Podcast Episode 23: Security News from WCEU in Berlin
This week, we’re at WordCamp Europe in Berlin, Germany and there is a lot of WordPress and security news to cover. We talk about the recent outage with WordPress VIP Go, what’s new in WordPress version 5.2.2, vulnerabilities in two of Facebook’s WordPress plugins, a Google Chrome extension for reporting bad URLs and a Chrome extension found to hijack search results. We talk about the importance and future of Troy Hunt’s “Have I Been Pwned” project as he preps it for sale, a Firefox 0Day exploited in the wild, and two more American municipalities affected by malware. Evite disclosed a recent breach, Telegram gets DDoSed, a vulnerability found in Evernote’s Web Clipper and Netflix’s discovery of multiple Linux and FreeBSD vulnerabilities.
Here are approximate timestamps in case you want to jump around:
1:42 WordPress VIP Go outage
3:29 WordPress 5.2.2 Update
4:28 Security implications of WordPress multisite
8:34 Self-promoting security troll strikes again
12:06 Chrome Suspicious URL Extension
13:36 Should Google be monetizing GSB data?
18:31 Malicious “YouTube Queue” chrome extension
21:25 Have I Been Pwned for sale
28:46 Firefox 0-day
30:00 Ransomware hits Philly
34:00 House lawmakers demand end to warrantless surveillance
37:20 Evite data breach
39:32 Telegram servers DDoSed
43:19 Evernote XSS flaw
46:22 Linux and FreeBSD vulns
This week in the news we cover:
- WordPress VIP Go experienced a 3-hour outage reverting a number of high profile websites to default themes.
- WordPress version 5.2.2 was released, squashing 13 bugs and improving WordPress site health features.
- A disgruntled security researcher publishes 0day proof of concepts affecting two Facebook plugins, one with 200,000 installations.
- Google launches a Chrome extension for flagging bad URLs to the safe browsing team.
- A Chrome extension was found hijacking users’ search engine results.
- Troy Hunt announces that he’s looking for someone to purchase Have I Been Pwned.
- A Firefox 0Day exploited in the wild.
- The Philadelphia court system found malware on a limited number of computers, but enough to force a shutdown to prevent further problems.
- A Florida city pays $600,000 ransomware to hackers who seized their computer system.
- House lawmakers propose amendment to defund NSA data collection program.
- Evite’s recent security breach attributed likely an old backup left unprotected.
- Telegram’s CEO says China is behind a recent DDOS attack.
- A cross-site scripting (XSS) vulnerability in Evernote Web Clipper was responsibly disclosed, and added to Evernote’s security hall of fame.
- Netflix found multiple Linux and FreeBSD vulnerabilities.