1.5 million WordPress pages defaced recently

Attackers are exploiting the recently patched REST API vulnerability that allows code to be injected into WordPress websites.

The vulnerability, located in the platform’s REST API, allows unauthenticated attackers to modify the content of any post or page within a WordPress site. The flaw was fixed in WordPress 4.7.2, released on Jan. 26, but the WordPress team did not publicly disclose the vulnerability’s existence until a week later, to allow enough time for a large number of users to deploy the update.

To learn more click here.

GoDaddy revokes nearly 9,000 SSL certificates

GoDaddy, one of the world’s largest domain registrars and certificate authorities, revoked almost 9,000 SSL certificates this week after it learned that its domain validation system has had a serious bug for the past five months.

The bug was the result of a routine code change made on July 29 to the system used to validate domain ownership before a certificate is issued. As a result, the system might have validated some domains when it shouldn’t have, opening the possibility of abuse.

To learn more click here.

Technology news and I.T. services provider.

%d bloggers like this: