We cover quite a few news stories this week, including two plugins requiring immediate updating due to disclosed vulnerabilities, what we can expect from WordPress version 5.2 and a dark web marketplace that appears to have exit scammed users. We follow up on Google Sensorvault, a great interview with Richard Stallman about Facebook and JetBlue’s use of facial recognition technology. We take a look at GoDaddy’s removal of 15,000 spam subdomains, the Docker breach and Slack’s upcoming IPO and their dire warning to investors.
This week, I chat with Jon Brown, CEO of 9seeds, a digital agency. We chatted at Chris and Katie Bayer’s Black Mountain Coffee Roastery in Idyllwild, California. Jon and I talk about running an agency, remote work, being a digital nomad and of course, WordPress. We had a great conversation, and I think you’ll enjoy it.
Here are approximate timestamps in case you want to jump around:
1:15 WordPress plugin WooCommerce Checkout Manager vulnerabilities
3:40 Buddy Press vulnerabilities disclosed
4:42 WordPress 5.2 expected release
9:27 Dark web marketplace exit scammed
12:20 Congress asking questions about Google Sensorvault
14:39 Richard Stallman on Facebook
21:10 JetBlue facial recognition
26:17 GoDaddy spammy subdomain
29:25 IoT devices with P2P component flaws vulnerable
32:12 Docker breach
37:33 The Slack pre-IPO SEC disclosure
41:39 The Jon Brown Interview
Find us on your favorite app or platform including iTunes, Google Podcasts, Spotify, YouTube, SoundCloud and Overcast.
Click here to download an MP3 version of this podcast.
This week in the news we cover:
- Vulnerabilities found and patched in the WooCommerce Checkout Manager plugin that provides customization of fields on checkout pages.
- BuddyPress release version 4.3.0 contains a number of security patches.
- WordPress version 5.2 will contain a number of improvements to Gutenberg, Site Health dashboard, and accessibility for wp-admin dashboard. A new fatal error recovery mode will create fewer problems for site owners if a plugin or theme update if there is a problem.
- The dark web marketplace Wall Street Market (WSM) has exit scammed with over $14.2M in user funds.
- Congress is asking for details about the Google Sensorvault program we previously discussed on the podcast.
- Richard Stallman, founder of the Free Software Foundation and author of the GPL, was interviewed about Facebook the surveillance monster feeding on our personal data.
- JetBlue is leveraging use of facial recognition software and a Homeland Security database which is concerning to those who were unaware of its use.
- GoDaddy has taken down over 15,000 subdomains that have been used for online scams after a Palo Alto Network two-year research project.
- Over two million IoT devices are vulnerable because of P2P component flaws.
- Hackers have breached Docker Hub, a programming tool used by developers, compromising keys and tokens for over 190,000 accounts.
- In preparation for their IPO, Slack warns investors that they’re a target for nation-state hacking as well as other hackers.
You can find me on Twitter as @mmaunder and Kathy as @kathyzant, and Jon Brown at @jb510 or at 9seeds.com. Please don’t hesitate to post your feedback in the comments below.
The post Podcast Episode 9: The Jon Brown Interview and Vulnerabilities, The Dark Web, Scams, Oh My! appeared first on Wordfence.
Source: Security Feed