Join our subscribers
Patch takeover: App developers, like WordPress, left to weigh backlash of forced security updates
Friday, October 30, 2020
In an uncommon move, WordPress developers earlier this month automatically pushed an important security update for the popular Loginizer plug-in to roughly 1 million people, which caught some unsuspecting users off-guard in the process.
“I think users should be grateful to WordPress for taking care of their website security,” agreed Ilia Kolochenko, founder and CEO of ImmuniWeb. “Given the critical risk of the vulnerability and the ease of exploitation, unpatched plug-ins are a major risk not only for careless website owners but for the integrity of their website visitors, whose confidential data and PII may be stolen and then sold or exploited.”
“Furthermore, attackers can likewise install a sophisticated malware on the compromised website and infect visitors’ computers or mobile devices with a ransomware.”
Kolochenko went so far as to say such forced updates should be made on a regular basis for its WordPress’s popular plugins.
Of course, there are potential pitfalls to such a strategy. Read Full Article
Threatpost: REvil Gang Promises a Big Video-Game Hit; Claims Massive Revenue
teiss: Hackers steal personal data of Google employees after breaching US law firm
