Security Alert: WordPress 5.1.1 security release

WordPress security updates

As of March 12th 2019, WordPress 5.1.1 is available. This is a security and maintenance release meaning that it patches some security issues. Details of the vulnerabilities are limited in their release notes, but if you’re running a WordPress site you should check that your site is updated to the latest release to make sure …

Read moreSecurity Alert: WordPress 5.1.1 security release

New research shows 58% of adults worried about data and privacy online

data privacy security harm

The research, produced jointly by the Information Commissioner’s Office (ICO) and Ofcom, the telecoms regulator looked at various aspects of perceived harm online, with data and privacy being just one element of the research (other areas include risks from harmful content and children coming to harm online). The findings indicate that 58% of adults in …

Read moreNew research shows 58% of adults worried about data and privacy online

Highly critical Drupal code security alert

Drupal Notice

The Drupal team have published a highly critical update to the Drupal core which they say plugs a vulnerability that “potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.” The vulnerability is within multiple subsystems of Drupal 7.x and 8.x and is severe …

Read moreHighly critical Drupal code security alert

WordPress 4.9.2 security release & YITH Wishlist vulnerability

wordpress

On January 16th WordPress released a security update to patch a vulnerability in the latest version of WordPress. According to the release notes (the update fixes a number of bugs too), “an XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no …

Read moreWordPress 4.9.2 security release & YITH Wishlist vulnerability

WordPress patches 4 new security issues

wordpress

All versions of WordPress 3.7 onwards have been patched to fix four new security vulnerabilities. As reported in the security and maintenance release notes for v4.9.1, the following fixes have been implemented in the latest security release: Use a properly generated hash for the newbloguser key instead of a determinate substring. Add escaping to the …

Read moreWordPress patches 4 new security issues

WordPress 4.8.3 security release

wordpress

WordPress, the popular web platform, have today released a security update to some of its files to prevent an SQL injection vulnerability. According to the WordPress release post all prior versions of WordPress “are affected by an issue [which] can create unexpected and unsafe queries leading to potential SQL injection (SQLi).” The WordPress core doesn’t appear to …

Read moreWordPress 4.8.3 security release

Joomla! 3.8 patches 2 security issues

Online Security

Last week Joomla! released a new version, 3.8. The new version is an update to the Joomla! 3 series. Whilst it is primarily a feature release with 300 improvements and two major features it also patches two security issues: Core – Information Disclosure in LDAP Authentication Plugin (affecting Joomla 1.5.0 – 3.7.5) Core – Information …

Read moreJoomla! 3.8 patches 2 security issues

Security update to WordPress (4.8.2)

wordpress

Yesterday, WordPress issued an update to it’s core. This is a security release, so you’re strongly advised to update immediately if you’re running WordPress. According to the release notes for v4.8, it fixes 9 security vulnerabilities in version 4.8.1 and earlier. Check that you’re running on the latest version by logging into your WordPress dashboard – …

Read moreSecurity update to WordPress (4.8.2)

Drupal Security Release (8.3.7)

Drupal Notice

Web hosting platform, Drupal, have issued a maintenance release of their software that patches a number of security fixes. Users are urged to upgrade to the latest version, 8.3.7 as soon as possible. The release patches a number of security vulnerabilities: Views – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6923 REST API can …

Read moreDrupal Security Release (8.3.7)

Website vulnerability leads to £60k ICO fine

latest compliance news posts

The Information Commissioner’s Office (ICO) (the UK’s “data regulator”) has fined a small video game rental company £60,000 after failing to take basic action to prevent an SQL injection vulnerability with their website, which led to a data breach and access to customer details. This latest fine just indicates that any size business is at …

Read moreWebsite vulnerability leads to £60k ICO fine