This entry was posted in Podcasts on May 08, 2019 by Kathy Zant 0 Replies
Today we are pleased to bring you the tenth episode of Think Like a Hacker. We’re doing things a little different this week, separating the news and our interview into two episodes. In today’s we cover the news and we will share another compelling interview later in the week. In the news we discuss new …
Read More
This entry was posted in Vulnerabilities, WordPress Security on May 02, 2019 by Mikey Veenstra 2 Replies
Earlier this week, a security update was released for the WooCommerce Checkout Manager plugin for WordPress. This update fixes two distinct vulnerabilities: an arbitrary file upload flaw present in certain configurations, and a flaw allowing attackers to delete media files from affected sites. The plugin’s users are advised to install the latest available version (4.3 …
Read More
This entry was posted in Podcasts on May 01, 2019 by Mark Maunder 4 Replies
We cover quite a few news stories this week, including two plugins requiring immediate updating due to disclosed vulnerabilities, what we can expect from WordPress version 5.2 and a dark web marketplace that appears to have exit scammed users. We follow up on Google Sensorvault, a great interview with Richard Stallman about Facebook and JetBlue’s …
Read More
This entry was posted in Podcasts on April 23, 2019 by Mark Maunder 3 Replies
This week we look at Troy Hunt’s pen testing results with the TicTocTrack watch and the privacy issues of tracking our kids. We examine the changes coming in the AMP project as well as implications of the UK’s new porn age restriction law coming into effect in July. We review a story uncovered by Cisco’s …
Read More
This entry was posted in Podcasts on April 17, 2019 by Mark Maunder 7 Replies
This week we look at the Assange arrest, an irresponsible security researcher affecting the WordPress community and do a bit of a thought experiment. We also look at Google’s Sensorvault and how it’s being used by law enforcement, the fascinating rise and fall of the Bayrob malware gang, and some tips for avoiding a …
Read More
This entry was posted in Vulnerabilities, WordPress Security on April 11, 2019 by James 10 Replies
On Monday the WordPress plugin Yellow Pencil Visual Theme Customizer was closed in the WordPress.org plugin repository. The plugin is quite popular, with an active install base of over 30,000 websites. On Tuesday a security researcher made the irresponsible and dangerous decision to publish a blog post including a proof of concept (POC) detailing how …
Read More
This entry was posted in Vulnerabilities, WordPress Security on April 10, 2019 by Dan Moen 30 Replies
The Yuzo Related Posts plugin, which is installed on over 60,000 websites, was removed from the WordPress.org plugin directory on March 30, 2019 after an unpatched vulnerability was publicly, and irresponsibly, disclosed by a security researcher that same day. The vulnerability, which allows stored cross-site scripting (XSS), is now being exploited in the wild. These …
Read More
This entry was posted in Podcasts on April 10, 2019 by Mark Maunder 2 Replies
This week we follow up on two stories from last week, the Pipdig P3 plugin and Jetpack suggestions found within the WordPress plugin dashboard. We also take a look at quite a few privacy concerns with Grammarly, malware in the healthcare industry, and we discuss privacy concerns with Facebook. I also talk to Brandy …
Read More
This entry was posted in Podcasts on April 02, 2019 by Mark Maunder 2 Replies
This week I chat about the Pipdig controversy in full with Mikey Veenstra and Kathy Zant. Kathy and I cover the news. And we have an amazing interview with Raquel Landefeld who is a community organizer for WordPress, co-founder of agency Mode Effect and a well known and loved personality in the WordPress community. Raquel …
Read More
This entry was posted in Research, Vulnerabilities on April 02, 2019 by Mikey Veenstra 25 Replies
In last week’s post, we reported on some concerning code identified in the Pipdig Power Pack (P3) plugin. The plugin, which is installed alongside WordPress themes sold by Pipdig, was found to contain a number of suspicious or malicious features. Among these features were a remote “killswitch” Pipdig could use to destroy sites, an obfuscated …
Read More