The Drupal team have published a highly critical update to the Drupal core which they say plugs a vulnerability that “potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.” The vulnerability is within multiple subsystems of Drupal 7.x and 8.x and is severe enough that patches have been released for some unsupported versions. If you’re running Drupal for your website you are strongly urged to upgrade or patch […]
On January 16th WordPress released a security update to patch a vulnerability in the latest version of WordPress. According to the release notes (the update fixes a number of bugs too), “an XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.” It is strongly recommended that you make sure your WordPress site is updated […]
There’s been a lot of coverage of the recently announced chipset vulnerability that’s been found in major suppliers of computer chips (e.g. Intel, AMD). The vulnerability, if exploited, could allow hackers to access areas of, otherwise normally, inaccessible memory which may be used for storing sensitive data, passwords, encryption keys, etc. There’s been a lot of press coverage of the vulnerabilities over the last couple of weeks, so this post doesn’t serve to repeat what’s been said elsewhere, but to […]
This week, WordPress security plugin Wordfence, reported on security vulnerabilities in three WordPress plugins, including one in the very popular SEO plugin, Yoast SEO. If you use Yoast SEO on your WordPress site and haven’t upgraded to version 5.8.0 you are advised to do so immediately. If you’re running Wordfence then you’re already protected, but should update Yoast anyway.
Web hosting platform, Drupal, have issued a maintenance release of their software that patches a number of security fixes. Users are urged to upgrade to the latest version, 8.3.7 as soon as possible. The release patches a number of security vulnerabilities: Views – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6923 REST API can bypass comment approval – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6924 Entity access bypass for entities that do not have UUIDs or […]
WordPress security experts, Wordfence, are reporting a “significant increase in the number of WordPress websites hit by an infection [they’re] calling TrafficTrade.” Wordfence says there seems to be two routes to infection. A small number caused by a redundant searchreplacedb2.php script (which they reported as an issue a few weeks back). The bulk of infections though, are being caused by a vulnerability in the Newspaper theme – this is a premium theme. You can find full details on the Wordfence blog. Your […]
You need to have been living on the moon these last few days not to have heard about the WannaCry ransomware attack that initially hit the NHS on Friday, but turned out to be a global issue rather than one specifically targeting the NHS or indeed the UK. There was even speculation that it was just the beginning of a wave of attacks and that Monday 15th was likely to be the next wave of issues as everyone got back […]
A new cyber-attack has made headline news this evening (Friday 12th May). The ransomware attack on the NHS has impacted a number of hospitals and doctors surgeries across England and Scotland, with reports that it’s part of a wider attack across the world. It’s not clear where the attack has originated from or who is responsible. Had it been UK only then one could speculate a government sponsored attack. This could still prove to be the case and I guess […]