There’s a few big security news stories doing the rounds, here are a few of them:
#1 – Severe Vulnerability in WP Migrate Plugin
With 300K+ installs, this plugin is widely distributed.
How will I know I’m okay?
Upgrade the plugin to v2.6.11+
What’s the risk?
Object Injection: 10/10 severity.
Editor Comment
If you use ShieldPRO’s automatic upgrader for vulnerable plugins/themes, this will be done automatically for you.
#2 – Massive AT&T Customer Data Leak
Data for 73Million+ customers (past and present) have been leaked.
What’s the risk?
If you’ve reused passwords/passcodes in other services, you should reset these. We urge vigilance as your information may be used in targeted phishing and fraud attacks.
Editor Comment
To ease the risk of password re-use, we recommend Password Managers (e.g. 1Password) so you don’t need to remember and re-use passwords/PINs.
#3 – Linux xz Backdoor: 3 years in the making
This story is huge, a backdoor was gradually, covertly introduced into the xz utils linux package over the course of 3 years.
What’s Should I Do?
Unless you manage your own web servers, there’s little you can do except reach out to your webhost to ensure they’re on top of this. If you manage your own servers, it’s time to get reading & patching.
Editor Comment
Ensuring your webhost is on top of this is why it’s so important that your webhost is proactive and keeps their infrastructure secure. Choosing a good webhost is critical.
#4 – Déjà Vu: WordPress 6.5 Imminent, Tomorrow
Due to a late-stage change, WP 6.5 was pushed back a week.
What’s New?
See here for a full breakdown of everything new.
Editor Comment
We particularly like the new Font Library feature.
Thanks for reading, and have a fab week!
Paul Goodchild
Shield Security for WordPress