Security Breaches, Hacks & Concerns – July 2019
Below is a recap of of WordPress security vulnerabilities and other software exploits from around the Web in July 2019.
If you have any of the plugins or themes installed on your website, or use any of the software mentioned, update them to the most current version as soon as possible. In some cases their has been no solution provided by the developer and we strongly urge you to remove the theme/plugin/software and find an alternate solution.
Remember that outdated software is the number one reasons websites and devices get hacked.
WordPress Plugin Vulnerabilities:
- Ad Inserter
- Adaptive Images for WordPress
- AdRotate Banner Manager
- Advanced Contact form 7 DB
- All-in-One WP Migration
- Appointment Booking Calendar
- Appointment Hour Booking
- Blog2Social: Social Media Auto Post & Scheduler
- Category Specific RSS feed Subscription
- Coming Soon Page & Maintenance Mode
- Contact Form & SMTP Plugin for WordPress
- Contact Form 7 Dynamic Text Extension
- Email Subscribers & Newsletters
- Everest Forms
- Essential Real Estate
- File Manager
- FV Flowplayer Video Player
- Gallery PhotoBlocks
- Ocean Extra
- One Click SSL
- OneSignal – Web Push Notifications
- Photo Gallery by 10Web
- Simple Membership
- Slimstat Analytics
- Ultimate Member
- WordPress Ultra Simple Paypal Shopping Cart
- WP Google Maps
- WP Like Button
- WP Statistics
- WPS Hide Login
- Visitors Traffic Real Time Statistics
- Yoast SEO
WordPress Theme Vulnerabilities:
- Zoner – Real Estate WordPress Theme
Breaches From Around the Web
Agent Smith Android Malware
The Agent Smith malware gained its name by replacing portions of other Android apps code with its code. The Malware doesn’t attempt to harvest any user data. Instead, it forces the apps it hacked to show more ads and then takes credit for showing the ads to collect the revenue.
Apple disables Walkie Talkie on the Apple Watch
Apple disclosed a vulnerability on the Apple Watch Walkie Talkie app. Apple disabled the app to patch the vulnerability that allows an attacker to eavesdrop on conversations. It is important to note that Apple said there is no evidence that the vulnerability has ever been exploited.
Capital One Data Breach Compromises 100 Million+
Paige “Erratic” Thompson—a former AWS employee—hacked an AWS sever storing Capital One customer information. Once the hacker that is known as Erratic gained access to the server, she was able to obtain information on over 100 million Capital One Customers.
The video conference company Zoom had a vulnerability on the macOS version of their app. The vulnerability would allow a malicious website to force a Zoom user to join a Zoom call.
Thanks to iThemes for compiling this information!