- Unpatched WordPress file deletion vulnerability could allow site takeover and code execution
Seven months ago, security experts discovered a critical file deletion vulnerability that affects all WordPress versions, currently, the issue is still unpatched.
The vulnerability could be exploited to complete takeover of the websites running the popular CMS and gain arbitrary code execution. An attacker could exploit the file deletion vulnerability to delete any file of the WordPress installation, as well as any other file on the server on which the PHP process user has the proper permissions to delete.
An arbitrary file deletion flaw occurs when it is possible to pass unsanitized input to a file deletion function.
Cyber Security Tips:
- The researchers provided a hotfix that can be integrated by admins into existing WordPress installations by adding it to the functions.php file of the active theme.
- The fix checks that the data provided for the meta-value thumb does not contain code that would make path traversal possible, in this way the attacker cannot delete any file.
2. Ticketmaster Hacked – Payment Details Accessed
Ticketmaster, a subsidiary of Live Nation, the world’s largest live entertainment ticketing sales and marketing company, has been hacked, with potentially millions estimated to have had their payment details accessed.
Information which may have been compromised includes: name, address, email address, telephone number, payment details and Ticketmaster login details, the company said.
The company has yet to release a specific number for those affected, saying “less than five percent” of its global customer base has been impacted. The company sold 500 million tickets last year; it has not reported to how many buyers.
Cyber Security Tips:
- Never reply to emails or pop-up messages that solicit personal information.
- Many organizations allow you to incorporate additional layers of online protection, such as security questions or mobile security applications, in addition to your password. Taking advantage of these measures will provide an extra layer of protection.
- Phishing attempts frequently contain misspellings, grammatical mistakes, generic greetings, and unfamiliar email addresses. Look for these if you receive an email that seems suspicious.
- Ticketmaster has opened https://security.ticketmaster.co.uk/ for those worried they have been affected.
3. Firefox Will Notify You When Your Accounts Are Compromised
Mozilla is adding a handy new feature to the Firefox web browser.
Firefox will start notifying you when your accounts have been compromised. To make it happen, Mozilla has partnered up with one of the most important security websites on the Internet: HaveIBeenPwned.
The new service will be called Firefox Monitor. To start receiving notifications all you have to do is submit your email address.