Advertisement
<a href="http://krebsonsecurity.com/adobe-microsoft-wordpress-issue-security-fixes/?administer_redirect_13=http://abaca.com/free_trial.html"><img src="/a-ab/missing.gif" /></a>
  • About the Author
  • About this Blog

    • Posts Tagged: wordpress

    Latest Warnings / Time to Patch32 Comments
    9
    Feb 11

    Adobe, Microsoft, WordPress Issue Security Fixes

    Talk about Patch Tuesday on steroids! Adobe, Microsoft and WordPress all issued security updates for their products yesterday. In addition, security vendor Tipping Point released advisories detailing 21 unpatched vulnerabilities in products made by CA, EMC, HP, Novell and SCO.

    Microsoft’s bundle includes a dozen updates addressing at least 22 security flaws in its Windows operating system and other software. Five of the vulnerabilities earned a “critical” rating, Redmond’s most serious. Six of the Windows flaws fixed in today’s release have been public for some time, although security experts at Symantec say they’re only aware of one of the flaws being actively exploited in the wild — a bug in the way Internet Explorer handles cascading style sheets. Updates are available through Windows Update or Automatic Update.

    Microsoft also issued an update that changes the default behavior in Windows when users insert a removable storage device, such as a USB or thumb drive. This update effectively disables “autorun,” a feature of Windows that has been a major vector for malware over the years. Microsoft released this same update in February 2009, but it offered it as an optional patch. The only thing different about the update this time is that it is being offered automatically to users who patch through Windows Update or Automatic Update.

    Update, Feb. 18, 11:56 a.m. ET: As F-Secure notes in a useful blog post, Microsoft has once again failed to disable auto-run, because this update is not offered by default, as Microsoft previously indicated.

    Original story:

    Adobe released an update for its Acrobat and free PDF Reader software that that fixes at least 29 security problems with these products. Adobe is urging users of Adobe Reader X (10.0) and earlier versions for Windows and Macintosh to update to Adobe Reader X (10.0.1), available now. Adobe says that an update to fix these flaws in UNIX installations of its products is expected to be available by the week of February 28, 2011.

    Continue reading →

    A Little Sunshine / Latest Warnings / Web Fraud 2.033 Comments
    9
    Apr 10

    Hundreds of WordPress Blogs Hit by ‘Networkads.net’ Hack

    A large number of bloggers using WordPress are reporting that their sites recently were hacked and are redirecting visitors to a page that tries to install malicious software.

    According to multiple postings on the WordPress user forum and other blogs, the attack doesn’t modify or create files, but rather appears to inject a Web address — “networkads.net/grep” — directly into the target site’s database, so that any attempts to access the hacked site redirects the visitor to networkads.net. Worse yet, because of the way the attack is carried out, victim site owners are at least temporarily locked out of accessing their blogs from the WordPress interface.

    It’s not clear yet whether the point of compromise is a WordPress vulnerability (users of the latest, patched version appear to be most affected), a malicious WordPress plugin, or if a common service provider may be the culprit. However, nearly every site owner affected so far reports that Network Solutions is their current Web hosting provider.

    Network Solutions spokeswoman Susan Wade said the company is investigating the attacks, and that the company believes the problem may be related to a rogue WordPress plugin. Wade added that the attacks weren’t limited to just Network Solutions customers (although the company hasn’t supplied the author with any evidence to support that claim yet).

    Continue reading →