Posted on March 5, 2019.

6 Year Flaw Discovered in WordPress CMS

A group of cybersecurity researchers have recently shared their completed, in-depth exploration of a WordPress vulnerability impacting all versions of the CMS released during the previous 6 years.

The vulnerability surrounds a remote code execution attack, which allows hackers with authorship privileges the ability to complete a full remote takeover. To learn more, the research team responsible for these findings, RIPS Technologies GmbH, have created a video demonstration of how the attack works.

Vulnerabilities Located in Popular Password Management Platforms

The Independent Security Evaluators research team has published a new study which suggests top password manager products are equipped with flaws that put data at risk, as opposed to protecting it.

The report is titled “Under the Hood of Secrets Management,” and has exposed platforms such as 1Password, KeePass and LastPass as being vulnerable to password extraction. Specifically, the ISE team discovered that in certain instances, the master password of these platforms was residing in the computer’s memory in a plaintext readable format.

Fast Food Chain Paying $50M in Data Negligence Settlement

Popular fast food chain Wendy’s will pay $50 million to settle claims relating to a 2015-16 data breach. The breach impacted over 1,000 Wendy’s locations and countless victims.

The data breach consisted of stolen payment card data which was then used for fraudulent purchases at other unrelated merchant stores. The settlement includes attorney costs and, in a press release, the fast food chain has shared $27.5 million of the settlement will be it’s own funds after exhausting insurance.

Nest Microphone is No Longer a Secret

Following Google’s announcement that Nest would be receiving a virtual-assistant update, many users were left feeling surprised, as the built-in microphone had been a secret.  

The microphone’s existence was never disclosed within product material or guides. Business Insider reports, “the news comes as consumers have grown increasingly wary of major tech companies and their commitment to consumer privacy.”

Over $140M in Losses After CEO’s Death with Only Known Password

QuadrigaCX, the largest bitcoin exchange in Canada, has lost nearly $140 million after the death of Gerry Cotten, CEO.

Cotten’s unexpected passing has resulted in the exchange being without access to its offline storage wallets. Per the Hacker News, “Cotten was the only person who had the private keys to the wallet and no other members of the team, including [his widow], has the password to decrypt it.”