WordPress 4.7.1 - Security and Maintenance Release is now available

Less than a month after the release of version 4.7 “Vaughan”, WordPress releases version 4.7.1 of the most used CMS in the world.
This is a “security and maintenance” release which fixes 8 important vulnerabilities that affect all WordPress versions (4. included), in addition to 2 bugs of the previous version.
The 8 vulnerabilities, which are now fixed, include cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.

The update is available at the administration dashboard and at the official Website. We encourage you to update your installation as soon as possible.

Let us remind you the new features introduced with version 4.7 “Vaughan”:

  • Twenty Seventeen theme: it is an ambitious theme designed for business websites that focuses on a creative home page and an easy site setup experience for users
  • Video Headers: WordPress 4.7 extends the Custom Header feature to introduce support for video. Video headers play automatically, loop by default, and don't have sound. They work best when paired with an image, so they can progressively enhance the experience when video is supported.
  • Custom CSS: sometimes you just need a few more visual tweaks to make your site perfect, or a plugin adds something that doesn't quite look right with your site. WordPress 4.7 allows you to instantly see changes while adding custom CSS to give your site that polish.
  • PDF Preview: managing your document collection is easier with WordPress Version 4.7, which now shows preview thumbnails instead of a generic icon for PDFs in the media library.
  • REST API: API endpoints for WordPress content. WordPress 4.7 comes with REST API endpoints for posts, comments, terms, users, meta, and settings. Content endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, paving the way for new and innovative methods of interacting with your site.
  • Demo data: new data to show promptly the potentialities of the CMS to new users that will have a complete demo site
  • New menu: menu management has been improved by adding the possibility of organizing it before adding any content, in order to structure quickly the site.

 

Joomla 3.6.5 is now available

Joomla 3.6.5 is now available: this is a security release which aims to improve the overall security level of the CMS. 3 vulnerabilities and 3 system bugs have been fixed and security hardening best practices have been added in the code and user permissions management.

The update is available within the administration dashboard and on the official website. We encourage you to update your Joomla installation as soon as possible.

At the same time, version 3.7.0 Alpha 2 is available. This testing release follows the roadmap that will end up in the release of version 3.7 in late March.
Two new features are introduced: Multilingual Associations Manager, which allows to translate content within a single interface, and Backend Menu Manager, which allows to create a custom administration menu.
You can find the Alpha release for testing purposes here.

 

Visbot malware identified in 6691 online Magento shops

Visbot is a malware that attacks Magento ecommerce websites: it steals credit card data, encrypts it and hides it in images with a technique called steganography. The images are then sent to the hacker’s server.
The malware has been identified for the first time in March 2015, but its ability in hiding successfully in web servers and the difficulty in identifying the infection contributed to let it remain unknown.
Visbot doesn’t work on the frontend level by injecting infected code into webpages, instead it works in the backend without exposing itself; only server admins can identify it.

William de Groot, a security analysti for the Dutch company byte.nl, states in an article on his blog on his blog that Visbot has a weak point: its creator(s) uses an user agent to track all infected websites. But the same user agent can be used by a webmaster to find out it a Magento website has been infected by using a simple command as curl -LH 'User-Agent: Visbot/2.0 (+http://www.visvo.com/en/webmasters.jsp;This email address is being protected from spambots. You need JavaScript enabled to view it.)' \ http://magento-website-address.com or by using the MageReport service, which de Groot is one of the founders. This service identifies infected Magento websites.

A research performed by de Groot with MageReport identified 6691 online webshops infected by Visbot; de Groot then warned providers and Authorities.
The malware gains access to Magento websites with brute-force attempts or by leveraging vulnerabilities that haven’t been discovered yet: therefore if you manage a Magento ecommerce, or any other ecommerce system or CMS, be sure to adopt strong access credentials and update your system as soon as updates are available.

 

New WordPress features will require HTTPS

Matt Mullenweg, the founder of WordPress, announced on his blog  that the new features of the famous CMS will require the use of seure connections with the HTTPS protocol.
At the moment we don’t have a list of features that will be available only if SSL support is enabled.
The recent introduction of PHP7 played an important role in this decision: the new PHP version allows to take advantage of the secure protocol with a lower computational cost than the previous versions.
Google too takes SSL security seriously by taking HTTPS into account in the factors that determine the ranking of a website, and also by marking as insecure sites that are still available with HTTP connections.

banner eng

fb icon evo twitter icon evo

Word of the Day

The term Edge Computing refers, when used in the cloud-based infrastructure sphere, the set of devices and technologies that allows...

>

The acronym SoC (System on Chip) describes particular integrated circuit that contain a whole system inside a single physical chip:...

>

The acronym PtP (Point-to-Point) indicates point-to-point radio links realized with wireless technologies. Differently, PtMP links connects a single source to...

>

Hold Down Timer is a technique used by network routers. When a node receives notification that another router is offline...

>

In the field of Information Technology, the term piggybacking refers to situations where an unauthorized third party gains access to...

>
Read also the others...

Download of the Day

Netcat

Netcat is a command line tool that can be used in both Linux and Windows environments, capable of...

>

Fiddler

Fiddler is a proxy server that can run locally to allow application debugging and control of data in...

>

Adapter Watch

Adapter Watch is a tool that shows a complete and detailed report about network cards. Download it here.

>

DNS DataView

DNS DataView is a graphical-interface software to perform DNS lookup queries from your PC using system-defined DNS, or...

>

SolarWinds Traceroute NG

SolarWinds Traceroute NG is a command line tool to perform advanced traceroute in Windows environment, compared to the...

>
All Download...

Issues Archive

  •  GURU advisor: issue 21 - May 2019

    GURU advisor: issue 21 - May 2019

  • GURU advisor: issue 20 - December 2018

    GURU advisor: issue 20 - December 2018

  • GURU advisor: issue 19 - July 2018

    GURU advisor: issue 19 - July 2018

  • GURU advisor: issue 18 - April 2018

    GURU advisor: issue 18 - April 2018

  • GURU advisor: issue 17 - January 2018

    GURU advisor: issue 17 - January 2018

  • GURU advisor: issue 16 - october 2017

    GURU advisor: issue 16 - october 2017

  • GURU advisor: issue 15 - July 2017

    GURU advisor: issue 15 - July 2017

  • GURU advisor: issue 14 - May 2017

    GURU advisor: issue 14 - May 2017

  • 1
  • 2
  • 3
  • BYOD: your devices for your firm

    The quick evolution of informatics and technologies, together with the crisis that mined financial mines, has brought to a tendency inversion: users that prefer to work with their own devices as they’re often more advanced and modern than those the companies would provide. Read More
  • A switch for datacenters: Quanta LB4M

    You don’t always have to invest thousands of euros to build an enterprise-level networking: here’s our test of the Quanta LB4M switch Read More
  • Mobile World Congress in Barcelona

    GURU advisor will be at the Mobile World Congress in Barcelona from February 22nd to 25th 2016!

    MWC is one of the biggest conventions about the worldwide mobile market, we'll be present for the whole event and we'll keep you posted with news and previews from the congress.

    Read More
  • 1