November 12, 2018
Oh Alanis, if only you had written your song in 2018 about WordPress GDPR plugins (see below).
Here is a roundup of notable website security incidents from around the web in the last few weeks. Apologies in advance for all the #doomandgloom.
On Dec. 31, 2018, around 62 percent of all websites still running a PHP 5.x version will stop receiving security updates, exposing hundreds of millions of websites, if not more, to serious security risks.
Update, people, update! Or go static…
If you ever used a script called “New Share Counts” to show a tweet counter on your site, remove it now! Over 800 sites have been compromised. There’s a link in that post that will show you the affected websites.
Hosting control panel solution VestaCP was compromised in an attack that installed malware used to carry out DDoS attacks.“The attacker tried launching Linux/ChachaDDoS via SSH”.
For nearly a month, a new botnet has been targeting unsecured Apache Hadoop servers, and planting bots on vulnerable servers to be used for future DDoS attacks.
Don’t fall for these email scams – PayPal, Amazon, Facebook, banks, and and oldie but a goodie…Nigeria. Think you’d never fall for a phishing scheme? Just remember, 91% of all cyber attacks start with a phishing email.
Zero-day (a vulnerability that has been disclosed but not yet patched) in the popular jQuery File Upload plugin has been actively exploited for at least three years. Yikes! A fix is out but the plugin is used in so many projects that patching will take ages! There are even YouTube video tutorials on how to exploit the vulnerability to take over servers.
New WooCommerce vulnerability fixed in latest version. The user role “Shop Manager” had the capability to edit the Admin user, which can lead to a site takeover and file deletion. WooCommerce has over 55 million downloads. Update, update, update!
There’s a new version of reCAPTCHA being released, so no more “how many storefronts do you see?” validation. Phew.
Perfect irony when the WP GDPR Compliance plugin has a zero-day vulnerability that allows hackers to install backdoors and take over sites, gaining access to private data and more. The vulnerable plugin means that hackers can create admin-level accounts and wreak havoc, or inject malicious scheduled actions to be executed by WP-Cron. If you’re one of the 100,000 people using the WP GDPR Compliance Plugin, update now!
Canada Post leaked personal data and orders of thousands of cannabis smokers. Marijuana is legal in Canada, but it doesn’t mean people want their usage known.
Google is introducing a small but important update to its Chrome browser, to prevent consumers from being swindled by underhanded or unclear mobile subscription services. Chrome will display a “The page ahead may try to charge you money” warning.
Strattic is a solution that was created to optimize WordPress websites for speed and security by making them static and serving them on serverless architecture.
Feel free to contact us at firstname.lastname@example.org or sign up for our newsletter below.
Product Manager at Strattic
Rebecca has been in a dedicated relationship with WordPress for over 15 years - one full of love, laughs, tears, growth and strong drinks. L'chaim!