Posts

WP Mobile Detector Vulnerability Being Exploited in the Wild

Please note that a vulnerability has been found in the WP Mobile Detector script used by many WordPress users.

This issue has now been patched according to Sucuri. Please make sure you update your wordpress if you use WP Mobile Detector;

Also if you do not use the WP Mobile Detector Script please make sure you update your WordPress plugins regularly.

Want to know more about the WP Mobile Detector Vulnerability, please read the full Sucuri blog about this issue.

Drupal Core – Highly Critical – Public Service announcement

Drupal Core – Highly Critical – Public Service announcement – PSA-2014-003

Description

This Public Service Announcement is a follow up to SA-CORE-2014-005 – Drupal core – SQL injection. This is not an announcement of a new vulnerability in Drupal.

Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 – Drupal core – SQL injection. You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11pm UTC, that is 7 hours after the announcement.

WordPress and Drupal Updates

Please note that there are new updates for WordPress and Drupal to stop Brute Force attacks on these websites;  a security researcher revealed a new crucial vulnerability that allows offenders to launch a very effective Denial of Service attack, through a process that circumvents existing security measures.

Please make sure you have your WordPress updates to version 2.9.2 and your Drupal to either 7.31 or 6.33 (depending on which Drupal version you are running).

Want some more information check out the following blogpost on this topic.