Podcast Episode 30: WordPress Ad Inserter Plugin Vulnerability and Other News
This week we review a critical vulnerability in the Ad Inserter plugin, currently installed on over 200,000 WordPress sites. The vulnerability, discovered by our Director of Threat Intelligence Sean Murphy, was patched quickly by the developer. We also cover Google’s decision to remove Chrome’s built-in XSS protection, a researcher’s discovery of vulnerability in Instagram’s 2FA, updates to the Gutenberg editor and hackers that created an Android app that can kill to prove a point amongst other stories.
Here are approximate timestamps in case you want to jump around:
0:57 Ad Inserter Plugin Vulnerability
5:27 Chrome XSS Protection
8:10 Instagram 2FA Vulnerability
14:10 New Updates to Gutenberg editor
16:05 The Android App that Kills
20:54 Biggest Bulletproof Hoster
21:43 Agent Smith Android Malware
24:33 Zoom Vulnerability Update
This week in the news we cover:
- A critical vulnerability has been patched in the Ad Inserter plugin currently installed on over 200,000 WordPress sites.
- Google is planning to remove Chrome’s built in XSS protection.
- A security researcher found and reported a bypass of Instagram’s 2FA that could have led to compromise of any account.
- A recent release of Gutenberg shows some continuous improvements.
- Hackers created an Android app that kills to prove a point.
- Brian Krebs covered research into the world’s biggest bulletproof hoster.
- Malicious apps have infected 25 million Android devices with ‘Agent Smith’ malware.
- In an update to a story we covered last week, Apple pushed a silent update to patch Zoom’s zero-day vulnerability that left web servers on Mac computers that had previously installed Zoom.