WordPress plugin detected a backdoor
WordPress plugin detected a backdoor The backdoor was contained in the fake X-WP-SPAM-SHIELD-PRO plugin An unknown hacker introduced a backdoor into the source code of the WordPress plugin that masquerades as an anti-spam tool called X-WP-SPAM-SHIELD-PRO. Apparently, the attacker tried to use the reputation of a popular tool to protect against spam WordPress WP-SpamShield Anti-Spam. The fake plugin contains a backdoor allowing the hacker to create his own administrator account on the attacked...
Magento fix 35 vulnerabilities in two products
The WordPress plugin "Display Widgets" distributes malware On September 14, Magento, developing the same-name online store management system, released updates for Magento Commerce and Magento Open Source, eliminating numerous vulnerabilities, in particular, a critically serious remote code execution error. In summary, updates to Magento 2.1.9 and 2.0.16 cover 35 gaps of varying degrees of danger. Among them - one critical, received the number APPSEC-1800. It allowed the administrator with...
The WordPress plugin "Display Widgets" distributes malware
The WordPress plugin "Display Widgets" distributes malware The plug-in "Display Widgets", numbering more than 200 thousand installations, was finally removed from the plug-ins directory to WordPress after a series of incidents, which resulted in the substitution of malicious code for new releases. This code was a backdoor allowing the plug-in owners to control the content on the sites using the plug-in and perform the substitution of their ad units. All users of Display Widgets are advised to...
FTP is not safe, now Chrome will warn you about this
FTP is not safe, now Chrome will warn you about this The Chrome browser from Google info-icon will soon be flagging services that use the FTP protocol as unsafe. This was reported yesterday by Google employee, a member of the security team of Chrome, Mike West (Mike West). "As part of our program to maintain security on the network, in particular, to transfer the security status of a web page, we plan to mark the resources that work on the FTP protocol as unsafe," West said. "This decision was...
Google Chrome warns users about MitM-attacks
Google Chrome warns users about MitM-attacks The experimental function is already available for testing. A new security feature will appear in the Google Chrome 63 browser, which will detect a "man in the middle" (MitM) attacks by third-party software. MitM-attacks are used to intercept web-traffic of the user. The main problem for the attacker is the encrypted HTTPS traffic. Most tools for MitM attacks can not correctly replace data, causing errors in the SSL protocol, which will be detected...
Detected critical vulnerability in Apache Struts
Detected critical vulnerability in Apache Struts The update of the Apache Struts 2.5.13 web framework, used to create Java web applications using the Model-View-Controller paradigm, is published. The release includes a critical vulnerability fix (CVE-2017-9805) that allows you to run code on the server side. The attack can be carried out by sending a specially designed HTTP request. The vulnerability is manifested when using the REST plug-in with an XStream handler for deserializing XML blocks...