Security Alerts & News
by Tymoteusz A. Góral

History
#1925 WordPress 4.7.2 update fixes XSS, SQL injection bugs
Developers with WordPress fixed three security issues this week, including a cross-site scripting and a SQL injection vulnerability, with the latest version of the CMS.

The update, 4.7.2, was pushed Thursday, only two weeks after developers released the previous version.

Aaron Campbell, a WordPress core contributor, announced the update – a security release – on WordPress’ blog.

One of the issues, the SQL injection, affected WordPress’ WP_Query, a class used to access variables, checks and functions coded into the WordPress core. Mohammad Jangda, a web developer at Automattic – WordPress’ parent company – discovered the class is vulnerable when passing unsafe data. While the issue didn’t affect the WordPress core, Campbell writes that WordPress added hardening to prevent plugins and themes from causing further vulnerabilities.
Read more
#1929 Exploiting a misused C++ shared pointer on Windows 10
#1928 PayPal users targeted in sophisticated new phishing campaign
#1927 Netflix scam delivers ransomware
#1926 SMS-exploitable bug in Samsung Galaxy phones can be used for ransomware attacks
#1925 WordPress 4.7.2 update fixes XSS, SQL injection bugs
#1924 Cisco warns of critical flaw in teleconferencing gear
#1923 Majority of Android VPNs can’t be trusted to make users more secure
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12