Blog

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&actp=RSS

On April 1, 2020, the Wordfence Threat Intelligence Team discovered two vulnerabilities in MapPress Maps for WordPress, a WordPress plugin with over 80,000 installations. One vulnerability that allowed stored Cross-Site Scripting (XSS) was present in both the free and pro versions of the plugin, while a far more critical vulnerability that allowed Remote Code Execution […] More info: https://www.wordfence.com/blog/2020/04/critical-vulnerabilities-patched-in-mappress-maps-plugin/

Stories this week about targeted attacks using 0days in iPhone and iPad devices and a sophisticated phone scam targeting a security professional that ended with a $9,800 wire transfer underscore what we all know: malicious attacks are becoming increasingly sophisticated. We give you some ideas how to stay safe. We also cover a recent plugin […] More info: https://www.wordfence.com/blog/2020/04/episode-74-staying-safe-when-hackers-use-sophisticated-attacks/

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&actp=RSS

More info: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11021&actp=RSS

by Michael Hawkins. X-Forwarded-For headers could be used to spoof a users IP, in order to bypass remote address checks.PATCH NOTE: For user IPs to be checked (and logged) accurately after this patch is applied, sites using multiple levels of reverse proxies/balancers that append to the X-Forwarded-For header will need to configure the new "reverseproxyignore" setting. This ensures the IPs of the later proxies are ignored in favour of the users IP. Severity/Risk: Serious Versions More info: https://moodle.org/mod/forum/discuss.php?d=398351&parent=1606855

by Michael Hawkins. X-Forwarded-For headers could be used to spoof a users IP, in order to bypass remote address checks.PATCH NOTE: For user IPs to be checked (and logged) accurately after this patch is applied, sites using multiple levels of reverse proxies/balancers that append to the X-Forwarded-For header will need to configure the new "reverseproxyignore" setting. This ensures the IPs of the later proxies are ignored in favour of the users IP. Severity/Risk: Serious Versions More info: https://moodle.org/mod/forum/discuss.php?d=398351&parent=1606855

Today we are releasing Password Policy Manager 2.2. The highlights of this update are the out of the box support for custom login pages and the plugin translations. We have also included a number of updates and fixed a number of issues in this update. These release notes highlight what is new, improved and fixed […] More info: https://www.wpwhitesecurity.com/ppmwp-2-2/

Today we are releasing Password Policy Manager 2.2. The highlights of this update are the out of the box support for custom login pages and the plugin translations. We have also included a number of updates and fixed a number of issues in this update. These release notes highlight what is new, improved and fixed […] More info: https://www.wpwhitesecurity.com/ppmwp-2-2/

BIG-IQ HA vulnerability CVE-2020-5869 Security Advisory Security Advisory Description BIG-IQ high availability (HA) synchronization is not secure by TLS and may allow on-path attackers to read / ... More info: https://support.f5.com/csp/article/K28855111?utm_source=f5support&utm_medium=RSS