More Than 8,800 WordPress Plugins Have Flaws

wordpress-Plugin-Vulnerability-574x270.jpg

Web application security firm RIPS Technologies researchers have recently analysed 44,70 WordPress Plugins out of the 48,000 Plugins present in the official WordPress plugins directory. They found that 8,800 of these Plugins have at least one vulnerability in them.

HOW THEY ANALYSED

First, the researchers downloaded all the plugins and then used a static code analyser to find the ones that have at least one PHP file. An analysis of the size of these plugins showed that roughly 14,000 of them have only 2-5 files and only 10,500 of them have more than 500 lines of code.

wordpress-plugin-size

Researchers determined that of the plugins with more than 500 lines of code, which have been classified as “larger plugins,” 4,559, or 43 percent of the total, contain at least one medium severity issue (e.g. cross-site scripting).

RIPS’s analysis showed that nearly 36,000 of the plugins did not have any vulnerabilities and 1,426 had only low severity flaws. Medium severity bugs have been identified in more than 4,600 plugins, while high and critical security holes have been found in 2,799 and 41 plugins, respectively.

Between January and December 2016, a honeypot operated by RIPS captured more than 200 attacks targeting WordPress plugins, including 69 against Revolution Slider, 46 against Beauty & Clean Theme, 41 against MiwoFTP and 33 against Simple Backup. These attacks involved easy-to-exploit vulnerabilities that were known and well documented.

RIPS pointed out that they may not have found all the vulnerabilities affecting the plugins they analysed, and it’s uncertain if the flaws they identified are exploitable.

wordpress-Plugin-Vulnerability-574x270.jpg

FBI Agrees With CIA That Russia Hacked USA Election To Win Trump

hqdefault

Recently CIA released a report saying that it concluded Russia helped cyber attacks in an effort to disrupt the US’s presidential election and to win Donald Trump.

Citing an internal CIA memo, the Washington Post reports that FBI director James Comey has endorsed the CIA’s assessment, along with Director of National Intelligence James Clapper, meaning the US’s three main intelligence agencies are now in agreement. The memo, from CIA Director John Brennan, read as follows:

“Earlier this week, I met separately with (Director) FBI James Comey and DNI Jim Clapper, and there is strong consensus among us on the scope, nature, and intent of Russian interference in our presidential election.”

“The three of us also agree that our organizations, along with others, need to focus on completing the thorough review of this issue that has been directed by President Obama and which is being led by the DNI.”

The CIA’s investigation found that Russian government hackers had a clear goal of helping Trump win the election. These cyber attacks weren’t attempts to tamper with election results, but rather the hackers stole data from both the Republican National Committee and Democratic National Committee, but only the latter’s was made public.

The full details of the CIA’s report are of course classified, but when it first made news, some Republican lawmakers tried to argue that the FBI wouldn’t necessarily agree with the assessment. Trump, meanwhile, continues to spout that his election had nothing to do with Russian involvement.

Source: Washington

A New Tordow Malware on Android can Root your devices

tordow-android-banking-trojan-root-privileges-800x445

The devices which are running android Operating System are affected by a modified version of the Tordow Malware, The original malware was released at the start of the Q1.

The base version of the Malware tries to access the Root user privileges to steal your passwords.
It is trojan horse where it attempts to get full control and then perform tasks such as controlling phone calls, SMS and it will even try to install apps and rename the core files of the android.

How does the malware enter the Phone

The malware spreads through the apps which are downloaded from the Third Party Sources, to So we suggest staying away from those stores and download apps from the sources that your trust, which reduces the probability your begin affected by the malware.

Comodo says attackers download these apps, reverse-engineer them to inject the malware, and then reupload the apps in the stores. Titles such as Pokemon Go, Telegram, and Subway Surfers have already been infected, so you better stick to the official Play Store to remain secure.

Since they are delivered as APK files, these applications can also spread via social media or other sites, so it’s important to always download from sources that you can trust.

How does it enter your phone.

Once the App got installed in the victim’s phone it tries to gain root privileges and establishes a connection to the command center to await the further instructions.

So that attackers can execute any command they want on your phone, The malware has mostly targeted the bank apps in your mobile and financial information.

Removing Tordow from an infected device is particularly difficult since it gets root access, so flashing a new firmware might be the best way to do it, as deleting the source app that led to the infection does virtually nothing. .

‘Originull’ Bug Allows Hackers To Read All Your Facebook Messenger Chats

facebook-messenger-hack
Security firm Cynet has discovered a critical issue that affects the privacy of 1-billion Facebook Messenger users. Dubbed Originull, this flaw is also expected to affect millions of other websites using origin null restriction checks. Facebook has fixed this issue after it was reported by the firm.

Facebook, with the help of its Messenger and WhatsApp instant messaging application, has managed to replace the conventional text messages. Now, more than 1 billion active monthly users trust Facebook Messenger with their conversations. In the recent times, the social network has worked hard to add new features and develop it as a platform.

Earlier this week, Cynet reported a critical vulnerability that was spotted on Facebook. This hack, dubbed “Originull,” potentially affects millions of website that use origin null restriction checks and exposes the website visitors to malicious elements.

The vulnerability being talked about is a cross-origin bypass attack that lets an attacker use some external website and read a Facebook user’s private messages. This flaw affects Facebook’s mobile app as well as the website.

Usually, your browser protects you from such hacks by only allowing Facebook pages to fetch the information. However, due to this bug, Facebook opens a bridge that allows the subsites of the social network to access the information.

A security researcher of Cynet, Ysrael Gurt, discovered a flaw in the way Facebook manages the identity of these subsites. To exploit the flaw, a hacker needs to fool a Messenger user into visiting a malicious website.

BEWARE !! Affordable Android Devices Comes With Preloaded Malware

android-malware-radioactive

Russian security company Dr. Web, which also makes a PC antivirus solutionbearing the same name, warns that it discovered a total of 26 smartphone models running Android and infected with malware that’s injected in the stock firmware they are shipped with.

Most of the models on the list, which you find in full at the end of the article, are smartphones sold on the Russian market and based on the MTK platform, which is a chipset developed by Taiwan-based MediaTek. The list includes phones sold by Prestigio, Irbis, MegaFon, and SUPRA.

The security firm says all these models are shipped with a Trojan called Android.DownLoader.473.origin, which is a downloader that automatically starts when the device is powered on.

Once an Internet connection is detected, the Trojan connects to a C&C server and waits for instructions, while at the same time downloading and installing an application called H5GameCenter. In its turn, this application comes with an aggressive form of adware, which the security company flags as Adware.AdBox.1.origin.

“Once installed, it displays a small box image on top of running applications. The image cannot be removed from the screen. It is a shortcut clicking on which opens a catalog integrated into Adware.AdBox.1.origin. In addition, the Trojan shows advertisements,” the security firm said.

If users attempt to remove the H5GameCenter app from their smartphones, the Trojan automatically downloads and installs it again at a later time, without notifying users.

Dr. Web says it also discovered a Trojan on Lenovo A319 and Lenovo A6000, which is part of an application called Rambla and which deploys a software catalog on affected devices.

The Trojan is flagged as Android.Sprovider.7 and makes it possible for attackers to download APK files and install them on target smartphones, make phone calls to specific numbers, show ads, upload infected files, and open malicious links in browsers.

“It is known that cybercriminals generate their income by increasing application download statistics and by distributing advertising software. Therefore, Android.DownLoader.473.origin and Android.Sprovider.7 were incorporated into Android firmware because dishonest outsourcers who took part in creation of Android system images decided to make money on users,” the security firm said.

Android vendors whose devices come with Trojans have already been contacted by the firm and users who purchased one of the smartphones confirmed to come with malware are recommended to contact the manufacturer for support.

Intellij IDEA Adds JUnit 5 Support

A second update this year for IntelliJ IDEA,  JetBrains’ Java IDE for web, desktop and mobile development, has been released with a mix of fixes and new features.

The new release, IntelliJ IDEA 2016.2, has a new combined Watches and Variables view for the debugger, part of a drive to increase the amount of space while not losing information for developers.

For More Click Here

JDK 9 Release Slips Again

Java developers are going to have to wait a bit longer for JDK 9 – four months longer, in fact. If you’re thinking that this sounds familiar, that’s because Oracle has already moved the release date from this month to next March. The new delay will take the release date through to sometime in July 2017.

The news of the delay came on the Java developers mailing list where Mark Reinhold, chief architect of the Java Plaform Group at Oracle, posted an update announcing that while a lot of progress has been made on the main new feature, Project Jigsaw:

“at this point it’s clear that Jigsaw needs more time.”

Project Jigsaw is intended to offer a way for Java programmers to write code consisting of independent modules. Jigsaw will define a standard module system for the Java platform and that will be used to modularize the platform itself and applications. Jigsaw, along with Lamda and Coin, was originally intended to be in Java 7 and all three of these were held over to be in Java 8. Jigsaw missed Java 8 and is obviously still holding up JDK 9.

Discussing Jigsaw, Reinhold said on the mailing list:

“We recently received critical feedback that motivated a redesign of the module system’s package-export feature, without which we’d have failed to achieve one of our main goals. There are, beyond that, still many open design issues, which will take time to work through.”

Adding weight to the need for a delay, he also said that:

“the number of open bugs that are new in JDK 9 is quite a bit larger than it was at this point in JDK 8.”

In view of this, the suggestion is that the release will be delayed for another four months. On the whole, the developers on the mailing list were in favor of the delay; no-one wants JDK 9 to arrive without a working Project Jigsaw.

For More……

The Fastest Way to Alphabetize Your Bookshelf

If you have a lot of books on your bookshelf, alphabetizing it by author or title will make it easier to find specific books in the future. Here’s the fastest way to do it.

In this video from the TED-Ed YouTube channel, software engineer and educator Chand John explains how a simple sorting algorithm can get your bookshelf organized in no time. It’s called “QuickSort,” and it’s used by programmers in all kinds of applications. Online stores use it to sort items by price, and GPS maps use it to show you the nearest gas stations.

Start by pulling one book from the center of your shelf. This is your partition book. Compare every book on the shelf to your partition book, then place every book that goes before it on the left, and every book that goes after it on the right. Now select another partition book in the middle of each partition and go through the same sorting process as shown in the video. You should be left with books all fairly close to where they need to be, and you can sort the rest with only a few swaps. Of course, if you’re not into alphabetizing, there are other ways to plan out your bookshelves.

China didn’t steal your job—I did

global_prospects_china_united_states_of_america_economy_technology_binary_cooperation_competition_thinkstock_471488676-100610307-large

The most discussed issue in the last election was the plight of the so-called white working class. The story goes that hardworking people had their jobs shipped to Mexico thanks to NAFTA. The second idea is that immigrants have stolen working-class jobs. The kicker is to blame the nation of China.

These ideas attempt to explain why the Rust Belt is idle, but they’re all wrong. Neither the Mexicans nor the Chinese stole those jobs. I did.

I didn’t do it alone, of course. You and the other members of the technology industry that came before us did the bulk of the work. And guess what? If factories come back to the United States as a result of new policy, they will be run by robots…To be continue…