Security Alerts & News
by Tymoteusz A. Góral

History
#1127 Serious flaw fixed in widely used WordPress plug-in
If you're running a WordPress website and you have the hugely popular All in One SEO Pack plug-in installed, it's a good idea to update it as soon as possible. The latest version released Friday fixes a flaw that could be used to hijack the site's admin account.

The vulnerability is in the plug-in's Bot Blocker functionality and can be exploited remotely by sending HTTP requests with specifically crafted headers to the website.

The Bot Blocker feature is designed to detect and block spam bots based on their user agent and referer header values, according to security researcher David Vaartjes, who found and reported the issue.
Read more
#1134 Little Snitch bug leaves some Mac systems open to attack
#1133 Ranscam ransomware deletes victims’ files outright
#1132 xDedic hacked server market resurfaces on Tor domain
#1131 Adobe patches 52 vulnerabilities in Flash Player
#1130 Ransomware 'stopped' by new software
#1129 Billion-dollar scams: The numbers behind BEC fraud
#1128 Now it’s easy to see if leaked passwords work on other sites
#1127 Serious flaw fixed in widely used WordPress plug-in
#1126 How to hack mobile devices using YouTube videos
#1125 BMW Core Web Portal & ConnectedDrive - exploitation of car configurations
#1124 MIT researchers devise new anonymity network following Tor bug
#1123 Google to train 2 million Indian Android developers
#1122 Jigsaw ransomware decrypted, again
#1121 Cisco unveils three DNA network security technologies
#1120 Cisco bolsters cloud security offering with new solutions
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12