July 22, Softpedia – (International) Decrypter available for ODCODC ransomware. Security researchers from BloodyDolly released a decrypter for the ODCODC ransomware that circumvents ODCODC’s RSA-2048 encryption to recover the victim’s files without paying the ransom. Source
July 21, SecurityWeek – (International) Persistent XSS patched in WooCommerce WordPress plugin. WooCommerce released version 2.6.3 of its ecommerce plugin for WordPress addressing a persistent cross-site scripting (XSS) vulnerability after a researcher from Securify discovered an attacker could exploit the flaw to steal session tokens or a victim’s login credentials by creating a special image file containing malicious JavaScript code in the metadata that injects the code into a targeted Website when an administrator uploads the malicious image as a product image or gallery item. Source
Above Reprinted from the USDHS Daily Open Source Infrastructure Report