iOS Mail Zero-day

UPDATE: A patch has been issued in iOS 13.4.5 beta, with an expected final release soon.  No word on patches for earlier iOS versions.

Source: https://threatpost.com/apple-patches-two-ios-zero-days-abused-for-years/155042/

A zero-day exploit has been discovered in the iOS Mail app.  The security hole has existed as far back as iOS 6 (September 2012), and extends to the current iOS (13.x).

As of today (4/22/2020) this has NOT been patched.  It is recommended that you DISABLE iOS mail at this time.

We advise that you update as soon as an iOS patch is available.

Full details at https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/

 

Malware redirecting visitors found on 2,000 WordPress sites

More than 2,000 WordPress sites have been infected with malicious JavaScript that redirects visitors to scam websites and sets the stage for additional malware to be downloaded at a later time.

The Sucuri team said access is gained to WordPress sites through plugin vulnerabilities, including Simple Fields and CP Contact Form with PayPal. [ed note: None of the sites we manage are subject to these infections, as the security plugins we use protect against exploits of this type. And no sites under our management currently use the known vulnerable plugins. ] A large uptick in this activity was picked up during the third week of January.

Source:  https://www.scmagazine.com/home/security-news/malware/malware-redirecting-visitors-found-on-2000-wordpress-sites/?fbclid=IwAR3dUryf3c0OOK4VGXJsOhTSdPkik70RF0-5Tsg4rfmPgfyl6NLtEie8ViE

Hacker Uses NSA-Discovered Vulnerability In Windows To Spoof NSA

As a part of its latest Patch Tuesday update, Microsoft fixed a critical Windows 10 CryptoAPI vulnerability (CVE-2020-0601) that was discovered by the National Security Agency (NSA).

However, a security researcher named Saleem Rashid didn’t take much time to demonstrate the havoc it could have caused – in a funny way, though.

The researcher rickrolled the NSA and GitHub by spoofing their HTTPS-secured websites and showed how anyone could masquerade them. Rickrolling is a familiar gesture used to demo security flaws by playing Rick Astley’s music video “Never Gonna Give You Up,” which Rashid did on the websites of NSA and GitHub.

Affected Windows versions can be secured using the patch that’s already available. So, it’s recommended that you install it if haven’t done it already. At the same time, Google is also in the process of pushing a fix for Chrome that is currently being tested in beta releases.

Full story

WordPress Upgrades to 5.3

5.3 expands and refines the block editor with more intuitive interactions and improved accessibility. New features in the editor increase design freedoms, provide additional layout options and style variations to allow designers more control over the look of a site.

This release also introduces the Twenty Twenty theme giving the user more design flexibility and integration with the block editor.

More details at https://wordpress.org/news/2019/11/kirk/

WordPress Updates – New PHP Requirements

WordPress released two upgrades this month. Both of them require that your server is using PHP 5.6 or later. If you don’t see upgrades to WordPress 5.2 or 5.2.1 in the lists below, it’s possible you are still on an earlier version of PHP. If that’s the case, we have you on our radar and will be contacting you or your webhost about upgrading the PHP on your site in the near future. Neither are specifically addressing any security issues, fortunately.

All sites now updated to WordPress 5.x

We had initially held off on updates of some sites to WordPress 5.x due to concerns of potential problems with the new Gutenberg editor and questions about compatibility with some older themes.

We’re happy to announce that all sites we manage have now been updated. Many sites are currently set up with the Classic Editor plugin, which allow you to continue to write posts and pages in the way that you’re familiar with. We recommend that you familiarize yourself with the new Gutenberg editor by temporarily deactivating the Classic Editor plugin and giving Gutenberg a try. Classic editing will only be supported for about 2 years.

Learn more about Gutenberg here:

https://wordpress.org/gutenberg/handbook/

and here:

https://www.codeinwp.com/blog/wordpress-gutenberg-guide/

WordPress updated to 5.1 on Feb 21

5.1 focuses on polish, in particular by improving the overall performance of the editor. In addition, this release paves the way for a better, faster, and more secure WordPress with some essential tools for site administrators and developers.

Site Health

With security and speed in mind, this release introduces WordPress’s first Site Health features. WordPress will start showing notices to administrators of sites that run long-outdated versions of PHP, which is the programming language that powers WordPress.

When you install new plugins, WordPress’s Site Health features will check them against the version of PHP you’re running. If the plugin requires a version that won’t work with your site, WordPress will keep you from installing that plugin.

Editor Performance

Introduced in WordPress 5.0, the new Gutenberg block editor continues to improve. Most significantly, WordPress 5.1 includes solid performance improvements within the editor. The editor should feel a little quicker to start, and typing should feel smoother.

Expect more performance improvements in the next couple of releases.

WordPress updated to 5.1

5.1 focuses on polish, in particular by improving the overall performance of the editor. In addition, this release paves the way for a better, faster, and more secure WordPress with some essential tools for site administrators and developers.

Site Health

With security and speed in mind, this release introduces WordPress’s first Site Health features. WordPress will start showing notices to administrators of sites that run long-outdated versions of PHP, which is the programming language that powers WordPress.

When you install new plugins, WordPress’s Site Health features will check them against the version of PHP you’re running. If the plugin requires a version that won’t work with your site, WordPress will keep you from installing that plugin.

Editor Performance

Introduced in WordPress 5.0, the new Gutenberg block editor continues to improve. Most significantly, WordPress 5.1 includes solid performance improvements within the editor. The editor should feel a little quicker to start, and typing should feel smoother.

Expect more performance improvements in the next couple of releases.