Monday, 3 April 2017

BlogVault Security Update After the Hack


On February 6, I had written a blog post regarding a possible security breach at BlogVault. Since then we have been conducting a thorough investigation into the issue. We have concluded the investigations. This post outlines its results. No Data Breached
In our previous communication with you, we had mentioned that there had been a data breach. After detailed investigations, we found that the issue was a vulnerability in the BlogVault plugin, and none of the data on our servers were exposed.
We have ensured to cover every aspect of our system in our investigations, which involved inspecting the logs for our system as well as that of affected and unaffected sites. We also reviewed the attack payload with great detail.
BlogVault Plugin Vulnerability Fixed in Version 1.45
On Feb 4, we learned that we were using ‘unserialize’ PHP function on unverified data in BlogVault plugin versions 1.40 to version 1.44. We fixed it on the same day (Feb 4) with plugin version 1.45.
However, we had assumed the worst, and communicated with our customers the same day about the security issue. Following this, we also made a public announcement about it via a blog post.
Since then, we have thoroughly
Source: https://managewp.org/articles/14765/blogvault-security-update-after-the-hack




source https://williechiu40.wordpress.com/2017/04/03/blogvault-security-update-after-the-hack/

No comments:

Post a Comment