• chevron_right

      Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

      news.movim.eu / ArsTechnica · Monday, 9 October - 20:48

    Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

    Enlarge (credit: Getty Images )

    Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin.

    The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag . The themes are available through the Theme Forest and Envato marketplaces and have more than 155,000 downloads.

    Tracked as CVE-2023-3169, the vulnerability is what’s known as a cross-site scripting (XSS) flaw that allows hackers to inject malicious code into webpages. Discovered by Vietnamese researcher Truoc Phan , the vulnerability carries a severity rating of 7.1 out of a possible 10. It was partially fixed in tagDiv Composer version 4.1 and fully patched in 4.2.

    Read 8 remaining paragraphs | Comments

    • chevron_right

      WordPress plugin installed on 1 million+ sites logged plaintext passwords

      news.movim.eu / ArsTechnica · Thursday, 13 July, 2023 - 19:19

    WordPress plugin installed on 1 million+ sites logged plaintext passwords

    Enlarge (credit: Getty Images)

    All-In-One Security, a WordPress security plugin installed on more than 1 million websites, has issued a security update after being caught three weeks ago logging plaintext passwords and storing them in a database accessible to website admins.

    The passwords were logged when users of a site using the plugin, typically abbreviated as AIOS, logged in, the developer of AIOS said Thursday . The developer said the logging was the result of a bug introduced in May in version 5.1.9. Version 5.2.0 released Thursday fixes the bug and also “deletes the problematic data from the database.” The database was available to people with administrative access to the website.

    A major security transgression

    A representative of AIOS wrote in an email that “gaining anything from this defect requires being logged in with the highest-level administrative privileges, or equivalent. i.e. It can be exploited by a rogue admin who can already do such things because he's an admin.”

    Read 8 remaining paragraphs | Comments

    • chevron_right

      ChatGPT gets “eyes and ears” with plugins that can interface AI with the world

      news.movim.eu / ArsTechnica · Friday, 24 March, 2023 - 19:29

    An illustration of an eyeball

    Enlarge (credit: Aurich Lawson | Getty Images)

    On Thursday, OpenAI announced a plugin system for its ChatGPT AI assistant. The plugins give ChatGPT the ability to interact with the wider world through the Internet, including booking flights, ordering groceries, browsing the web, and more. Plugins are bits of code that tell ChatGPT how to use an external resource on the Internet.

    Basically, if a developer wants to give ChatGPT the ability to access any network service (for example: "looking up current stock prices") or perform any task controlled by a network service (for example: "ordering pizza through the Internet"), it is now possible, provided it doesn't go against OpenAI's rules.

    Conventionally, most large language models (LLM) like ChatGPT have been constrained in a bubble, so to speak, only able to interact with the world through text conversations with a user. As OpenAI writes in its introductory blog post on ChatGPT plugins, "The only thing language models can do out-of-the-box is emit text."

    Read 18 remaining paragraphs | Comments

    • chevron_right

      Hundreds of WordPress sites infected by recently discovered backdoor

      news.movim.eu / ArsTechnica · Wednesday, 4 January, 2023 - 20:12

    Hundreds of WordPress sites infected by recently discovered backdoor

    Enlarge

    Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week.

    The Linux-based malware installs a backdoor that causes infected sites to redirect visitors to malicious sites, researchers from security firm Dr.Web said . It’s also able to disable event logging, go into standby mode, and shut itself down. It gets installed by exploiting already-patched vulnerabilities in plugins that website owners use to add functionality like live chat or metrics-reporting to the core WordPress content management system.

    “If sites use outdated versions of such add-ons, lacking crucial fixes, the targeted web pages are injected with malicious JavaScripts,” Dr.Web researchers wrote. “As a result, when users click on any area of an attacked page, they are redirected to other sites.”

    Read 9 remaining paragraphs | Comments

    • Ic chevron_right

      Why Icinga?

      pubsub.slavino.sk / icinga · Tuesday, 12 April, 2022 - 10:11 edit

    We have decided to make some short educational videos about Icinga, and today we will be releasing the first one: Why Icinga? In these videos we want to explain the Whys and Whats and Hows around Icinga in a way that is accessible to anyone who is interested. So Why do you want to use […]

    The post Why Icinga? appeared first on Icinga .


    Značky: #video, #How-tos, #plugins, #why-icinga, #Network, #Integrations

    • Pe chevron_right

      Free WordPress Plugin: Disable Application Passwords

      pubsub.slavino.sk / perishablepress · Wednesday, 9 December, 2020 - 22:48 edit

    Launching a free plugin to disable the new Application Passwords feature introduced in WordPress version 5.6. The plugin is one line of code. Install and activate to completely disable all of the Application Passwords functionality. To re-enable all Application Passwords, simply deactivate/uninstall the plugin. Easy peasy. Download I literally just submitted this plugin to the WordPress Plugin Directory. So for now, you can download the plugin directly here at Perishable Press: Feedback welcome in the comments below or send via […]

    Značky: #WordPress, #Rozne, #plugins

    • Pe chevron_right

      Customize BBQ Firewall

      pubsub.slavino.sk / perishablepress · Tuesday, 24 November, 2020 - 00:41 edit

    BBQ Firewall is a lightweight, super-fast plugin that protects your site against a wide range of threats. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings. This is a simple yet solid solution for sites that are unable to use a strong Apache/.htaccess firewall. BBQ is kept as lightweight as possible, so there are no options or settings to change default behavior. Based on years of feedback, the default […]

    Značky: #Rozne, #firewall, #Security, #blacklist, #plugins, #WordPress

    • Pe chevron_right

      New Plugin for WordPress 5.5 and Beyond: Disable WP Sitemaps

      Jeff Starr · pubsub.slavino.sk / perishablepress · Wednesday, 5 August, 2020 - 00:31 edit

    WordPress 5.5 and beyond features built-in sitemaps that are enabled by default. For new users and sites this may a good thing. Now users don’t have to bother with thinking about how to implement a sitemap. Like with Privacy control, WordPress just does it for you automagically. BUT for the millions of sites that already have a sitemap thanks to any of the excellent and free sitemap plugins — that’s like maybe 5–10 million websites — well congratulations you now […]

    Značky: #WordPress, #plugins, #Rozne

    • Pe chevron_right

      WordPress Plugin: Disable Media Sizes

      Jeff Starr · pubsub.slavino.sk / perishablepress · Tuesday, 4 August, 2020 - 20:58 edit

    Whenever you upload an image using the Media Library, WordPress automatically creates a set of alternate-size images. The number and size of these auto-generated images continues to grow each year, as WordPress tries to keep up with increasingly hi-resolution screen sizes. For many WordPress-powered websites, the extra media sizes enable WordPress to serve images responsively and that’s a good thing. But for some WordPress sites, all the extra images simply are not necessary. In some cases downright wasteful. And that’s […]

    Značky: #WordPress, #plugins, #Rozne