Security Alerts & News
by Tymoteusz A. Góral

History
#735 WordPress patches SOME, XSS flaws in version 4.5.2
WordPress vulnerabilities continue to be a magnet for hackers laden with exploit kits, and as recently as February, crippling ransomware attacks. As a result,

WordPress has already released three security updates this year, the latest for the content management system coming last Friday, bringing current users to version 4.5.2. WordPress also in April turned on free encryption for custom domains hosted on the platform.

The latest update is a security release affecting all versions including 4.5.1.

In an advisory published late last week, WordPress said the Plupload third-party file-upload library was plagued by a SOME vulnerability. SOME flaws are Same Origin Method Execution bugs where JSON callbacks are abused and lead to similar problems as cross-site scripting attacks. Researcher Ben Hayak presented on SOME flaws at Black Hat Europe two years ago and he provides some technical details in a blog post.
Read more
#735 WordPress patches SOME, XSS flaws in version 4.5.2
#734 NCA's bid to get Lauri Love US hack case passwords thrown out
#733 Locky ransomware gets clever!
#732 This unusual botnet targets scientists, engineers and academics
#731 FTC orders Apple, Google, Microsoft, Blackberry, Samsung to divulge mobile security practices
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12