October 16, Securityweek – (International) Critical flaw patched in Akismet plugin for WordPress. Automattic released an update for the Akismet WordPress plugin versions 3.1.4 and earlier after security researchers from Sucuri discovered a cross-site scripting (XSS) vulnerability in the plugin that could allow an unauthenticated attacker to insert malicious code into the WordPress administration panel’s comments area by using emoticons. Source
October 16, Securityweek – (International) Nuclear EK generates Flash exploits on-the-fly to evade detection. Security researchers from Morphisec discovered that the Nuclear exploit kit (EK) is generating different variations of an Adobe Flash exploit on-the-fly throughout the day and changing host Web sites that victims are being directed to hourly in an effort to bypass detection. The EK also tracks victims’ Internet protocol (IP) addresses to prevent the same exploit combination being served to the same victim twice. Source