnerabilities in Tutor LMS. The data center fire […]
More info:
https://www.wordfence.com/blog/2021/03/episode-109-this-attack-will-make-you-want-to-stop-using-sms-2fa/
An attack shows how a SMS enablement service was used to bypass SMS 2FA for $16. We discuss the recently patched vulnerabilities in Elementor affecting over 7 million WordPress sites and how easily these cross-site scripting vulnerabilities can be exploited. We also talk about the SQL Injection vulnerabilities in Tutor LMS. The data center fire […]
More info:
https://www.wordfence.com/blog/2021/03/episode-109-this-attack-will-make-you-want-to-stop-using-sms-2fa/
TMM vulnerability CVE-2021-23007 Security Advisory Security Advisory Description When the Traffic Management Microkernel (TMM) process handles certain undisclosed traffic, it may start dropping ...
More info:
https://support.f5.com/csp/article/K37451543?utm_source=f5support&utm_medium=RSS
Multiple grub2 vulnerabilities Security Advisory Security Advisory Description CVE-2020-14308 In grub2 versions before 2.06 the grub memory allocator doesnt check for possible arithmetic ...
More info:
https://support.f5.com/csp/article/K48187630?utm_source=f5support&utm_medium=RSS
On December 15, 2020, our Threat Intelligence team responsibly disclosed several vulnerabilities in Tutor LMS, a WordPress plugin installed on over 20,000 sites. The first five flaws made it possible for authenticated attackers to inject and execute arbitrary SQL statements on WordPress sites. This made it possible for attackers to obtain information stored in a […]
More info:
https://www.wordfence.com/blog/2021/03/several-vulnerabilities-patched-in-tutor-lms-plugin/
New WordPress plugin and theme vulnerabilities were disclosed during the third week of March. This report covers recent WordPress plugin, theme, and core vulnerabilities and what to do if you run one of the vulnerable plugins or themes on your website. The WordPress Vulnerability Roundup is divided into three different categories: WordPress core, WordPress plugins, […]
More info:
https://ithemes.com/wordpress-vulnerability-roundup-march-2021-part-2/
