CHICK TALK

Chicktastic Info Just for You!

Security Breaches, Hacks & Concerns – October 2019

by

Below is a recap of of WordPress security vulnerabilities and other software exploits from around the Web in October 2019.

If you have any of the plugins or themes installed on your website, or use any of the software mentioned, update them to the most current version as soon as possible.  In some cases their has been no solution provided by the developer and we strongly urge you to remove the theme/plugin/software and find an alternate solution.

Remember that outdated software is the number one reasons websites and devices get hacked.

WordPress Updates:

    WordPress version 5.2.4 was released on October 14th, 2019, to patch several potential security vulnerabilities.

WordPress Plugin Vulnerabilities:

    About Author
    All In One WP Security & Firewall
    All In One SEO Pack
    Broken Link Checker
    Download Plugins and Themes from Dashboard
    EU Cookie Law
    Events Manager
    Export Users to CSV
    Fast Velocity Minify
    Groundhogg
    iThemes Sync
    Lara’s Google Analytics
    Popup Maker
    Sliced Invoices
    SoundPress Plugin
    SyntaxHighlighter Evolved
    wpDataTables
    WP Email Template
    WP HTML Mail
    Zoho CRM Lead Magnet Plugin

WordPress Theme Vulnerabilities:

    InJob

Breaches From Around the Web

Hackers Using Gifs to Attack Drupal

Akami–a security research company–has noticed an increase in attacks embedding malicious codes inside .gif files. The good news is that Drupal patched this vulnerability more than a year ago. The bad news is that poorly maintained sites still haven’t been updated.

Signal Vulnerability Allows Hackers to Listen to Android Microphones

Google Project Zero recently disclosed a vulnerability in the messaging app Signal. The vulnerability can be used when calling someone’s phone using the Signal app. During the phone call, the hacker will need to press the mute button while the target’s phone is ringing. Pressing the mute button will force the target’s device to answer the call, allowing the attacker to eavesdrop on their mark.

Thanks to iThemes for compiling this information!

[optin-monster-shortcode id=”yb8cjlx2u7mik93fvgvb”]

Show us some love!