Greetings from VMware Security Response Center ! We wanted to post a quick acknowledgement that VMware will be a part of the Tianfu Cup International PWN Contest 2020, this year from our home offices in Palo Alto and Bangalore to review any vulnerabilities that may be demonstrated during the contest. We would like to thank The post VMware and Tianfu Cup 2020 appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/11/vmware-and-tianfu-cup-2020.html?utm_source=rss&utm_medium=rss&utm_campaign=vmware-and-tianfu-cup-2020
On October 6, 2020, our Threat Intelligence team discovered a High-Severity Object Injection vulnerability in Welcart e-Commerce, a WordPress plugin with over 20,000 installations that claims top market share in Japan. After we finished our investigation, we contacted the plugin’s publisher, Collne Inc. on October 9, 2020. Full disclosure was sent on October 12, 2020, […]
More info:
https://www.wordfence.com/blog/2020/11/object-injection-vulnerability-in-welcart-e-commerce-plugin/
We’ve seen a wider variety of PHP web shells being used by attackers this year — including a number of shells that have been significantly updated in an attempt to “improve” them. Depending on the scope of changes and feature enhancements that are added to an existing web shell’s source code, these updates can be […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/ff9X45xiG1E/alfa-team-shell-v4-1-tesla-a-feature-update-analysis.html
During malware analysis, we regularly find variations of this injected script on various compromised websites: . The variable “_0x446d” assigns hex encoded strings in different positions in the array. If we get the ASCII representation of the variable, we’ll end up with the following code: var
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/If9Fxso5KQM/legacy-mauthtoken-malware-continues-to-redirect-mobile-users.html
Today we are happy to announce update 1.6 of the Activity Log for MainWP, the extension that keeps a log of what happens on your MainWP dashboard and also allows you to see all the child sites’ activity logs in the MainWP dashboard. In this update we are introducing a new feature that allows you […]
More info:
https://wpactivitylog.com/activity-log-mainwp-1-6/
The third and last (but not least) plugin update for the day is Activity Log for WooCommerce 1.2, the WP Activity Log plugin extension for WooCommerce store owners who want to keep a log of what is happening in their store (refer to the activity log for WooCommerce for more detailed information on this extension). […]
More info:
https://wpactivitylog.com/woocommerce-extension-1-2/
Today we are excited to announce the release of three plugin updates: WP Activity Log 4.1.5 Activity Log for MainWP 1.6 Activity Log for WooCommerce extension update 1.2 We have to release these three updates at the same time because of a number of new features and changes that we have done in all plugins. […]
More info:
https://wpactivitylog.com/wsal-4-1-5/
by Michael Hawkins. The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk.Severity/Risk:SeriousVersions affected:3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versionsVersions fixed:3.9.2, 3.8.5, 3.7.8 and 3.5.14Reported by:Luuk VerhoevenCVE identifier:CVE-2020-25628Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69340Tracker issue:MDL-69340 Reflected XSS in tag manager
More info:
https://moodle.org/mod/forum/discuss.php?d=410840&parent=1657002
This summer, MalwareBytes researcher Jérôme Segura wrote an article about how criminals use image files (.ico) to hide JavaScript credit card stealers on compromised e-commerce sites. In a tweet, Affable Kraut also reported another similar obfuscation technique using .ico files to conceal JavaScript skimmers. Just something I’ve noticed more recently with digital skimmers/#magecart. Obfuscated code […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/pelL3-1iX6Y/css-js-steganography-in-fake-flash-player-update-malware.html
In the Feature Spotlight posts, we will highlight a feature in the iThemes Security Pro plugin and share a bit about why we developed the feature, who the feature is for, and how to use the feature. Today we are going to cover WordPress Tweaks, a collection of tools to secure your WordPress website. Why You Should Use […]
More info:
https://ithemes.com/ithemes-security-pro-feature-spotlight-wordpress-tweaks/
