This week, we discuss active exploitation of a plugin vulnerability in the wild, an extortion scam hitting numerous website owners, exposure of Industrial Control Systems to attackers as well as a CBP breach affecting travelers in the United States. We also talk about an email server vulnerability and what to do in a SIM port attack.
Here are approximate timestamps in case you want to jump around:
0:35 User Submitted Posts Plugin Vulnerability Seeing Attacks
4:20 An extortion scam is threatening website owners & how to protect your site
10:10 CBP breach of license plates and facial recognition data affecting US travelers
16:54 WordPress accessibility proposal
25:25 Google Cloud outage affects numerous services
26:59 State of Industrial Control Systems in Poland and Switzerland
36:00 Severe RCE in Exim mail transfer agent
37:09 What to do when SIM swapping happens to you
Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.
Click here to download an MP3 version of this podcast. Subscribe to our RSS feed.
This week in the news we cover:
- We’re seeing active attacks looking to exploit vulnerability in an older version of User Submitted Posts plugin.
- A new extortion scam is threatening site owners with spam blacklists to ruin site reputations. How to tell if your site’s IP is on a blacklist.
- CBP says traveler photos and license plate images stolen in data breach.
- A recent proposal to solve accessibility concerns with WordPress.
- A recent outage that started with Google Cloud took down more than Google Cloud.
- A new tool collects data about accessibile information connected to Industrial Control Systems in Poland and Switzerland which illustrates the importance of securing systems from internet access.
- A severe RCE vulnerability in Exim, mail transfer agent on Unix.
- An in depth and long article details what to do when SIM-Swapping happens to you.
You can find Mark on Twitter as @mmaunder and Kathy as @kathyzant. Please feel free to post your feedback in the comments below.
The post Podcast Episode 21: New Plugin Vulns Exploited in the Wild, an Extortion Scam and the CBP Data Breach appeared first on Wordfence.
Source: Security Feed