CMS

Joomla 3.8.3 is now available
Joomla 3.8.3 is now available; this is a security release that doesn’t introduce any new feature, rather it fixes security issues and improves performances.
In particular, this release adds support for PHP 7.2 multiple download sources on update servers (AKA download mirrors), TinyMCE has been updated to version 4.5.8, improvements for multilingual support and search performances for big sites. A complete list of fixes is available at this address.
This version is available within the admin console or at this address.

Meanwhile, the Alpha 1 version of the upcoming Joomla 4.0 is available. The preview include new Bootstrap 4 templates, removal of obsolete functions, a new installation wizards, integration of Joomla Framework packages and a renewed Application for Consoles.

WordPress 4.9 is now available
WordPress 4.9, nicknamed “Tipton”, is now available. This version introduces several new features, including a Customizer with new features, improvements to the system code, new widgets and several new features for developers like improved JavaScript API customizer, CodeMirror (a new library for code revision), MediaElement.js update to version 4.2.6 and other improvements to plugin and translation files management.
This version is available in the administration console or at this address.
Version 4.9.1 is available as well. This is a security release that doesn’t introduce any new feature, rather it fixes security issues. Improvements of this release include a properly generated hash for the newbloguser key instead of a determinate substring, addition of escaping to the language attributes used on html elements, ensuring the attributes of enclosures are correctly escaped in RSS and Atom feeds and removal of the ability to upload JavaScript files for users who do not have the unfiltered_html capability.
Eleven additional bugs have been fixed, including issues relating to the caching of theme template files, a MediaElement JavaScript error preventing users of certain languages from being able to upload media files and the inability to edit theme and plugin files on Windows based servers.

Further information about this version are available at this address.

 

Keylogger found in more than 5.000 WordPress sites
More than 5.000 WordPress sites contain a malware related to the cloudflare.solutions domain, which is no-way affiliated with CloudFlare, as Sucuri reports in this article.
The malware contains a keylogger that records every key input (including access credentials and credit card data) and a JavaScript script (CoinHive) that mines crypto-currencies.
As a remediation, Sucuri suggests to check the functions.php file of the theme being used and delete the add_js_scripts function and any reference to it in the add_action parts and change password and username used to access the site.

Magento security updates are available
Magento rebranded their products (Magento Community Edition is now Magento Open Source and Magento Enterprise Edition is now Magento Commerce) and released security updates for the releases Magento Commerce 1.14.3.7, Magento Open Source 1.9.3.7 and SUPEE-10415 (a patch for Magento 1.x versions and older) that fix issues related to Cross-site Request Forgery (CSRF), Denial-of-Service (DoS) and Remote Code Execution vulnerabilities for logged Admins.
Further information, including update instructions, are available at this address.
Moreover, Magento released the Security Scan tool for both Commerce and Open Source edition that performs a real-time analysis and suggests remediation for any security issue of the e-commerce site it scans. Aimed to the B2B sector, Magento has published the “B2B Commerce Best Practices” ebook and the Magento B2B Resource Hub, which contains strategies, tactics, advice and suggestions.

Released PHP 7.2.0
The new release of PHP 7.2.0 is now available.
The new feature of this version include the conversion of numeric keys in object/array casts, the counting of non-countable objects, hashContext as Object, Argon2 in password hash, improved TLS constants to sane values, Mcrypt extension removed and a new sodium extension.
A complete list of new features and bugfixes is contained in the changelog files available at this address.

WordPress’ bbPress is vulnerable to SQL Injection attacks
Sucuri warns in a detailed post that the bbPress plugin for WordPress is vulnerable to SQL Injection attacks.
bbPress transform a WordPress site in a forum, and it’s used by more than 300.000 users; the vulnerability is due to an improper use of a database abstraction class, as it happened some time ago with the Netxtend Gallery plugin.
Actually the vulnerability is fixed by simply updating WordPress, but bbPress hasn’t released a patch yet according to the release notes. Sucuri warned developers last march, the security disclosure documentation is available at this address.

WordFence finds vulnerabilities in Formidable Forms, Duplicator and Yoast SEO WordPress plugins
WordFence (now called Defiant) has found several vulnerabilities in popular WordPress plugins.
In particular, Formidable Forms 2.05.02 and older suffer from SQL Injection, Cross Site Scripting and Remote Code Execution attacks, Duplicator 1.2.28 and older and Yoast SEO 5.7.1 and older suffer from Cross Site Scripting attacks.
Dedicated updates for each plugin that fix any problem are available.

banner eng

fb icon evo twitter icon evo

Word of the Day

The term Edge Computing refers, when used in the cloud-based infrastructure sphere, the set of devices and technologies that allows...

>

The acronym SoC (System on Chip) describes particular integrated circuit that contain a whole system inside a single physical chip:...

>

The acronym PtP (Point-to-Point) indicates point-to-point radio links realized with wireless technologies. Differently, PtMP links connects a single source to...

>

Hold Down Timer is a technique used by network routers. When a node receives notification that another router is offline...

>

In the field of Information Technology, the term piggybacking refers to situations where an unauthorized third party gains access to...

>
Read also the others...

Download of the Day

Netcat

Netcat is a command line tool that can be used in both Linux and Windows environments, capable of...

>

Fiddler

Fiddler is a proxy server that can run locally to allow application debugging and control of data in...

>

Adapter Watch

Adapter Watch is a tool that shows a complete and detailed report about network cards. Download it here.

>

DNS DataView

DNS DataView is a graphical-interface software to perform DNS lookup queries from your PC using system-defined DNS, or...

>

SolarWinds Traceroute NG

SolarWinds Traceroute NG is a command line tool to perform advanced traceroute in Windows environment, compared to the...

>
All Download...

Issues Archive

  •  GURU advisor: issue 21 - May 2019

    GURU advisor: issue 21 - May 2019

  • GURU advisor: issue 20 - December 2018

    GURU advisor: issue 20 - December 2018

  • GURU advisor: issue 19 - July 2018

    GURU advisor: issue 19 - July 2018

  • GURU advisor: issue 18 - April 2018

    GURU advisor: issue 18 - April 2018

  • GURU advisor: issue 17 - January 2018

    GURU advisor: issue 17 - January 2018

  • GURU advisor: issue 16 - october 2017

    GURU advisor: issue 16 - october 2017

  • GURU advisor: issue 15 - July 2017

    GURU advisor: issue 15 - July 2017

  • GURU advisor: issue 14 - May 2017

    GURU advisor: issue 14 - May 2017

  • 1
  • 2
  • 3
  • BYOD: your devices for your firm

    The quick evolution of informatics and technologies, together with the crisis that mined financial mines, has brought to a tendency inversion: users that prefer to work with their own devices as they’re often more advanced and modern than those the companies would provide. Read More
  • A switch for datacenters: Quanta LB4M

    You don’t always have to invest thousands of euros to build an enterprise-level networking: here’s our test of the Quanta LB4M switch Read More
  • Mobile World Congress in Barcelona

    GURU advisor will be at the Mobile World Congress in Barcelona from February 22nd to 25th 2016!

    MWC is one of the biggest conventions about the worldwide mobile market, we'll be present for the whole event and we'll keep you posted with news and previews from the congress.

    Read More
  • 1