For your WP Security, be informed about the latest vulnerabilities in WordPress themes: Supreme Directory Theme Unauthenticated Cross-Site Scripting (XSS) reported by Franciny Salles and Flavio Landivar (http://www.hackingxsolutions.com/). This theme has a parameter, s, that allows execute a xss payload: ">". The software does not neutralize or incorrectly neutralizes user-controllable...
WP SERVICES
At your next scheduled WordPress Maintenance, be advised for your WordPress protection about the latest vulnerabilities in WordPress plugins identified and reported publicly this month: Gwolle Guestbook Cross-Site Scripting (XSS) reported by Ryan (Dewhurst Security). During the security audit of Gwolle Guestbook plugin for WordPress CMS, a security vulnerability was...
State-sponsored attackers and established cybercriminals usually reserve their efforts for the biggest, most high-profile targets. But in 2017, they began going after smaller targets. Advanced persistent threats (APTs) are far more difficult to detect and defend against than other types of cyber attacks. They have significant resources, proven capabilities and...
Social Engineering Conclusions As the threat landscape continues to evolve, new tools and approaches are emerging regularly. But one thing remains constant: the human factor. More than ever, cybercriminals rely on people to download and install malware or send funds and information on their behalf. And as the shelf lives...
Social Engineering exploits More businesses are moving to the cloud, creating new kinds of risk. Analysing how attackers are getting access to this infrastructure—and how some users are inadvertently misusing it — provides critical insight into how to better protect against these new threats. The cloud and software-as-a-service (SaaS) apps...
Social Engineering exploits Human interaction and commerce are increasingly digital, and threat actors are adapting to that reality. They are following shifting trends, usage patterns and popular interests to attack people through social media channels. Many of these attacks rely on social engineering. Others simply take advantage of inclinations for...
What are the ADVANCED PERSISTENT THREATS? From Wikipedia, the free encyclopedia: An advanced persistent threat (APT) is a set of stealthy and continuous computer hacking processes, often orchestrated by a person or persons targeting a specific entity. An APT usually targets either private organizations, states or both for business or...
Attackers have relied more and more on social engineering to trick users into revealing credentials, installing malware or wiring funds. Few of us are still tempted to send money to distressed Nigerian princes anymore. But the basic principles behind those early email scams are alive and well. We see them...
At your next scheduled WordPress Maintenance, be advised for your WordPress protection about the latest vulnerabilities in WordPress plugins identified and reported publicly this month: Open Graph for Facebook, Google+ and Twitter Card Tags Unauthenticated Cross-Site Scripting (XSS) reported by Thomas Chauchefoin. The software does not neutralize or incorrectly neutralizes...
WordPress 4.9.8 is now available, since August 2, 2018. This is a privacy and maintenance release. This WordPress Maintenance release fixes 46 bugs, enhancements and blessed tasks, including updating the Twenty Seventeen bundled theme, 18 Privacy fixes focused on ensuring consistency and flexibility in the new personal data tools added...