Six disclosures since last week, with three issues still unfixed.
WordPress Security New
WordFence released an interesting report on Tuesday that showcased an attack whereby hackers used compromised WordPress.com sites to install backdoor plugins on self-hosted WordPress sites via jetpack’s remote management capabilities. If you use a WordPress.com account to manage self-hosted sites via Jetpack, definitely read the article to see if you might be affected.
Other Security News
For those using Joomla!, version 3.8.8 was released on Tuesday and addresses 9 security issues. Interestingly, one of the issues was a file upload/arbitrary code execution vulnerability, but was labeled “low” by the Joomla! security team. For most of the issues, versions in the 3.X branch back to 3.2 are vulnerable. You should get the update into your change management cycle as soon as possible.
Last, a new malware has been found to have infected over 500k networking devices in 54 countries. Infected devices currently include Linksys, MikroTik, NETGEAR and TP-Link networking equipment, as well at QNAP network-attached storage (NAS) devices.