Data Security News Headlines 27th December, 2016

  1. Critical PHPMailer Flaw leaves Millions of Websites Vulnerable to Remote Exploit

Millions of PHP websites and popular open source web applications, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with PHPMailer library for sending emails using a variety of methods, including SMTP to their users. Polish security researcher Dawid Golunski of Legal Hackers discover critical vulnerability in PHPMailer, which is one of the most popular open source PHP libraries to send emails used by more than 9 Million users worldwide. This critical vulnerability (CVE-2016-10033) allows an attacker to remotely execute arbitrary code in the context of the web server and compromise the target web application. All versions of PHPMailer before the critical release of PHPMailer 5.2.18 are affected. Once the attacker successfully exploited attacker could target common website components such as contact/feedback forms, registration forms, password email resets and others that send out emails with the help of a vulnerable version of the PHPMailer class.

Cyber Security Tips: Web administrators and developers are strongly recommended to update to the patched release.

  1. Thais detain 9 suspected of hacking government sites

BANGKOK: Thai police have detained nine people suspected of hacking government websites to protest against amendments to a cyber security law that critics say strengthens the authorities’ oversight of the internet. The hackers launched a wave of cyber-attacks last week, shutting down dozens of government websites. According to report the government said the websites were only down temporarily and the attacks caused minimum disruption. Investigation is going on said report.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: