Project: Drupal coreDate: 2020-June-17Security risk: Critical 15∕25 AC:Complex/A:None/CI:Some/II:Some/E:Theoretical/TD:AllVulnerability: Cross Site Request ForgeryCVE IDs: CVE-2020-13663Description: The Drupal core Form API does not properly handle certain form input from cross-site requests, which can lead to other vulnerabilities.Solution: If you are using Drupal 7.x, upgrade to Drupal 7.72.If you are using Drupal 8.8.x, upgrade to Drupal 8.8.8.If you are using Drupal 8.9.x, upgrade to
More info:
https://www.drupal.org/sa-core-2020-004
Project: Drupal coreDate: 2020-June-17Security risk: Critical 17∕25 AC:Complex/A:None/CI:All/II:All/E:Theoretical/TD:UncommonVulnerability: Arbitrary PHP code executionCVE IDs: CVE-2020-13664Description: Drupal 8 and 9 have a remote code execution vulnerability under certain circumstances.An attacker could trick an administrator into visiting a malicious site that could result in creating a carefully named directory on the file system. With this directory in place, an attacker could
More info:
https://www.drupal.org/sa-core-2020-005
Project: Drupal coreDate: 2020-June-17Security risk: Less critical 8∕25 AC:Complex/A:User/CI:None/II:Some/E:Theoretical/TD:UncommonVulnerability: Access bypassCVE IDs: CVE-2020-13665 Description: JSON:API PATCH requests may bypass validation for certain fields.By default, JSON:API works in a read-only mode which makes it impossible to exploit the vulnerability. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable.Solution: Install the latest
More info:
https://www.drupal.org/sa-core-2020-006
libxml2 2.7.8 vulnerability CVE-2010-4494 Security Advisory Security Advisory Description Double free vulnerability in libxml2 2.7.8 and other versions, as used in Google Chrome before 8.0.552.215 ...
More info:
https://support.f5.com/csp/article/K51182024?utm_source=f5support&utm_medium=RSS
OpenSSH vulnerability CVE-2004-1653 Security Advisory Security Advisory Description The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users ...
More info:
https://support.f5.com/csp/article/K40663742?utm_source=f5support&utm_medium=RSS
If you need to change your WordPress password, you might be panicking. You’ve lost access to your site and you don’t know how to get in again. Try a free demo Help! Typically this occurs when someone simply forgets their WordPress password, they don’t have access to their email for a standard password reset, or […]
More info:
https://kinsta.com/blog/change-wordpress-password/
Intel CPU vulnerabilities CVE-2020-0528, CVE-2020-0529 Security Advisory Security Advisory Description CVE-2020-0528 Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th ...
More info:
https://support.f5.com/csp/article/K41774512?utm_source=f5support&utm_medium=RSS
This week, we look at the WP 5.4.2 release and a ransomware bitcoin scam targeting site owners with a “You’ve Been Hacked” email. We also look at an FBI warning about online banking app malware, the Verizon data breach report and what is says about WordPress, and how some white hat hackers are becoming millionaires […]
More info:
https://www.wordfence.com/blog/2020/06/episode-77-wordpress-5-4-2-released-fake-ransomware-bitcoin-scams/
WordPress Core version 5.4.2 has just been released. Since this release is marked as a combined security and bug fix update, we recommend updating as soon as possible. With that said, most of the security fixes themselves are for vulnerabilities that would require specific circumstances to exploit. All in all this release contains 6 security […]
More info:
https://www.wordfence.com/blog/2020/06/wordpress-5-4-2-patches-multiple-xss-vulnerabilities/
WordPress security is not unlike many other areas of IT security. It’s not a one time fix. It is something that is never actually finished. Whilst there are several steps you can take to improve your WordPress security, your site and business requirements will change. So adopting a point-in-time security assessment will only give you […]
More info:
https://www.wpwhitesecurity.com/wordpress-security-process-test-harden-monitor-improve/
