https://www.wpwhitesecurity.com/penetration-testing-for-wordpress-websites/WordPress powers a lot of websites on the Internet. So it’s no surprise that seasoned attackers and “script-kiddies” like to target WordPress websites. Whether you’re a webmaster, or a security professional, when tasked with assessing the security posture of a WordPress website, it tends to help to be aware of common security pitfalls attackers typically […]
More info:
https://www.wpwhitesecurity.com/penetration-testing-for-wordpress-websites/
Update March 19, 2020 The 2020 Pwn2Own contest has been wrapped up without successful exploitation of the VMware targets. We would like to thank ZDI for making remote participation possible and continuing the contest. Original Post We wanted to post a quick acknowledgement that VMware will be a part of the 2020 Pwn2Own Contest, this The post VMware and Pwn2Own Vancouver 2020 appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/03/vmware-and-pwn2own-vancouver-2020.html
Update March 19, 2020 The 2020 Pwn2Own contest has been finalized without successful exploitation of the VMware targets. We would like to thank ZDI for making remote participation possible and continuing the contest. Original Post We wanted to post a quick acknowledgement that VMware will be a part of the 2020 Pwn2Own Contest, this year The post VMware and Pwn2Own Vancouver 2020 appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/03/vmware-and-pwn2own-vancouver-2020.html
NGINX Controller vulnerability CVE-2020-5863 Security Advisory Security Advisory Description NGINX Controller allows a remote, unauthenticated attacker to create unprivileged user accounts. The ...
More info:
https://support.f5.com/csp/article/K14631834?utm_source=f5support&utm_medium=RSS
NGINX Controller vulnerability CVE-2020-5863 Security Advisory Security Advisory Description NGINX Controller allows a remote, unauthenticated attacker to create unprivileged user accounts. The ...
More info:
https://support.f5.com/csp/article/K14631834?utm_source=f5support&utm_medium=RSS
Project: Drupal coreVersion: 8.8.x-dev8.7.x-devDate: 2020-March-18Security risk: Moderately critical 13∕25 AC:Complex/A:User/CI:Some/II:Some/E:Proof/TD:DefaultVulnerability: Third-party libraryDescription: The Drupal project uses the third-party library CKEditor, which has released a security improvement that is needed to protect some Drupal configurations.Vulnerabilities are possible if Drupal is configured to use the WYSIWYG CKEditor for your sites users. An attacker that can create or
More info:
https://www.drupal.org/sa-core-2020-001
https://www.wordfence.com/blog/2020/03/severe-flaws-patched-in-responsive-ready-sites-importer-plugin/ On March 2nd, our Threat Intelligence team discovered several vulnerable endpoints in Responsive Ready Sites Importer, a WordPress plugin installed on over 40,000 sites. These flaws allowed any authenticated user, regardless of privilege level, the ability to execute various AJAX actions that could reset site data, inject malicious JavaScript in pages, modify theme customizer […]
More info:
https://www.wordfence.com/blog/2020/03/severe-flaws-patched-in-responsive-ready-sites-importer-plugin/
Greetings from VMware Security Response Center. Today, we would like to make you aware that the fix for CVE-2020-3950 in Fusion 11.5.2 is incomplete and addresses the issue partially. VMware security advisory VMSA-2020-0005 has been updated with instructions that complete the fix for Fusion 11.5.2. To remediate this issue completely, these instructions need to be The post Fusion 11.5.2 Incomplete Fix – CVE-2020-3950 appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/03/fusion-11-5-2-incomplete-fix-cve-2020-3950.html
- Para hacer frente a la epidemia de coronavirus, se están generalizando el trabajo no presencial y el canal digital. En este escenario, muchos usuarios no habituados a trabajar en remoto tienen que adaptar sus hábitos de trabajo, incluyendo la aplicación de pautas de ciberseguridad.
Interesa la protección frente a ciberdelincuentes que puedan intentar realizar campañas de “phishing” en las que, haciéndose pasar por personal de la organización, en especial de atención a usuarios, pretendan obtener credenciales de acceso a los sistemas.
También interesan pautas o recomendaciones de protección que los usuarios pueden aplicar en el uso de sus ordenadores, dispositivos móviles, correo electrónico, redes sociales, almacenamiento en la nube, y cómo actuar en caso de un posible incidente.
Los siguientes recursos facilitan orientación ágil para usuarios:
Más información:
PAE - Portal administración electrónica (16/03/2020)
Intel processors vulnerability CVE-2019-14607 Security Advisory Security Advisory Description Improper conditions check in multiple Intel® Processors may allow an authenticated user to potentially ...
More info:
https://support.f5.com/csp/article/K29100014?utm_source=f5support&utm_medium=RSS
