Highly critical Drupal code security alert

Drupal Notice

The Drupal team have published a highly critical update to the Drupal core which they say plugs a vulnerability that “potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.” The vulnerability is within multiple subsystems of Drupal 7.x and 8.x and is severe …

Read moreHighly critical Drupal code security alert

WordPress 4.9.2 security release & YITH Wishlist vulnerability

wordpress

On January 16th WordPress released a security update to patch a vulnerability in the latest version of WordPress. According to the release notes (the update fixes a number of bugs too), “an XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no …

Read moreWordPress 4.9.2 security release & YITH Wishlist vulnerability

Meltdown and Spectre chip vulnerability

privacy regulations

There’s been a lot of coverage of the recently announced chipset vulnerability that’s been found in major suppliers of computer chips (e.g. Intel, AMD). The vulnerability, if exploited, could allow hackers to access areas of, otherwise normally, inaccessible memory which may be used for storing sensitive data, passwords, encryption keys, etc. There’s been a lot …

Read moreMeltdown and Spectre chip vulnerability

WordPress patches 4 new security issues

wordpress

All versions of WordPress 3.7 onwards have been patched to fix four new security vulnerabilities. As reported in the security and maintenance release notes for v4.9.1, the following fixes have been implemented in the latest security release: Use a properly generated hash for the newbloguser key instead of a determinate substring. Add escaping to the …

Read moreWordPress patches 4 new security issues

Vulnerability found in popular WordPress SEO plugin Yoast

wordpress

This week, WordPress security plugin Wordfence, reported on security vulnerabilities in three WordPress plugins, including one in the very popular SEO plugin, Yoast SEO. If you use Yoast SEO on your WordPress site and haven’t upgraded to version 5.8.0 you are advised to do so immediately. If you’re running Wordfence then you’re already protected, but …

Read moreVulnerability found in popular WordPress SEO plugin Yoast

Drupal Security Release (8.3.7)

Drupal Notice

Web hosting platform, Drupal, have issued a maintenance release of their software that patches a number of security fixes. Users are urged to upgrade to the latest version, 8.3.7 as soon as possible. The release patches a number of security vulnerabilities: Views – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6923 REST API can …

Read moreDrupal Security Release (8.3.7)

Wordfence reports increase in TrafficTrade malware infection caused by theme

wordpress

WordPress security experts, Wordfence, are reporting a “significant increase in the number of WordPress websites hit by an infection [they’re] calling TrafficTrade.” Wordfence says there seems to be two routes to infection. A small number caused by a redundant searchreplacedb2.php script (which they reported as an issue a few weeks back). The bulk of infections though, are …

Read moreWordfence reports increase in TrafficTrade malware infection caused by theme