Security News from Around the Web

Jumble of news headlines

The articles below contain news and updates on current or recent online security news from around the web. They alert you to new threats as they emerge and suggest how you can defend yourself against them.

If you have any questions on anything please get in touch!

Sucuri’s 2019 Website Threat Report

Sucuri 2019 website threat report.

Sucuri, a world-leading online security company, has released its report into the threats to websites that it investigated, researched and resolved during 2019. Just a couple of points from me:‘My website is too small to be hacked’ is not a defence! The hackers do not care how big or small your website is – they… Read more

Bypass Glitch in Wordfence 7.1.12 Enabled Username Discovery

Wordfence Plugin Header from WordPress Plugin Page

Alert from the the WPScan Team: a glitch in Wordfence version 7.1.12 enabled people to discover usernames if they did the username query using the ‘WWW’ version of the domain name. This was fixed in version 7.1.14 – make sure you have updated..! Stay safe, Martin MaldenOwner – WP Security Basics P.S.Is your WordPress website… Read more

Vulnerability in the Breadcrumbs NavXT Plugin – Make Sure You Have Updated

There is a vulnerability in version 6.1.0 of the Breadcrumbs NavXT plugin – an excellent plugin (which I use on this site) for placing breadcrumbs on your WordPress installation. Version 6.1.0 had a weakness that allowed your username to be revealed via the REST API. The current version is 6.2.0. Make sure you have updated… Read more

Vulnerability in Old Versions of Duplicator Plugin Enabling Hacks of WordPress

WordPress Duplicator Plugin

A heads up from our friends at Sucuri: A vulnerability in old versions of the WordPress Duplicator plugin by Snap Creek is enabling hackers to either remove or re-write the wp-config.php file, which breaks the affected sites. This affects Duplicator versions lower than 1.2.42, and which have these specific characteristics:The installer.php file must have been… Read more

9 Security Flaws in Firefox – Make Sure You Update

Firefx Logo

Just heard from the guys at WordFence that Mozilla released an advisory explaining that nine security flaws had been discovered in Firefox 61. A new version had been released, and as long as you have automatic updates enabled Firefox will update itself. If you don’t have automatic updates enabled then you will need to do… Read more

Phishing Attack on WordPress Websites

The guys over at Sucuri have warned that a phishing attack is currently being run on WordPress websites. It appears that WordPress users are receiving an email that looks like an official email from WordPress, telling the recipients that their website database is out of date and needs to be updated. Here’s a version: There… Read more