Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On October 19, 2016

October 18, Softpedia – (International) WordPress sites under attack via security flaw in unmaintained plugin. Security researchers from White Fir Design discovered the WordPress Marketplace plugin was plagued with an arbitrary file upload vulnerability that could allow an attacker to upload arbitrary files on Websites with the plugin installed and potentially take over a site’s underlying server. The researchers discovered the flaw after detecting scans for the plugin’s Cascading Style Sheets (CSS) file on multiple Websites. Source

October 18, SecurityWeek – (International) Magneto malware hides stolen card data in image files. Sucuri researchers discovered malicious actors were using real image files related to an online store’s products to plant payment card-swiping malware on Websites running the Magneto ecommerce platform in order to exfiltrate stolen card data via email or by including it in a file that the attacker later retrieves. Sucuri advised online stores to keep all their software updated in order to protect their Websites from the malware. Source

Above Reprinted from the USDHS Daily Open Source Infrastructure Report

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.