Security Alerts & News
by Tymoteusz A. Góral

History
#1438 WordPress update eesolves XSS, path traversal vulnerabilities
WordPress is strongly encouraging users of the content management system to update to the most recent version, 4.6.1, released on Wednesday.

The update addresses two separate security issues, a cross-site scripting vulnerability and a path traversal vulnerability.

The XSS vulnerability, discovered by Cengiz Han Sahin, co-founder of Dutch software security firm Securify, could be executed via image filename.
#1437 Israeli online attack service ‘vDOS’ earned $600,000 in two years
vDOS — a “booter” service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock Web sites offline — has been massively hacked, spilling secrets about tens of thousands of paying customers and their targets.

The vDOS database, obtained by KrebsOnSecurity.com at the end of July 2016, points to two young men in Israel as the principal owners and masterminds of the attack service, with support services coming from several young hackers in the United States.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12