April 1, 2024 by Paul G. | Security, ShieldNOTES

ShieldNOTES Ep#7: AT&T, WP Migrate & The xz Backdoor

There’s a few big security news stories doing the rounds, here are a few of them:

#1 – Severe Vulnerability in WP Migrate Plugin

With 300K+ installs, this plugin is widely distributed.

How will I know I’m okay?
Upgrade the plugin to v2.6.11+

What’s the risk?
Object Injection: 10/10 severity.

Editor Comment
If you use ShieldPRO’s automatic upgrader for vulnerable plugins/themes, this will be done automatically for you.

More Info →

#2 – Massive AT&T Customer Data Leak

Data for 73Million+ customers (past and present) have been leaked.

What’s the risk?
If you’ve reused passwords/passcodes in other services, you should reset these. We urge vigilance as your information may be used in targeted phishing and fraud attacks.

Editor Comment
To ease the risk of password re-use, we recommend Password Managers (e.g. 1Password) so you don’t need to remember and re-use passwords/PINs.

More Info →

#3 – Linux xz Backdoor: 3 years in the making

This story is huge, a backdoor was gradually, covertly introduced into the xz utils linux package over the course of 3 years.

What’s Should I Do?
Unless you manage your own web servers, there’s little you can do except reach out to your webhost to ensure they’re on top of this. If you manage your own servers, it’s time to get reading & patching.

Editor Comment
Ensuring your webhost is on top of this is why it’s so important that your webhost is proactive and keeps their infrastructure secure. Choosing a good webhost is critical.

More Info →

#4 – Déjà Vu: WordPress 6.5 Imminent, Tomorrow

Due to a late-stage change, WP 6.5 was pushed back a week.

What’s New?
See here for a full breakdown of everything new.

Editor Comment
We particularly like the new Font Library feature.

More Info →

Thanks for reading, and have a fab week!

Paul Goodchild
Shield Security for WordPress

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials
@iot's Gravatar @iot

This is a great plugin

Thank you so much Devs for this awesome plugin.

@victorfreitas's Gravatar @victorfreitas

Very Good

It has been very useful.

@jonrittmann's Gravatar @jonrittmann

5 Stars to the great firewall

Get this firewall as soon as you create your WP site. . Works great and updates without problems

@cpinho's Gravatar @cpinho

Great Plugin, maybe the best around here for free!

I’ve tested and used several security plugins. But Shield was indeed the elected one. The free version is really complete and goes beyond the basic features. It covers almost all the needs i need. Realy great! Look forward for introduction of new features!

Leave a Comment

Your email address will not be published. Required fields are marked *

Click to access the login or register cheese