WordPress 4.7.3 is now available with patches for six security vulnerabilities that affect version 4.7.2 and all previous versions. WordPress.org is strongly encouraging users to update their sites immediately.
A new ransomware campaign is targeting Google Chrome users. If Chrome users visit a compromised site, an alert will pop up prompting the user to “update” a Chrome font extension. The false update claims it need to execute because Hoefler Text is not found. Although this text font is legitimate, the update is not.
At the end of January, WordPress 4.7.2 was released to fix four security issues, three of which were disclosed at the time of the release. The fourth and most critical issue, an unauthenticated privilege escalation vulnerability in a REST API endpoint, was fixed silently and disclosed a week after the release. This vulnerability allows anyone with the right know-how to edit the content of your site without needing a valid username and password.
If you haven’t yet updated to 4.7.2 and your site is running 4.7.0 or 4.7.1, you are at risk for content injection.
Office 2016 is the recommended version of Office 365 ProPlus and includes all the latest upgrades and new features. As we announced in September 2015, when we released Office 2016, beginning March 1, 2017, the Office 2013 version of Office 365 ProPlus will no longer be available for installation from the Office 365 portal.
Following Microsoft withdrawing support for Internet Explorer 8, 9 and 10 at the start of 2016 and switching to a "security only" update model for Internet Explorer 11 (with no functionality issues being considered for fixes if the issue had already been resolved in Microsoft Edge) we are calling time on Internet Explorer as a "current" browser.
Starting from the 16th January 2017 if you host your WordPress or Drupal website with O'Brien Media you'll notice a change to out enhanced CMS software reminder service. We hope these changes will help you to keep your site updated (and secure!) by sending notifications out within a few hours of release by WordPress and Drupal developers.
You can use this to post advice or reminders to logged in users when they need to perform different tasks. All you have to do is add the
On the 25th of December 2016, a security researcher disclosed a critical remote code execution flaw within a popular programme used to send emails from websites and web applications including systems such as WordPress and Drupal. If you are unfamiliar with security vulnerabilities a RCE, or remote code execution vulnerability is the worst-case-scenario. They allow an attacker to execute their own code on a victim website and thereby take control of the website.
A secure version of PHPMailer has now been released (as of the 11th January 2017) and updated versions of WordPress, and affected Drupal modules, have been made available and we are asking all customers who do not have support agreements in place to ensure that these updates are installed as soon as possible to ensure that your website remains secure.
If you need assistance installing these updates on your WordPress or Drupal based website please email [email protected] with your website details. If you have a monthly support agreement in place we will be installing the relevant updates on the 12th January 2017 and will issue confirmation emails once updates have been installed.
