SECURITY WARNINGS & Notices - Please post them here

[Asyn]

WordPress 5.7.2 Security Release
https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/

[bob3160]

Security News Roundup for the w/e 5/14/2021

https://youtu.be/EdtuZlJ2-Xk

[bob3160]

Weekly Security News Roundup w/e 5-21-2021

https://youtu.be/jnFdl4tSeEc

[bob3160]

Weekly Security News Roundup w/e 5-28-2021

https://youtu.be/L1Ep5o3upmc

[Asyn]

Watch out: These unsubscribe emails only lead to further spam
https://www.bleepingcomputer.com/news/security/watch-out-these-unsubscribe-emails-only-lead-to-further-spam/

[DavidR]

Watch out: These unsubscribe emails only lead to further spam
https://www.bleepingcomputer.com/news/security/watch-out-these-unsubscribe-emails-only-lead-to-further-spam/

Guess what, I have even been wary about even using unsubscribe links in regular emails that have unsubscribe links.  Frequently these links are by a company sending the emails and not the company that you initially subscribed to.  Whilst the email might be legit, I always check out the unsubscribe link before using it.  Or I put a block on that email address in MailWasher Pro (MWP) my Anti Spam program, so I don't receive the emails, so there is no confirmation of receipt, e.g. a live email address.

As for unsolicited unsubscribe emails, treated like any other unsolicited emails (SPAM/Scam), deleted by MWP at server level, so they don't even get downloaded.

[Asyn]

Critical 0-day in Fancy Product Designer Under Active Attack
https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/

[bob3160]

Weekly Security News Roundup w/w 6-4-2021

https://youtu.be/EIZTAMMCE2c

[polonus]

We do not know what firms have come under attack via a Typer Mismatch Bug,
a zero-day attack, that urged Google to patch their browser JS-engine.
Threat is inherent on using a browser monoculture (Google Chrome/Chromium),
inside another mono-culture, i.e., Windows 10 (latest version)
 
It was Kaspersky's Boris Larin to report this so-called PuzzleMaker attack.
Re: https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/

JS (JavaScript) will be world's biggest can of code-worms ever for some time to come.

polonus

[Asyn]

IPAS: Security Advisories for June 2021
https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/

[Asyn]

Audi, Volkswagen data breach affects 3.3 million customers
https://www.bleepingcomputer.com/news/security/audi-volkswagen-data-breach-affects-33-million-customers/

[bob3160]

Audi, Volkswagen data breach affects 3.3 million customers
https://www.bleepingcomputer.com/news/security/audi-volkswagen-data-breach-affects-33-million-customers/

https://youtu.be/MZViT8dxYJI

[bob3160]

Weekly Security News Roundup w/e 6-11-2021

https://youtu.be/ic8FYwEyGUA

[bob3160]

Weekly Security News Roundup w/e 6-18-2021

https://youtu.be/XOgjGNGg3qI

[Asyn]

Scammer arrested for phishing operation, sent 25,000 texts in a day
https://www.bleepingcomputer.com/news/security/scammer-arrested-for-phishing-operation-sent-25-000-texts-in-a-day/
https://www.gmp.police.uk/news/greater-manchester/news/news/2021/june/man-arrested-in-manchester-hotel-after-over-25000-phishing-messages-sent-in-one-day/