Security Alerts & News
by Tymoteusz A. Góral

History
#2043 Severe SQL injection flaw discovered in WordPress plugin (NextGEN Gallery) with over 1M installs
A WordPress plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website's database.

The vulnerable plugin's name is NextGEN Gallery, a plugin so successful that it has its own set of plugins itself.

Two configuration options for NextGEN Gallery plugin installations open WordPress sites to attacks.
Read more
#2049 New RaaS portal preparing to spread Unlock26 ransomware
#2048 Creepy IoT teddy bear leaks >2 million parents’ and kids’ voice messages
#2047 Google open-sources Chrome extension to make PGP encryption easier in Gmail
#2046 Shamoon (malware): Multi-staged destructive attacks limited to specific targets
#2045 More on bluetooth ingenico overlay skimmers
#2044 Google reports “high-severity” bug in Edge/IE, no patch available
#2043 Severe SQL injection flaw discovered in WordPress plugin (NextGEN Gallery) with over 1M installs
#2042 Siemens RUGGEDCOM NMS equipment vulnerable to CSRF, XSS
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12