Updates on WordPress security, Wordfence and what we're cooking in the lab today.

Category Archive: Podcasts

Wordfence Blog

Episode 125: Critical SQL Injection Vulnerability Patched in WooCommerce

This entry was posted in Podcasts on July 16, 2021 by Ram Gall   0 Replies

A critical SQL injection vulnerability was discovered in WooCommerce, the most popular e-Commerce plugin used by over 5 million WordPress sites. The WordPress.org team pushed a forced security update ensuring that over 90 versions of WooCommerce were patched. The REvil ransomware gang targeted a zero-day vulnerability in Kaseya, used by many in the banking industry, …
Read More

Episode 124: PrintNightmare 0Day Exploit Accidentally Leaked Online

This entry was posted in Podcasts on July 02, 2021 by Kathy Zant   2 Replies

Security researchers accidentally leaked zero-day exploit code for a new Windows bug, now called PrintNightmare, while easily exploitable vulnerabilities in the ProfilePress plugin, previously called WP User Avatar, were patched quickly. An unprotected cloud database containing over 814 million DreamHost user records was found online. Google Chrome is getting a HTTPS-only feature in an upcoming …
Read More

Episode 123: Over 30 Million Dell Devices at Risk for Remote BIOS Attacks

This entry was posted in Podcasts on June 24, 2021 by Ram Gall   0 Replies

Over 30 million Dell devices are at risk for remote BIOS attacks due to four separate security bugs, which can have far reaching effects for enterprise organizations heavily invested in Dell devices. VMware Carbon Black App Control has been updated this week to fix a critical-severity vulnerability that allows authentication bypass. Antivirus creator John McAfee …
Read More

Episode 122: Largest Password Dump in History Fuels Credential Stuffing Extravaganza

This entry was posted in Podcasts on June 18, 2021 by Ram Gall   2 Replies

Sites running Jetpack are being infected via compromised WordPress.com credentials. The largest password dump ever with 8.4 billion passwords is used in credential stuffing attacks. Wordfence Threat Intelligence discloses new plugin vulnerabilities as well as a vulnerability at tsoHost. Data Breaches impact VW and EA, REvil compromises a nuclear weapons contractor, and TurboTax accounts are …
Read More

Episode 121: Wordfence is Now a CVE Numbering Authority (CNA)

This entry was posted in Podcasts on June 11, 2021 by Ram Gall   0 Replies

Wordfence is now a CVE Numbering Authority, or a CNA. As a CNA, Wordfence can now assign CVE IDs for new vulnerabilities in WordPress Core, WordPress Plugins and WordPress Themes. An outage at Fastly takes down major websites including Reddit, Twitch, Amazon, and many others. Microsoft patches numerous Windows 0-day vulnerabilities, and Google patches a …
Read More

Episode 120: Jetpack Autoupdate Security Patch Bypasses Local Settings

This entry was posted in Podcasts on June 04, 2021 by Kathy Zant   0 Replies

A security fix for an information leak vulnerability was pushed out to WordPress sites using Jetpack that bypassed local settings preventing autoupdates. A ransomware attack on JBS that shut down meat processing operations in the United States has been attributed to REvil, a private Russian ransomware-as-​a-service operation. A critical zero-day vulnerability was discovered by the …
Read More

Episode 119: Critical VMWare Vulnerability Threatens Data Centers

This entry was posted in Podcasts on May 28, 2021 by Ram Gall   0 Replies

A Critical Vulnerability in VMWare’s vCenter Server threatens some of the largest data centers in the world. An actively exploited 0-day in macOS was used to take screen shots of infected computers. CodeCov claims another victim as Japanese e-Commerce unicorn Mercari reports a massive data breach. Domino’s India and Air India suffer from large-scale data …
Read More

Episode 118: Four Android Vulnerabilities Under Active Attack

This entry was posted in Podcasts on May 21, 2021 by Ram Gall   0 Replies

Four memory corruption vulnerabilities are being actively exploited on Android devices and nearly 2 dozen popular Android apps exposed over 100 Million users’ sensitive information in cloud databases. Over 600,000 sites using WP Statistics required a patch to fix a blind SQL injection vulnerability. WP User Avatar undergoes a dramatic rebranding to ProfilePress, adding completely …
Read More

Podcast 117: Cyber Attack on Colonial Pipeline Affects Fuel Availability in 17 States

This entry was posted in Podcasts on May 14, 2021 by Kathy Zant   1 Reply

A ransomware attack on Colonial Pipeline affected fuel availability in 17 southeastern US states, and Bloomberg reported that Colonial Pipeline paid $5 million to DarkSide, a Russian ransomware service provider. The Biden Administration issued an executive order to increase US cybersecurity defenses. WordPress 5.7.2 was released to patch a critical object injection vulnerability in PHPMailer. …
Read More

Episode 116: Packagist Patch Shows How Supply Chain Threats Could Impact WordPress

This entry was posted in Podcasts on May 06, 2021 by Ram Gall   0 Replies

A vulnerability discovered in Packagist, which is used by Composer to manage PHP package requests, could have allowed attackers to trick Composer into downloading backdoored source code, potentially affecting all WordPress sites. Packagist reports that it’s not aware of any exploits. A SQL injection vulnerability was patched in the CleanTalk AntiSpam plugin installed on over …
Read More

Follow Us

      


Protect your websites with the #1 WordPress Security Plugin

Get Premium
Over 200 million downloads

Wordfence Newsletter

Get WordPress Security Alerts and Product Updates