On April 8, 2021, the Wordfence Threat Intelligence team initiated the responsible disclosure process for several vulnerabilities discovered in Simple 301 Redirects by BetterLinks, a WordPress plugin installed on over 300,000 sites. One of these flaws made it possible for unauthenticated users to update redirects for the site allowing an attacker to redirect all site […]
More info:
https://www.wordfence.com/blog/2021/05/severe-vulnerabilities-patched-in-simple-301-redirects-by-betterlinks-plugin/
Vulnerable plugins and themes are the #1 reason WordPress websites get hacked. The weekly WordPress Vulnerability Report powered by WPScan covers recent WordPress plugin, theme, and core vulnerabilities, and what to do if you run one of the vulnerable plugins or themes on your website. Each vulnerability will have a severity rating of Low, Medium, High, or Critical. Responsible disclosure and […]
More info:
https://ithemes.com/wordpress-vulnerability-report-may-2021-part-4/
One of the most frustrating and stressful situations you could ever run into as a WordPress site owner is finding out that your site has been hacked. One minute your site is humming along, bringing in traffic and, hopefully, revenue. And then, next thing you know, you discover something is very wrong with your WordPress […]
More info:
https://ithemes.com/why-wordpress-sites-get-hacked/
Exporting WordPress database is a fairly complex process which if not followed correctly can lead to grave consequences such as broken websites. However, there may be times when you are required to export your database to load it onto another site, or you may want to download the database offsite to keep it safe in […]
More info:
https://blogvault.net/export-wordpress-database/
Today marks the 18th anniversary of WordPress’ launch, a day that I fondly refer to as WordPress’ birthday, which means WordPress is 6,575 days old. To celebrate another turn around the sun, the community has had parties, we have shared data, and we have told our story. Since our last birthday we developed our 40th […]
More info:
https://wordpress.org/news/2021/05/wordpress-at-18/
Project: Drupal coreDate: 2021-May-26Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross Site ScriptingDescription: Drupal core uses the third-party CKEditor library. This library has an error in parsing HTML that could lead to an XSS attack. CKEditor 4.16.1 and later include the fix.Users of the CKEditor library via means other than Drupal core should update their 3rd party code (e.g. the WYSIWYG module for Drupal 7). The
More info:
https://www.drupal.org/sa-core-2021-003
Project: Drupal coreDate: 2021-May-26Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross Site ScriptingDescription: Drupal core uses the third-party CKEditor library. This library has an error in parsing HTML that could lead to an XSS attack. CKEditor 4.16.1 and later include the fix.Users of the CKEditor library via means other than Drupal core should update their 3rd party code (e.g. the WYSIWYG module for Drupal 7). The
More info:
https://www.drupal.org/sa-core-2021-003
Project: Drupal coreDate: 2021-May-26Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Cross Site ScriptingDescription: Drupal core uses the third-party CKEditor library. This library has an error in parsing HTML that could lead to an XSS attack. Solution: Install the latest version:If you are using Drupal 9.1, update to Drupal 9.1.9.If you are using Drupal 9.0, update to Drupal 9.0.14.If you are using Drupal 8.9, update to Drupal
More info:
https://www.drupal.org/sa-core-2021-003
Federal government agencies are facing a cyber insurgency. The past year underscored the systemic vulnerability of our government. Security teams are facing increasingly sophisticated attacks – and they’re doing so in a remote work environment. In parallel with this, organizations are accelerating cloud adoption which expands the threat surface for cybercrime cartels and nation-state The post Achieving Cyber Vigilance with Zero Trust appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2021/05/achieving-cyber-vigilance-with-zero-trust.html?utm_source=rss&utm_medium=rss&utm_campaign=achieving-cyber-vigilance-with-zero-trust
Federal government agencies are facing a cyber insurgency. The past year underscored the systemic vulnerability of our government. Security teams are facing increasingly sophisticated attacks – and they’re doing so in a remote work environment. In parallel with this, organizations are accelerating cloud adoption which expands the threat surface for cybercrime cartels and nation-state The post Achieving Cyber Vigilance with Zero Trust appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2021/05/achieving-cyber-vigilance-with-zero-trust.html?utm_source=rss&utm_medium=rss&utm_campaign=achieving-cyber-vigilance-with-zero-trust
