Apache Tomcat vulnerability CVE-2019-17569 Security Advisory Security Advisory Description The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 ...
More info:
https://support.f5.com/csp/article/K66289873?utm_source=f5support&utm_medium=RSS
https://wordpress.org/news/2020/03/wordpress-5-4-release-candidate/The first release candidate for WordPress 5.4 is now available! This is an important milestone as we progress toward the WordPress 5.4 release date. “Release Candidate” means that the new version is ready for release, but with millions of users and thousands of plugins and themes, it’s possible something was missed. WordPress 5.4 is currently […]
More info:
https://wordpress.org/news/2020/03/wordpress-5-4-release-candidate/
https://www.wordfence.com/blog/2020/03/happening-now-over-2-percent-of-sites-using-a-lets-encrypt-tls-certificate-may-throw-security-warnings/ On Wednesday, March 4, 2020, 3 million Transport Layer Security (TLS) certificates issued by Let’s Encrypt will be revoked because of a Certificate Authority Authorization (CAA) bug. This is 2.6% of the over 116 million active certificates issued by Let’s Encrypt. Let’s Encrypt has contacted all certificate holders affected by this bug,
More info:
https://www.wordfence.com/blog/2020/03/happening-now-over-2-percent-of-sites-using-a-lets-encrypt-tls-certificate-may-throw-security-warnings/
Apache Tomcat vulnerability CVE-2020-1938 Security Advisory Security Advisory Description When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to ...
More info:
https://support.f5.com/csp/article/K53254186?utm_source=f5support&utm_medium=RSS
Subset of High-profile, Public, and Documented Cyberattacks Since the early 1970s, when the first computer virus was created, which spurred the creation of the first anti-virus program, malware and cyberattacks have evolved rapidly, leaving cybersecurity struggling to keep pace. Close to 50 years later, breaches show no sign of stopping as the attack surface continues The post History of Destructive Cyberattacks appeared first on Security & Compliance Blog.
More info:
https://blogs.vmware.com/security/2020/03/history-of-cyberattacks.html
LLDPD vulnerabilities CVE-2015-8011 and CVE-2015-8012 Security Advisory Security Advisory Description CVE-2015-8011 Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd ...
More info:
https://support.f5.com/csp/article/K06878231?utm_source=f5support&utm_medium=RSS
PHP vulnerability CVE-2020-7061 Security Advisory Security Advisory Description In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar ...
More info:
https://support.f5.com/csp/article/K01128223?utm_source=f5support&utm_medium=RSS
PHP vulnerability CVE-2020-7063 Security Advisory Security Advisory Description In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using ...
More info:
https://support.f5.com/csp/article/K31263502?utm_source=f5support&utm_medium=RSS
https://www.wordfence.com/blog/2020/02/episode-67-avoiding-common-vulnerabilities-when-developing-wordpress-plugins/ Almost every week, a new vulnerability is discovered in a popular WordPress plugin or theme, leaving developers scrambling to fix it before it’s widely exploited. Surprisingly, almost all critical vulnerabilities boil down to a few common mistakes. In this talk from WordCamp Phoenix, Ramuel Gall reviews these common errors and provides advice on creating […]
More info:
https://www.wordfence.com/blog/2020/02/episode-67-avoiding-common-vulnerabilities-when-developing-wordpress-plugins/
https://www.wordfence.com/blog/2020/02/episode-68-more-plugin-vulnerabilities-and-active-attack-campaigns/ This week, we review numerous plugin vulnerabilities in popular WordPress plugins and the attacks that are targeting them. We also review the Duplicator vulnerability affecting over 1 million sites, and Chloe Chamberland’s discovery of multiple vulnerabilities in the Pricing Table by Supsystic plugin. Some WordPress-focused companies, Elementor and Strattic, receive venture funding.
More info:
https://www.wordfence.com/blog/2020/02/episode-68-more-plugin-vulnerabilities-and-active-attack-campaigns/
