WordPress is an very popular open source software used by bloggers and millions of websites. A new security update, WordPress 4.8.3 is released, which addresses a potential SQL injection vulnerability. This update was released on October 31st and is available for public download.

BlueBorne is an attack vector can leverage Bluetooth connections to penetrate and take complete control over targeted devices. BlueBorne affects ordinary computers, mobile phones, and the expanding realm of IoT devices. The attack does not require the targeted device to be paired to the attacker’s device, or even to be set on discoverable mode.

A new Ransomware variant with worm like capabilities has infected many organizations around the world. The media is calling it "Petya" but it is not similar to the Petya variants seen before. In the propagation process, the malware enumerates all network adapters, all known server names via NetBIOS and also retrieves the list of current DHCP leases, if available. Each and every IP on the local network and each server found is checked for open TCP ports 445 and 139. Those machines that have these ports open are then attacked with one of the methods described above.

Drupal has released an advisory to address several vulnerabilities in Drupal versions 7.x and 8.x. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. (Advisory ID: DRUPAL-SA-CORE-2017-003)

Ransomware attacks dubbed as “WannaCry” started to spread around the world on the 12th May 2017. In these attacks, data is encrypted with the extension “.WCRY” added to the file names. According to the reports, this attack initiated through an SMBv1 remote code execution vulnerability in Microsoft Windows code-named “EternalBlue”. The exploit “EternalBlue” has been made available on the internet through the Shadowbrokers dump on 14th April 2017.
Microsoft released security patch updates for this vulnerability on 14th March 2017 in Microsoft Security Bulletin MS17-010.

Apache issued an emergency security alert as, Apache Struts was exposed to a high-risk remote command execution vulnerability, tracked as CVE-2017-5638. Public exploits are readily available. Struts is an open source project of the Apache Foundation Jakarta project team, which uses MVC mode to help Java developers use J2EE to develop Web applications. At present, Struts is widely used in large-scale Internet companies, government, financial institutions and other sites, and as the development of the underlying template to use.

WordPress 4.7.1 and prior versions are affected by multiple vulnerabilities. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

Vulnerabilities Addressed

WordPress versions 4.7.1 and earlier are affected by four issues:

  1. The user interface for assigning taxonomy terms in Press, This is shown to users who do not have permissions to use it.
  2. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plug-ins and themes from accidentally causing a vulnerability.
  3. A cross-site scripting (XSS) vulnerability was discovered in the posts list table
  4. An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.

On February 1, WordPress disclosed an additional vulnerability that is fixed in version 4.7.2.

Recomm­ended Course Of Action

TechCERT encourages users and administrators to review the WordPress Security Release and upgrade to WordPress 4.7.2.

Additional Information

Joomla! has released a critical security update for its Content Management System (CMS) software to address multiple vulnerabilities. Joomla! states that the exploitation of these vulnerabilities may allow a remote attacker to take control of an affected website. Joomla! also urges users and administrators to update their sites with immediate effect.

Joomla! has released a critical security update for its Content Management System (CMS) software to address multiple vulnerabilities. Joomla! states that the exploitation of these vulnerabilities may allow a remote attacker to take control of an affected website. Joomla! also urges users and administrators to update their sites with immediate effect.

Drupal has released an advisory to address vulnerabilities in Drupal core 8.x versions prior to 8.1.10. Exploitation of one of these vulnerabilities could allow a remote attacker to take control of an affected system. Following vulnerabilities were fixed in released security update.

logofooter2

Member of

logo apcertfirst logo-2

Collaborated with

apwg2ICTA logo2ack cymru

Our Partners
lanka-certify-logoDark-Lab-Logo2contact