Security News

How confident are you with the security of your WordPress deployments? If you're not 100% confident, you need to make use of the wpscan tool. Considering how prevalent the open source WordPress blogging platform installations are, chances are good that you have a deployment or two to manage.

Patches released over the past several days for multiple WordPress plugins address vulnerabilities that have been actively exploited as part of the same website takeover campaign. The plugin is impacted by a vulnerability described as an "Unauthenticated stored XSS via plugin settings change."

Thousands of active WordPress plugins have been hit with a swathe of cross-site scripting vulnerabilities that could give attackers complete control of sites. Researchers at NinTechNet found a vulnerability in the WordPress Flexible Checkout Fields for WooCommerce plugin, which enhances the popular WordPress ecommerce system with the ability to configure custom checkout fields using a simple user interface.

Only half of the vulnerabilities in cloud containers ever posed a threat, according to a Rezilion study. The top 20 most popular container images on DockerHub were analyzed to discover that 50% of vulnerabilities were never loaded into memory and therefore did not pose a threat, regardless of Common Vulnerability Scoring System scores and despite vast resources in budget and manpower spent on patching or mitigation.

Intel patched over 230 vulnerabilities in its products last year, but less than a dozen impacted its processors, according to the company's 2019 Product Security Report. Intel said it learned of 236 vulnerabilities in 2019, including 144 discovered internally by its employees.

Cloud security company Rezilion has analyzed some of the most popular Docker container images and determined that while they include many vulnerabilities, less than half of these flaws pose an actual risk. Rezilion's researchers have analyzed 20 of the most popular container images hosted on DockerHub, the largest library and community for container images.

The developers of the free and open-source forum software MyBB have shared some data on the vulnerabilities patched in their product over the past years. According to MyBB developers, 103 vulnerabilities have been patched in the 1.8.x branch since its release in 2014.

Researchers from Cisco's Talos intelligence and research group have identified a dozen vulnerabilities in a wireless networking device made by Taiwan-based industrial networking, computing and automation solutions provider Moxa. According to advisories published on Monday by both Moxa and Talos, AWK-3131A industrial AP/bridge/client devices are affected by 12 vulnerabilities that can be exploited to carry out malicious activities in an attack aimed at an organization's industrial systems.

Honeywell has released patches for a couple of potentially serious vulnerabilities affecting a web server used by its Notifier fire alarm systems. With this information at hand, the attacker can gain full access to the fire alarm system.

Web attacks originating from the public cloud saw a 16% spike from November to December 2019. AWS was the top source of attacks, responsible for 94% of all web attacks coming from public clouds.