wordpress content injection vulnerability

ClickSSL Weekly InfoSec Snipper February 6, 2017

This entry is part 142 of 143 in the series Weekly Infosec Snipper

WordPress Websites Are Prone To Content Injection Vulnerability

According to Sucuri research, WordPress websites are vulnerable to critical zero-day content injection vulnerability. It affects REST API and allows attackers to modify content of a website. However, Sucuri reported to WordPress and the authority has taken steps by informing service providers and hosts with a patch before patch introduced. To save from vulnerability, you must update WordPress to 4.7.2 version.

WhatsApp May Bring Recall Send Message Feature

You can recall sent messages on WhatsApp as the chat messenger is testing the feature to recall messages. It allows you to edit or delete a message. The new feature has been spotted on Twitter account @WABetaInfo, and it will be updated in new beta version of WhatsApp. The update will replace original message as “sender revoked the message”. However, WhatsApp has not publicly announced about this new feature.

The PCI SSC Has Updated Its Guideline For Ecommerce Firms

PCI SSC (Payment Card Industry Security Standards Council) has updated guideline about ecommerce security. The old guideline was replaced with new guideline that shows online merchants about certificate authority, SSL certificate and different types and list of question regarding encryption and digital certificate. PCI SSC has made compulsory for all online merchants to use TLS 1.1 version by 2018 year. The new guideline will focus on online payment acceptance, risks associated with customer’s credit card, and best practices to mitigate risks of online payment.

Cheap SSL

The Australian Synchrotron – A Particle Accelerator Hacked

The Australian Synchrotron has notified users of its portal about the hacking of email address and passwords of registered users. The Australian Nuclear Science and Technology Organization (ANSTO) is investigation the incident and immediate action were taken about exploited vulnerability. The portal also needs other details of users like names, qualifications, organization, street addresses, phone numbers, citizenship, and gender. The authority has asked members to reset their passwords.

Facebook Is Going To Fix “Forget Password” Over HTTPS Web Links

Facebook is going to remove headache for its users about “Forget Password” by approaching new service that allows users to recover GitHub login details and enable secure login. The new service will remove issued related to recover Facebook account. Facebook users need to create a GitHub recovery token in advance and they should keep it with them. If they lose their login details, they can authenticate again their Facebook account and do request for token. A token will be sent to GitHub with a time-stamped signature.

Series Navigation<< ClickSSL Weekly InfoSec Snipper January 30, 2017ClickSSL Weekly InfoSec Snipper February 13, 2017 >>
 

Leave a Reply

Your email address will not be published. Required fields are marked *