CHICK TALK

Chicktastic Info Just for You!

Security Breaches, Hacks & Concerns – July 2019

by

Below is a recap of of WordPress security vulnerabilities and other software exploits from around the Web in July 2019.

If you have any of the plugins or themes installed on your website, or use any of the software mentioned, update them to the most current version as soon as possible.  In some cases their has been no solution provided by the developer and we strongly urge you to remove the theme/plugin/software and find an alternate solution.

Remember that outdated software is the number one reasons websites and devices get hacked.

WordPress Plugin Vulnerabilities:

    Ad Inserter
    Adaptive Images for WordPress
    AdRotate Banner Manager
    Advanced Contact form 7 DB
    All-in-One WP Migration
    Appointment Booking Calendar
    Appointment Hour Booking
    Blog2Social: Social Media Auto Post & Scheduler
    Category Specific RSS feed Subscription
    Coming Soon Page & Maintenance Mode
    Contact Form & SMTP Plugin for WordPress
    Contact Form 7 Dynamic Text Extension
    Email Subscribers & Newsletters
    Everest Forms
    Essential Real Estate
    File Manager
    FV Flowplayer Video Player
    Gallery PhotoBlocks
    Icegram
    LiveChat
    Newsletters
    Ocean Extra
    One Click SSL
    OneSignal – Web Push Notifications
    Photo Gallery by 10Web
    Simple Membership
    Slimstat Analytics
    Ultimate Member
    WooCommerce
    WordPress Ultra Simple Paypal Shopping Cart
    WP Google Maps
    WP Like Button
    WP Statistics
    WPS Hide Login
    Visitors Traffic Real Time Statistics
    Yoast SEO

WordPress Theme Vulnerabilities:

    Zoner – Real Estate WordPress Theme

Breaches From Around the Web

Agent Smith Android Malware

The Agent Smith malware gained its name by replacing portions of other Android apps code with its code. The Malware doesn’t attempt to harvest any user data. Instead, it forces the apps it hacked to show more ads and then takes credit for showing the ads to collect the revenue.

Apple disables Walkie Talkie on the Apple Watch

Apple disclosed a vulnerability on the Apple Watch Walkie Talkie app. Apple disabled the app to patch the vulnerability that allows an attacker to eavesdrop on conversations. It is important to note that Apple said there is no evidence that the vulnerability has ever been exploited.

Capital One Data Breach Compromises 100 Million+

Paige “Erratic” Thompson—a former AWS employee—hacked an AWS sever storing Capital One customer information. Once the hacker that is known as Erratic gained access to the server, she was able to obtain information on over 100 million Capital One Customers.

Zoom

The video conference company Zoom had a vulnerability on the macOS version of their app. The vulnerability would allow a malicious website to force a Zoom user to join a Zoom call.

Thanks to iThemes for compiling this information!

[optin-monster-shortcode id=”yb8cjlx2u7mik93fvgvb”]

Show us some love!