Friday, June 5, 2020
Home Uncategorized

Uncategorized

Thunderbolt Flaws, WordPress Plugin Vulnerabilities, Patriot Act Vote

In episode 121 for May 18th 2020: A new Thunderbolt flaw could let hackers steal your data in under five minutes, new vulnerabilities in a popular WordPress plugin, and details on why the US Senate just rejected a plan...

WordPress 5.4.1

WordPress 5.4.1 is now available! This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7...

WordPress 5.4 “Adderley”

Here it is! Named “Adderley” in honor of Nat Adderley, the latest and greatest version of WordPress is available for download or update in your dashboard. Say hello to more and better. More ways to make your pages come alive. With easier ways...

WordPress 5.4 RC5

The fifth release candidate for WordPress 5.4 is live! WordPress 5.4 is currently scheduled to land on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! You can test the WordPress 5.4 release...

WordPress 5.4 RC4

The fourth release candidate for WordPress 5.4 is live! WordPress 5.4 is currently scheduled to land on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! You can test the WordPress 5.4 release...

WordPress 5.4 RC3

The third release candidate for WordPress 5.4 is now available! WordPress 5.4 is currently scheduled to be released on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! There are two ways to...

WordPress 5.4 RC2

The second release candidate for WordPress 5.4 is now available! WordPress 5.4 is currently scheduled to be released on March 31 2020, and we need your help to get there—if you haven’t tried 5.4 yet, now is the time! There are two ways to...

Cisco IOS XR Software IPsec Packet Processor Denial of Service Vulnerability

A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected device. The vulnerability is due to improper handling...

Cisco IOS XR Software IPsec Packet Processor Denial of Service Vulnerability

A vulnerability in the IPsec packet processor of Cisco IOS XR Software could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition for IPsec sessions to an affected device. The vulnerability is due to improper handling...

WordPress 5.4 Release Candidate

The first release candidate for WordPress 5.4 is now available! This is an important milestone as we progress toward the WordPress 5.4 release date. “Release Candidate” means that the new version is ready for release, but with millions of users...

WordPress 5.4 Beta 3

WordPress 5.4 Beta 3 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. You can test the WordPress 5.4...

WordPress 5.4 Beta 2

WordPress 5.4 Beta 2 is now available! This software is still in development, so we don’t recommend running it on a production site. Consider setting up a test site to play with the new version. You can test WordPress 5.4 beta 2...

Equifax Hacked by China, Israeli Voter Registry Exposed, How the CIA Owned Encryption

In episode 108 for February 17th 2020: The US charges four Chinese military hackers in the Equifax data breach, how Israel’s entire voter registry was exposed, and details on the encryption provider that was secretly owned by the CIA...

WordPress 5.4 Beta 1

WordPress 5.4 Beta 1 is now available for testing! This software is still in development, so we don’t recommend running it on a production site. Consider setting up a test site to play with the new version. You can test the WordPress...

Off-Facebook Activity Tool, Ring App Third-Party Trackers, Wawa Credit Card Breach

In episode 106 for February 3rd 2020: What you need to know about Facebook’s new off-Facebook activity tool, details about the Ring Android app sending user data to third party trackers, and new developments in the Wawa credit card...

Cisco Smart Software Manager On-Prem Web Interface Denial of Service Vulnerability

A vulnerability in the application programming interface (API) of Cisco Smart Software Manager On-Prem could allow an unauthenticated, remote attacker to change user account information which can prevent users from logging in, resulting in a denial of service (DoS)...

SCSI libsas driver vulnerability CVE-2019-15807

SCSI libsas driver vulnerability CVE-2019-15807 Security Advisory Security Advisory Description In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when ...

WordPress 5.3.2 Maintenance Release

WordPress 5.3.2 is now available! This maintenance release features 5 fixes and enhancements. WordPress 5.3.2 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.2 by clicking the button at the top of this page,...

Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Code Execution Vulnerability

A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the...

Cisco WebEx Centers Username Enumeration Information Disclosure Vulnerability

A vulnerability in web interface of the Cisco Webex Event Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to guess account usernames. The vulnerability is due to missing CAPTCHA protection in certain...

FTC Slams Children’s App Developer for COPPA Violations

Children's app developer HyperBeard must pay $150,000 after the FTC claimed it violated privacy laws.
SecurityWeek

Business Services Provider Conduent Hit by Ransomware

Business process services provider Conduent has been the victim of a ransomware attack that appears to be the work of Maze operators. Formed in 2017 as a divestiture from Xerox and headquartered in New Jersey, the company offers digital platforms...
SC Magazine

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a...

Electrolux, Others Conned Out of Big Money by BEC Scammer

Kenenty Hwan Kim has pleaded guilty to swindling the appliance giant and other companies in a set of elaborate schemes.
The Register

Kind of goes without saying, but fix your admin passwords or risk getting borged by this brute-forcing botnet

Publishing platforms, hosts being targeted by Stealthworker malware Servers are being targeted with a malware attack that uses its infected hosts to brute-force other machines.…