Podcasts about wordpress plugins

How to Add Video Schema to Your Website for Google Search Results

Willkommen im nerdcafe. In dieser Episode geht es um WordPress Sicherheit. Ich gebe dir einen allgemeinen Überblick warum es wichtig ist, sich mit dem Thema zu befassen. Ich zeige dir ein paar kleine Tricks, wie du mit wenigen und vor allem unkomplizierten Ideen deine WordPress Seite sicherer machen kannst. Was ist das nerdcafe? Hier geht es um WordPress, Hosting, Content Management Systeme und Web-Themen. Aber natürlich auch um Sicherheit, Backups und Social Media. Kurz gesagt: Um alles, was dich interessiert, wenn du mit deinem eigenen Webseite Projekt starten möchtest. Neue reguläre Podcast Episoden erscheinen jeden Dienstag um 7:00 Uhr. Ab 2025 immer abwechselnd Johannes alleine oder mit verschiedenen Expert*innen. Machs dir gemütlich und komm gern dazu. Viel Spaß im nerdcafe. Weiterführende Links zu dieser Folge: statista https://de.statista.com/statistik/daten/studie/320670/umfrage/marktanteile-der-content-management-systeme-cms-weltweit/ WordPress Plugins https://de.wordpress.org/plugins/wp-2fa/ WordPress Hintergrundwissen Dashboard https://johannesmairhofer.de/blog/das-wordpress-dashboard/ WordPress Benutzer https://johannesmairhofer.de/blog/die-wordpress-benutzer/ WordPress Plugins https://johannesmairhofer.de/blog/was-sind-wordpress-plugins/

Surreal WordPress Plugins and SEO Strategies ‘good morning, good afternoon, good evening, wherever you happen to be hiding out there on the globe today! Coming to you LIVE from …'   Salutations and Some Reminders: Welcome to Episode 638 – Surreal WordPress Plugins and SEO Strategies – We've got a couple of great in-depth plugins to cover for […] For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like Surreal WordPress Plugins and SEO Strategies.

It's Episode 637 and we have plugins for Cookie Banner Compliancy with Random Number Generation, and some WordPress News. It's all coming up on WordPress Plugins A-Z! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like Behind The Scenes of WordPress Plugins: Plugins Exposed with Critical Errors.

Josh and Kurt talk about the way Wordpress vets their plugins. While Wordpress has been in the news lately, they do some clever things to get plugins approved. There's a static analyzer that runs against new submissions. We discuss using static analysis, securing open source, contributing and more. Show Notes Linus Torvalds Lands A 2.6% Performance Improvement With Minor Linux Kernel Patch Kurt's Plugin

In this episode, Michelle Frechette and Corey Maass delve into their experiences with product marketing for a WordPress plugin focused on open graph images. They highlight the significance of customer feedback, better onboarding processes, and innovative marketing strategies inspired by Spotify's year-end wrap-up feature. The discussion is peppered with personal anecdotes and humor, creating a light-hearted yet informative atmosphere. They explore ideas like using AI for targeted landing pages, conducting visitor interviews, and improving their website design to better reflect their brand. The episode concludes with a sense of camaraderie and optimism for their ongoing projects.Top Takeaways:Focus on the Problem and Solution: Corey emphasized the importance of clearly defining the problem OMGIMG solves. This includes addressing specific pain points, like the "image roulette" problem, where inconsistent images affect branding and engagement. Focusing on the problem in copy helps ensure users immediately see OMGIMG's relevance to their needs.Strategic Use of AI as a Creative Partner: Corey is using AI as a tool for creating, organizing, and refining content. This iterative approach—from generating headlines to drafting entire plugins—allows him to quickly put ideas on paper, then tweak them. Michelle also mentioned wanting to lean more on AI, which could further help streamline content creation and brainstorming.Customer-Specific Landing Pages: Corey mentioned creating landing pages targeted at specific customer types, like bloggers, to highlight relevant features and value propositions. This strategy makes it easier for users to see exactly how OMGIMG fits their needs and helps make the messaging more personalized and effective.Interactive Feedback with Visitor Interviews: The idea of using visitor interviews and live feedback sessions with WordPress community members (like Cameron and Marcus) was discussed as a way to gather insights on the product in real-time. This feedback could be essential for fine-tuning both the product and its messaging.Mentioned In The Show:Mark WestguardThis Week In WordPressNathan WrigleyIPA WPJustin WelschSaturday Solopreneur Otter AI Alan FullerFullworks PluginsSet AppBeaver builderClaude AIChris LemaCameron Jones

In this episode of the Post Status Happiness Hour, host Michelle Frechette interviews David Johnson, product owner at Solid WP, to discuss the launch of  Backups Next Gen a rebranded version of Backup Buddy. David shares his background and the evolution of WordPress backup solutions, emphasizing the need for modern, cloud-based infrastructure to enhance performance and security. They delve into the features of Backups Next Gen including its user-friendly interface and incremental backup capabilities. The episode also highlights the importance of reliable backups and the supportive WordPress community. Michelle concludes by encouraging listeners to explore Solid WP's offerings.Top Takeaways:Backup Solutions and Features: David Johnson gives an in-depth overview of Backups Next Gen, highlighting its ability to perform incremental backups by only saving changed files daily, while backing up the entire database. Users can restore backups with a single click, and they can generate downloadable zip archives for specific moments in time. This makes it easier to choose the right backup and manage storage effectively.Integrated Cloud Storage in Pricing: Backups Next Gen now includes cloud storage in its pricing. Previously, storage was sold separately, but the new pricing structure offers more storage per site as users increase their licenses. This simplified pricing model is designed to offer generous and cost-effective cloud storage.Solid Suite and Black Friday Deals: SolidWP is offering a Black Friday sale for both Backups Next Gen and the Solid Suite, a bundle that includes Solid Security Pro, Solid Central, and the Solid Academy. The Solid Suite offers significant value for WordPress users by bundling multiple tools to enhance security, backups, and site performance.Solid Academy: The Solid Academy, run by Nathan Ingram, offers extensive training resources with live streams and a decade's worth of courses on topics such as AI email, WordPress plugins, and how to run a successful freelance or agency business. It's designed for developers and agencies looking to grow and increase their revenue.Mentioned Links:Solid WPSolid BackupsElegant ThemesWoothemesDiviKadence WPSolid CentralDropboxGoogle DriveStashNexcessWP-CLIJohn HooksSolid SuitePatchstackSolid Security ProSolid AcademyNathan IngramGive WPBen MeredithTopher DeRosaHero Press

In this episode, Michelle Frechette and Corey Maass engage in a detailed discussion about their latest WordPress plugin development and marketing strategies. They introduce a new plugin designed to take website screenshots and save them to the media library, emphasizing its user-friendly features and accessibility standards. The conversation shifts to marketing plans for Black Friday, reflecting on past sales and contemplating pricing adjustments to create urgency and exclusivity. They also discuss the importance of email campaigns, social media content, and community feedback. The episode blends technical insights with strategic planning, highlighting their collaborative and thoughtful approach to product development and marketing.Top Takeaways:Black Friday Co-Marketing Plan: The IPAWP initiative is gearing up for a Black Friday co-marketing campaign where participants will be paired to promote each other's products. This involves visiting their partner's website, checking for Black Friday deals, and sharing it via social media, with an easy and light effort on the participants' part.Engaging and Humorous Marketing Approach: Michelle and Corey are using lighthearted, humorous content in their marketing for OMGIMG, including showcasing a personal photo of Corey with a playful caption about "embarrassing photos" and tying it to the product's purpose. This approach not only captures attention but also makes the marketing relatable and fun for potential users.Open Feedback Loop for OMGIMG: The team is actively seeking feedback from users about the product and its homepage. They are open to ideas and suggestions, highlighting their commitment to continuous improvement and ensuring OMGIMG meets user needs and expectations. This openness encourages user involvement and helps shape the platform's development.Progress on IPAWP's First Version: A developer is working on the first version of the IPAWP co-marketing tool. It will allow businesses to be paired randomly for co-marketing tasks, with the team overseeing pairings to ensure compatibility. The tool will also help track whether participants have completed their marketing assignments.Mentioned In The Show:Admin Menu Editor ProTypingMindClaud.aiKatie KeithAlex StandifordUnderrepresented in TechSamah NasrStellar WPDense DiscoveryJames Lau

In this episode, Michelle Frechette and Corey Maass  discuss their preparations for WordCamp US, including finalizing presentation slides and enhancing their product's homepage for better user engagement. They explore offering personalized onboarding sessions and the complexities of different plugins. The conversation highlights the importance of educational content and clear communication about their product's benefits, especially for users unfamiliar with WordPress. They also celebrate a successful classified ad in a newsletter and share experiences with user engagement and marketing strategies. The episode concludes with plans for future events and a light-hearted discussion about time management.Top Takeaways:Working on IPA WP Features: Michelle and Corey discussed their progress on developing features for IPA WP. They plan to refine these features and update the homepage to have a product ready to showcase at WordCamp US.Networking and Relationships at WordCamps: Corey and Michelle both emphasize the importance of attending WordCamps and smaller WordPress events. These events have allowed them to build strong professional relationships and friendships, like Corey's connection with Alex Standiford and others. They both miss the frequency of smaller, more intimate WordCamps, which foster closer interactions and connections.Productivity and Time Management: Both expressed the challenge of balancing multiple responsibilities, including work, hobbies, and preparations for upcoming events. They joked about the idea of creating a plugin to add more hours to the day, highlighting the ongoing struggle with time management.Mentioned In The Show:YoastRank MathStellar WPStreamYardMorgueFileDense DiscoverySeattle MagazinePaws of CoronadoSquirrelly Dall-E FiverrMastermind GroupAlex StandifordMarcus Burnette

In this episode of the Post Status Happiness Hour, Michelle Frechette talks with Nathan Ingram and Kathy Zant. They delve into the critical topic of online security, emphasizing the necessity of user education, particularly for WordPress users. Nathan from Solid WP and the Academy introduces Monster Secure, a new course designed to help agencies educate their clients on security best practices. Kathy, an online security expert, shares her experiences and stresses the importance of security education for overall business protection. The discussion highlights the challenges of online security, the evolving nature of cyber threats, and the need for proactive measures to safeguard digital assets.Top TakeawaysSecurity Awareness is Critical & Need for Vigilance: Effective security involves more than just technical measures; it requires continuous vigilance and education about potential threats. Kathy Zant and Nathan Ingram emphasize the importance of understanding and responding to security risks proactively.Education and Empowering Users: Both Kathy and Nathan stress the significance of educating users and clients about security. They argue that security knowledge should be accessible to everyone, not just experts.Security is for Everyone, Not Just Big Targets: Nathan explains that hackers don't only target large, high-profile websites; they also exploit smaller, less-secure sites for resources. This underscores that security is a concern for everyone, regardless of the size or perceived importance of their websiteMentioned In The Show:Thomas RaefWeWatchYourWebsiteSolid WPSolid AcademyMonster SecureGo Safely OnlineLearnDashJack KitterhingYouTube

As a WordPress theme or plugin developer, you've likely felt the tremors caused by Shutterstock's acquisition of Envato. This significant shift in the industry landscape has left many questioning the...

Let's cut to the chase: Selling WordPress plugins ain't easy. Solo plugin makers and SMBs in the space need to use all means available to convert customers and drive revenue....

In episode 336 of the Shared Security Podcast, we discuss the Biden administration's recent ban on Kaspersky antivirus software in the U.S. due to security concerns linked to its Russian origins. We also highlight the importance of keeping all software updated, using recent examples of supply chain attacks that have compromised several popular WordPress plugins. […] The post The U.S. Bans Kaspersky Antivirus, WordPress Plugin Supply Chain Attacks appeared first on Shared Security Podcast.

In today's episode, we discuss the FBI's latest warning about fake law firms scamming crypto victims: https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-law-firms-targeting-crypto-scam-victims/. Also, we cover Julian Assange's release from a U.K. prison and subsequent move to Australia: https://apnews.com/article/assange-plea-deal-wikileaks-justice-department-d329ba4614dbfa77b5eb968d07fd9bd0. Lastly, we delve into compromised WordPress plugins creating rogue admin accounts and injecting SEO spam: https://thehackernews.com/2024/06/multiple-wordpress-plugins-compromised.html. Video Episode: https://youtu.be/CvDQHJ2mQac 00:00 - Intro 01:13 - FBI Alerts on Fake Crypto Recovery Firms 03:34 - WordPress Plugins Backdoored: Rogue Admins Created 06:36 - Julian Assange Released, Heads to Australia Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Cybercriminals, cryptocurrency, FBI, law firms, WikiLeaks, Julian Assange, U.S. Department of Justice, plea deal, WordPress, hackers, plugins, compromised, podcast, crypto fraud, cybersecurity, software supply chain attack, website security, legal news, international law, classified information Search Phrases: How to identify crypto fraud recovery scams Cybercriminals posing as law firms for cryptocurrency scams FBI warnings on crypto fraud Julian Assange U.S. Department of Justice plea deal WikiLeaks founder Julian Assange release news Signs of compromised WordPress plugins Recent WordPress plugin backdoor attacks Protecting WordPress sites from hackers Latest podcast on cybersecurity and legal news Updates on Julian Assange legal saga

This episode of Woo BizChat we chat with Mark Westguard from WS Form, sharing his journey as a solopreneur in the plugin business.

This episode reports on the malicious plugin worm that refuses to die, and more

What better way to respond to a time of uncertainty and transition than to share a true success story of change. Joining the podcast is a truly hopeful example of growth and evolution. Ben started off as an IT and web development guy and now runs of the SEO plugin All-In-One-SEO (AIOSEO) since it was acquired in 2020. Over these years, both he and the plugin have experienced massive change and transformation to be in the positions they are today. And we're gonna learn some of the key takeaways of how this was possible.  Links & Resources AIOSEO - The World's Best All-in-one SEO Plugin for WordPress: https://www.nichepursuits.com/aioseo  Benjamin Rojas | LinkedIn: https://www.linkedin.com/in/benjaminprojas/ Benjamin Rojas (@benjaminprojas): https://twitter.com/benjaminprojas Use coupon code “podcast” to get $15 off Link Whisper to build smarter internal links fast: https://www.nichepursuits.com/linkwhisper Get SEO Consulting from the Niche Pursuits Podcast Host, Jared Bauman: https://www.nichepursuits.com/201creative This Episode is Sponsored by Search Intelligence - https://search-intelligence.co.uk/  

With Minute Hook by Cindy Donovan, there's never been an easier way to deliver engaging lead magnets to your audience. Want to build your email list? This is the software for you! Find out more at: https://muncheye.com/minute-hook MunchEye City: London Address: London Office 15 Harwood Road, , London, England United Kingdom Website: https://muncheye.com/ Phone: +1-302-261-5332 Email: support@ampifire.com

Today, we're discussing the lawsuits coming out of AT&T's massive data breach affecting 73 million, a critical flaw in the LayerSlider WordPress plugin jeopardizing 1 million sites, and a preventable hack into Microsoft Exchange highlighting cybersecurity's critical stakes. Experts weigh in on the ramifications and preventive strategies, ensuring you stay informed and ahead in the cybersecurity game. Your feedback on these issues is crucial; join the conversation and help shape a more secure digital future. References: For insights on the AT&T lawsuits and data breach impacts: https://www.bleepingcomputer.com/news/security/atandt-faces-lawsuits-over-data-breach-affecting-73-million-customers/ Understanding the critical vulnerability in the LayerSlider WordPress plugin: https://www.bleepingcomputer.com/news/security/critical-flaw-in-layerslider-wordpress-plugin-impacts-1-million-sites/ Analysis of the Microsoft Exchange hack and recommended security reforms: https://www.cybersecuritydive.com/news/microsoft-exchange-hack-china-preventable/712146/ and https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for the Episode: AT&T data breach, cybersecurity, legal actions, LayerSlider WordPress plugin, SQL injection, plugin security, Microsoft Exchange hack, cloud service security, cybersecurity reforms, identity theft, data privacy, security protocols, cyber risk management, plugin vulnerabilities, security best practices, cyber attack prevention, digital security, cybersecurity insights, technology law, security updates Search Phrases: AT&T 73 million data breach details Legal consequences of cybersecurity failures How to secure WordPress sites from SQL injection Impact of LayerSlider plugin vulnerability Preventing Microsoft Exchange cyber attacks Enhancing cloud service cybersecurity Best practices in digital security updates Addressing identity theft and data breaches Cybersecurity insights for tech professionals Cyber risk management strategies Lawsuits following major data breaches Plugin security for WordPress administrators Learning from cybersecurity breaches Updates and security in technology law Prevention strategies for cyber attacks Transcript: Apr 4 Welcome back to the Daily Decrypt. AT&T is grappling with the fallout of a data breach that impacted 73 million customers. As class action lawsuits begin to mount, also, over 1 million WordPress sites are at immediate risk due to a critical vulnerability in the Layerslider plugin, which can expose these sites to SQL injection attacks. How can WordPress admins protect themselves from this vulnerability? And finally, the Cyber Safety Review Board has declared the massive intrusion into Microsoft's Exchange Online entirely preventable. And just a reminder, this mega intrusion led to over 60, 000 U. S. State Department officials emails being compromised. How the heck is Microsoft gonna restore trust and confidence from the consumers in their security protocols? Stick around to find out. So it's been two days since my last episode, in which I highlighted the most recent AT& T breach. Well, it's been a long couple of days, the reason there were no new episodes is because I lost internet, and you might be thinking, Hey, you just finished slandering AT& T on this podcast on Monday, and then your AT& T internet goes out? That's correct. There's really no other explanation other than aT& T is seeking revenge against the Daily Decrypt. But I digress. To recap what has happened, AT& T has admitted to a data breach exposing sensitive information of 73 million customers this breach included usernames, social security numbers, email addresses, and AT& T PINs used to make secure account changes on AT& T customer accounts. The timeline reveals that AT& T's initial denial of the breach, which was first alleged by ShinyHunters in 2021, and their recent admission after a second threat actor leaked the data in 2024, raises questions about the effectiveness of corporate data breach detection and response strategies. The leaked data isn't from the past year or even couple of years. The leaked data is from 2019. And it includes 7. 6 million current customers and 65. 4 million former AT& T account holders, which I guess says a lot about AT& T's churn rate, that they have 65 million former customers and only 7 million current customers. Needless to say, a lot of data was breached. Now, what's fascinating about this is that this was brought to AT& T's attention in early 2021 and they denied it. And then another threat actor group released the same data from 2019 and early 2024 AT& T also denied that. They're just saying that they don't know this data doesn't belong to them. This data wasn't stolen from their systems when clearly it was. So only in the last week did AT& T finally admit that that data from 2019 belongs to them and was breached from their networks. So because of this negligence, multiple class action lawsuits have spun up very recently. Most notably, there's one from Morgan Morgan, which is the same law firm that's been suing Google over the fact that it tracks users data even when they're in incognito mode. And I believe Google paid out a settlement. So this is the same law firm that did that. And they're accusing AT& T of negligence, breach of implied contract, and unjust enrichment. And they're aiming for compensatory damages and improved data security protocols. Their lawsuit criticizes AT& T for not acting on known vulnerabilities and delaying breach acknowledgement, jeopardizing customer data privacy and confidence. I'm really glad to see these lawsuits are being spun up. As you heard in Monday's episode, I was calling for multiple class action lawsuits.. So yeah, I hope you get the crap suit out of you. And yes, I am an AT& T customer.. If you are also an AT& T customer and you're concerned about your data being in one of these breaches or this main breach from 2019, I believe the site haveibeenpwned. com has acquired the data from this breach. And so you can just search your email addresses in that site to see if it was compromised. Listen to the episode released this past Monday for some tips on how to stay safe when attackers have all of this information. All the information needed to open up new credit cards, take out new lines of credit in your name, and do a whole lot of stuff. All right. Well, there's another WordPress vulnerability out there with a CVSS score of 9. 8 out of a 10 max. The name of the plugin? Layerslider. This plugin is used by over 1 million sites. and exposes these sites to SQL injection attacks. This flaw allows attackers to potentially extract sensitive data, including password hashes, leading to site takeovers or data breaches. This vulnerability was discovered on March 25th, and was promptly reported to WordFence, earning the researcher 5, 500 bounty. The vulnerability affects layer slider version 7. 9. 11 through 7. 10, which as mentioned before, allows for SQL code injection. And just to quickly discuss what SQL code injection is, it's when data is queried from a database to be populated on a website. Those databases use a language called SQL or SQL that uses a query language, which is what the QL stands for, to query that data. This vulnerability allows attackers to query that data by injecting malicious commands. using SQL. They can essentially pull anything they want out of the databases. So that includes, yeah, password hashes, names, emails, whatever data is on the website. If that's social security numbers, that's vulnerable too. Despite the severity though, the attack is limited to a time based blind SQL injection, which relies on observing response times to infer data. And this type of SQL injection is hard to detect, but it's also hard for the attacker to get large amounts of data. It's more of an inferred sort of data attack. For more information on this attack, check out the article in the show notes by Bleeping Computer. The good news is that the flaw was quickly addressed by the plugin's developers, Creatura, who released an update to version 7. 10. 1 on March 27th, so within 48 hours of being notified. If you are a layer slider user, please go update immediately to mitigate this risk. WordPress is built on the use of plugins. That's what makes it so marketable. The more plugins you have, the more plugins you use, the higher your risk is. And I personally am a WordPress user. The DailyDecrypt. com is a WordPress site, and I'm having a hard time setting up notifications for outdated plugins. It's not very intuitive. Granted, I don't use any plugins other than the podcast plugins hosts this podcast and I'm constantly on the site making sure everything's updated and posting new podcasts, but a lot of people with WordPress sites will set it and forget it. Like they'll put up their site. It's a shop. They respond to orders they get, but they don't actually go onto the WordPress site too much. And a lot of WordPress users are less tech savvy than me. So they probably don't have alerts set up for outdated plugins. I highly encourage you to just set up a reminder that goes off once a week, once a month, whatever interval you think is appropriate for the risk of your website. and just go check to make sure all the plugins are up to date. It's a really quick check, and if they're not up to date, you just press a little button and update them. You're likely not doing advanced programming on your WordPress site that might break with an update, so just, just press the little button. All right, and our final story comes from the Cyber Safety Review Board, where they have officially declared, which is a pretty bold stance, they've officially declared that the intrusion into Microsoft Exchange Online that exposed about 60, 000 U. S. State Department emails, was entirely preventable. This report criticizes Microsoft's corporate culture for insufficient investment in security and risk management and calls for widespread security reforms within Microsoft and among all cloud service providers to prioritize cybersecurity. The Cyber Safety Review Board, or CSRF, urges Microsoft to publicly outline its security reforms and outlines a series of operational decisions that encourages cloud service providers and government partners to make security focused changes. The report, released by CSRF, details the compromise of key U. S. officials mailboxes by China affiliated actors and criticizes Microsoft for charging extra for essential security features like enhanced logging. Which, in the recent past, has since been reversed. Microsoft no longer charges extra. But still, why did they do that in the first place? Microsoft has responded and announced plans for major security reforms, including better infrastructure and security processes. It's worth noting that Microsoft has been very cooperative throughout the CSRB's investigation, and are definitely willing to listen to the suggestions and make some changes, so That's step one, that's Way better than what AT& T did when confronted. Microsoft is looking into this. They want to maintain consumer confidence as much as anybody. They're at the center of our tech universe and even more so than most consumers might even know. A lot of servers and digital infrastructure is hosted on Windows server and Windows machines. And if you've been listening for a while, you've heard DogeSpan and I discuss another recent breach amongst senior developers and executives at Microsoft without multi factor authentication on their development accounts. Attackers were able to get in. So all of these incidents are starting to pile up and really pointing fingers at Microsoft. We got to get this fixed. They're starting to crack down. We're going to keep an eye on them. We're going to keep reporting what happens at Microsoft. Hopefully nothing else big because they hold a lot of data. in their cloud services, Exchange, Azure. Microsoft is a pretty big powerhouse in the cloud service provider. So yeah, hopefully they're throwing some money at this. They're spinning up some new teams and they're really looking at legacy infrastructure. It's a pretty old product that they're continually building on. So they need to start peeling away these layers of this product and figure out how they can boost up security. They need to be leading. and setting a good example for smaller companies by being so secure. Well, that's the show. That's all we got for you. Again, sorry about the quick hiatus. Internet went out. Hopefully it will stay on for the remainder of the week and maybe I can put an episode out on Saturday, recapping some stuff. But if you like what you hear, please go find us on Instagram or The Daily Decrypt and send us a comment or a DM. We'd love to hear from you. Until then, we'll talk to you some more tomorrow.

Our episode today discusses the latest on the Apex Legends Global Series hacking fiasco, Microsoft's Bing popup controversy, critical WordPress plugin vulnerabilities, innovative acoustic side-channel attacks, and the cunning world of HTML smuggling. Explore the evolving challenges and ingenious exploits shaking up the cybersecurity realm. Uncover what these developments mean for your digital safety and privacy. Article URLs: Apex Legends Tournament Hacking: https://www.bleepingcomputer.com/news/security/apex-legends-players-worried-about-rce-flaw-after-algs-hacks/ Microsoft's Bing Popup Ads: https://www.bleepingcomputer.com/news/microsoft/microsoft-again-bothers-chrome-users-with-bing-popup-ads-in-windows/ WordPress Plugin Vulnerability: https://thehackernews.com/2024/03/wordpress-admins-urged-to-remove.html Acoustic Side-channel Attack: https://www.bleepingcomputer.com/news/security/new-acoustic-attack-determines-keystrokes-from-typing-patterns/ HTML Smuggling in Cyberattacks: https://thehackernews.com/2024/03/hackers-using-sneaky-html-smuggling-to.html Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: cybersecurity, Apex Legends, Microsoft Bing, WordPress vulnerabilities, acoustic side-channel attack, HTML smuggling, digital privacy, hacking incidents, software vulnerabilities, web security Search Phrases: Apex Legends tournament hack Microsoft Bing popup ads controversy How to protect against WordPress plugin vulnerabilities What is an acoustic side-channel attack Understanding HTML smuggling in cyberattacks Latest cybersecurity threats and protections Hacking incidents in esports Preventing digital privacy breaches Addressing software vulnerabilities Enhancements in web security Transcript: Mar 19 [00:00:00] [00:00:02] offsetkeyz: Alright, welcome back to the Daily Decrypt. Researchers have developed a new method to deduce keystrokes, or manually entered passwords, from the sounds your keyboard makes, revealing a new attack that poses challenges to users even in noisy environments. How can you stay safe from this type of attack? Hackers have disrupted the Apex Legends Global Tournament using a remote code execution flaw. Imagine if these gamers spent that much time learning cyber security. We might have these world problems solved. And Google Chrome users on Windows are getting unsolicited ads from Microsoft trying to get them to set their default search engine to Bing. If I'm already using Google Chrome, I know what I want to be doing, so thanks Microsoft. And for our nerdier listeners, cybercriminals are exploiting HTML smuggling [00:00:56] offsetkeyz: to deliver malware through fake Google documents [00:01:00] which circumvents traditional security defenses by embedding malicious payloads in normal appearing web content, okay, so since yesterday's episode was focused on a discussion and didn't really bring the news, I'm going to deliver three pieces of news really quick. In a lightning round style. So up first, The North American finals of the Apex Legends Global Series were postponed after a shocking security breach. Hackers using a remote code execution flaw managed to infiltrate the game mid match, compromising the integrity of the whole competition. One player reported seeing a cheat tool. I mean, I'd report that too if I was cheating. While another was given an aimbot, which is another form of cheating, enhancing the user's aiming abilities, which led to the suspension of the tournament. And this incident has raised [00:02:00] concerns about the security of gaming environments, and the potential vulnerabilities within Apex Legends client or the associated anti cheat software. Meanwhile, Microsoft has stirred up frustration among Windows users by pushing unsolicited Bing pop up ads to Google Chrome users, suggesting a switch to Bing as the default search engine. This marketing strategy, which included pixelated that led some to suspect malware, has been met with criticism for its intrusive nature. Microsoft claims this is a one time notification, but I personally have gotten this notification multiple times and dismissed it multiple times. And like I said during the intro, I downloaded Google Chrome and I set my default search to DuckDuckGo or Google. I don't want to switch it to Bing, and if I did, I would. So sending me a popup If you've listened to any of my previous episodes and how much I hate pop ups, is going to do the opposite thing, [00:03:00] Microsoft. And especially a pixelated pop up that looks like malware? Figure it out! And finally, in more cyber security related news, there's a WordPress plugin series called Mini Orange that, according to the developer, has been deprecated for a couple weeks now, and There's now a vulnerability with I believe a CVE rating of 9. 8 out of 10 for these plugins So WordPress is recommending just removing these plugins. These plugins are security features like firewalls and anti malware So go out there, try to find a new plugin that does your security for you. This one is going to do the opposite of what you want it to do. And just to clarify, that is Mini Orange, specifically their malware scanner and their web application firewall. [00:03:47] transition: uh, uh, uh, [00:03:53] offsetkeyz: Okay. So there's a new acoustic side channel attack that could potentially. allow attackers to [00:04:00] determine your keystrokes, or manually entered passwords, based on the sound that your typing makes. So this was developed by security researchers, and as far as we know is not being exploited in the wild, though, if it is possible, it probably is being exploited in the wild. We can't ask a breached account how to do that. The attacker breached it, and attackers aren't really giving up that information, so we can assume that it's being used in the wild, though there's no direct evidence at this time. This article comes from Bleeping Computer, but the research was completed at Augusta University, and the researchers claim that you don't need a quiet environment to perform this attack, or even the consistency of a mechanical keyboard, per se. Like the keyboard on my Macbook uses what's butterfly keys that are really light and to us they sound entirely the same. But yes, this attack can be performed on any type of [00:05:00] keyboard. Currently the attack only has an average success rate of 43%, but that success rate is much higher than other attacks like credential stuffing, which is where attackers find your credentials on the dark web and then put them into A myriad of websites that accept usernames and passwords. For more information on this attack, you can check out the article by bleeping computer in the show notes. But you might be wondering how can you protect yourself from this type of attack? Well, first of all, if you're still manually entering passwords, you cannot protect yourself from this type of attack. You can get little rubber keyboard covers, you can do whatever, but this attack can be used when you're manually entering your passwords. So there's no way to get around manually entering some passwords. So what I'm trying to get at here is You should be using a password manager, which only requires you to copy and paste your [00:06:00] passwords, which makes no sound. You will have to occasionally enter in your master password for the password manager, and I would recommend doing that at home, And try to avoid doing it while you're making Instagram videos, or live streaming, or something like that. But the ultimate way to protect yourself from this is to start using a password manager. It's amazing how many of these hacks using a password manager can prevent. If you have any questions about using a password manager, switching over your routine, I've developed a four day plan. with about 10 to 30 minutes per day to ease yourself into this new lifestyle. Reach out to us in the comments or in a direct message on any of our social media platforms, and I'll be happy to get you that four day plan. [00:06:56] offsetkeyz: Alrighty, and our final piece of news for the day comes from [00:07:00] thehackernews. com, and it involves an attack called HTML smuggling, which has been developed only recently thanks to the innovations in new versions of HTML. And if you're not familiar, HTML is essentially the backbone of all websites. It's the coding language used, hypertext markup language, to develop websites. That HTML might integrate with JavaScript or CSS or a myriad of other languages. HTML tends to be the backbone of all websites. So HTML5 introduces new interactive features that kind of blur the lines between software, computer apps, and web based. applications or websites, and allows for more sophisticated interaction with the user's browser and system. So, to back up a little bit, cybercriminals are creating counterfeit pages that mimic Google Docs. When someone visits these pages, they unknowingly trigger the download of malware onto their [00:08:00] devices. And this malware is not to be underestimated. It can steal a wide range of personal information, including credentials from web browsers, documents, and even data from cryptocurrency wallets. So as I said before, this attack is thanks to the innovations and advancements brought about through HTML 5 specifically including the support for blobs or binary large objects blobs allow for the manipulation and direct handling of binary data such as executable files or images from within the browser So this feature enables web applications to create, read, and manipulate binary data client side, which is crucial for modern web applications that handle rich media and documents without relying on additional plugins or server side processing. So the further we advance in technology, the more processing we're going to be able to do on our independent machines, as opposed to relying on [00:09:00] processing in the cloud and then transitioning that data back to our machines. It allows for much faster loading times and such when you're interacting with a web application. So essentially attackers are creating fake websites that utilize these blobs by writing JavaScript code that essentially creates malware in the browser. So the malware isn't embedded per se, the code that's being executed in the browser creates the malware, usually in the form of a PDF, and then downloads it to your computer. And mind you, downloading files from a web application is a relatively normal process. It takes place all the time, you might not even know it. But this one is usually downloaded in the form of a PDF, and once that PDF is opened, the malware is created and run. And it uses some pretty cool techniques. If you're interested in that type of thing, they're outlined in the articles linked in the show notes. But the key [00:10:00] takeaways from this are that attackers are innovating, and they're using these new advancements in technology against us. So we just have to be extra vigilant and careful as we navigate throughout the web, clicking on links, and when you're searching for something specific on Google, Make sure not to click Google Ads, as attackers can buy these. And this is probably how it's mostly getting disseminated, is fake websites that look like the real websites, and as you interact with it, it's downloading things to your computer. So try to avoid clicking on Google Ads as much as possible. All right, that's all I've got for you today. I'll see you If you haven't had a chance yet, check out the episode we released yesterday about Texas and the age verification. It's an open ended discussion and we'd love to hear your thoughts on it. We've thrown out some kind of radical ideas in there about what's happening in Texas and what's happening with these age verification methods. So take a listen, let us know what you think, and we will talk to you some more tomorrow. [00:11:00]

A WPProAtoZHost.com Company.... It's Episode 622 and we have plugins for Conditional Displays, Logging in with IP's.. and WordPress News. It's all coming up on WordPress Plugins A-Z! The post Going Nuts for WordPress Plugins appeared first on WordPress Plugins A to Z.

It's Episode 622 and we have plugins for Conditional Displays, Logging in with IP's.. and WordPress News. It's all coming up on WordPress Plugins A-Z! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like Going Nuts for WordPress Plugins.

A WPProAtoZHost.com Company.... It's Episode 621 and we have plugins for Listing Taxonomies To the Top.. and WordPress News. It's all coming up on WordPress Plugins A-Z! The post WordPress Plugin Whisperer appeared first on WordPress Plugins A to Z.

It's Episode 621 and we have plugins for Listing Taxonomies To the Top.. and WordPress News. It's all coming up on WordPress Plugins A-Z! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like WordPress Plugin Whisperer.

Episode 55: In this episode of Critical Thinking - Bug Bounty Podcast, Justin is joined by Wordpress Security Researcher Ram Gall to discuss both functionality and vulnerabilities within Wordpress Plugins.Follow us on twitterSend us any feedback here:Shoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:------ Ways to Support CTBBPodcast ------WordFence - Sign up as a researcher! https://ctbb.show/wf---Sign up for Caido using the referral code CTBBPODCAST for a 10% discount.Hop on the CTBB DiscordWe also do Discord subs at $25, $10, $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest:Ramuel GallUpdraftPlus VulnXML-RPC PingBackUnicode and Character SetsReflected XSSPOP ChainWordpressPluginDirectorySubscriber+ RCE in ElementorSubscriber+ SSRFUnauthed XSS via User-Agent headerTimestamps:(00:00:00) Introduction(00:05:55) Add_action & Nonces(00:26:16) Add_filter & Register_rest_routes(00:38:39) Page-related code & Shortcodes(00:50:24) Top Sinks for WP(01:02:19) Echo & SQLI Sinks(01:15:07) Nonce Leak and wp_handle_upload(01:18:16) Page variables & Pop Chains(01:26:55) WP Escalations & Bug Reports

A WPProAtoZHost.com Company.... It's Episode 620 and we have plugins for Showing ID's and Simple Customizations... and WordPress News. It's all coming up on WordPress Plugins A-Z! The post Outer World WordPress Plugins appeared first on WordPress Plugins A to Z.

It's Episode 620 and we have plugins for Showing ID's and Simple Customizations... and WordPress News. It's all coming up on WordPress Plugins A-Z! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like Outer World WordPress Plugins.

It's Episode 619 and we have plugins for Rotating Images, Classical Editing... and WordPress News. It's all coming up on WordPress Plugins A-Z! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like Dragons and WordPress Plugins.

A WPProAtoZHost.com Company.... It's Episode 619 and we have plugins for Rotating Images, Classical Editing... and WordPress News. It's all coming up on WordPress Plugins A-Z! The post Dragons and WordPress Plugins appeared first on WordPress Plugins A to Z.

It's Episode 618 and we have a show for Xmas and New Years Holiday Season Chatter... but no WordPress News this week. It's all coming up on WordPress Plugins A-Z! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like Holiday Magic for WordPress Plugins.

A WPProAtoZHost.com Company.... It's Episode 617 and we have plugins for Searching the Fields and Restricting Access... and WordPress News. It's all coming up on WordPress Plugins A-Z! The post Your Guiding Star for WordPress Plugins appeared first on WordPress Plugins A to Z.

It's Episode 617 and we have plugins for Searching the Fields and Restricting Access... and WordPress News. It's all coming up on WordPress Plugins A-Z! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like Your Guiding Star for WordPress Plugins.

Free, ungated access to all 285+ episodes of “It's 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You're welcome to

Robert Abela from Melapress shares his story of rebranding his business and also shares some insights into the under-rated user roles in WP.

Robert Abela from Melapress shares his story of rebranding his business and also shares some insights into the under-rated user roles in WP.

It's Episode 616 and we have plugins for Embedding YouTubery and Ultimate XML'n'CSV... and WordPress News. It's all coming up on WordPress Plugins A-Z! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like The Ever Changing WordPress Plugins.

A WPProAtoZHost.com Company.... It's Episode 615 and we have plugins for Importing or Exporting, Just disabling it all... and WordPress News. It's all coming up on WordPress Plugins A-Z! The post Leaning Into WordPress Plugins appeared first on WordPress Plugins A to Z.

It's Episode 615 and we have plugins for Importing or Exporting, Just disabling it all... and WordPress News. It's all coming up on WordPress Plugins A-Z! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like Leaning Into WordPress Plugins.

A WPProAtoZHost.com Company.... It's Episode 614 and we have plugins for Syncing Posts while Searching Gravity... and WordPress News. It's all coming up on WordPress Plugins A-Z! The post Handing Out WordPress Plugins appeared first on WordPress Plugins A to Z.

It's Episode 614 and we have plugins for Syncing Posts while Searching Gravity... and WordPress News. It's all coming up on WordPress Plugins A-Z! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like Handing Out WordPress Plugins.

A WPProAtoZHost.com Company.... It's Episode 613 and we have plugins for Dark Mode Security Headers... and WordPress News. It's all coming up on WordPress Plugins A-Z! The post Curious About Quality WordPress Plugins appeared first on WordPress Plugins A to Z.

Welcome to Episode 613 - Curious About Quality WordPress Plugins - We've got a couple of great in-depth plugins to cover for you, some recent news in both the WordPress World and the Tech World in general, and some awesome WordPress Tips! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like Curious About Quality WordPress Plugins.

A WPProAtoZHost.com Company.... It's Episode 612 and we have plugins for Bottoming Out & Geolocation... and WordPress News. It's all coming up on WordPress Plugins A-Z! The post Don't Get Stung by Bad WordPress Plugins appeared first on WordPress Plugins A to Z.

It's Episode 612 and we have plugins for Bottoming Out & Geolocation... and WordPress News. It's all coming up on WordPress Plugins A-Z! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like Don’t Get Stung by Bad WordPress Plugins.

A WPProAtoZHost.com Company.... It's Episode 611 and we have plugins for Dynamic Playground Toys for Content and Stuff... and WordPress News. It's all coming up on WordPress Plugins A-Z! The post The WordPress Plugin Matrix appeared first on WordPress Plugins A to Z.

It's Episode 611 and we have plugins for Dynamic Playground Toys for Content and Stuff... and WordPress News. It's all coming up on WordPress Plugins A-Z! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like The WordPress Plugin Matrix.

A WPProAtoZHost.com Company.... It's Episode 610 and we have plugins for Banning Bots with a Hammer While Ordering Post Types... and WordPress News. It's all coming up on WordPress Plugins A-Z! The post WordPress Plugin Zen appeared first on WordPress Plugins A to Z.

It's Episode 610 and we have plugins for Banning Bots with a Hammer While Ordering Post Types... and WordPress News. It's all coming up on WordPress Plugins A-Z! For more articles visit WordPress Specialist with a focus on... - WordPress Training, Classes and Emergency Support... for more articles like WordPress Plugin Zen.

A WPProAtoZHost.com Company.... It's Episode 609 and we have plugins for Temporarily Accessing Toasted Ninja's... and WordPress News. It's all coming up on WordPress Plugins A-Z! The post Falling for WordPress Plugins appeared first on WordPress Plugins A to Z.

Ever felt like work and play are at odds with each other? Join us on this week's episode as Mike Montague shares his personal journey of overcoming burnout and redefining the balance between work and play. From the tragic loss of his roommate to the draining effects of the pandemic, Mike found himself running on empty. Learn why rest alone isn't the solution and why engaging in play is essential for recharging your battery. Discover the various types of work and play and how embracing your playful personality can transform your life and career.     About Mike:   Mike Montague is a versatile entertainer, speaker, and writer at Playful Humans. From hosting game shows for top brands like Google and Subway to sharing stages with renowned artists, his mission is to help adults rediscover the power of play to avoid burnout and navigate midlife challenges.     Resources:   1) How crispy are you? Take the burnout quiz: https://www.playfulhumans.com/quiz   2) Tool: tryinteract.com (for quiz) - WordPress Plugin   3) ) Sign up for a free Breakthrough Session with Dr. Sharon: http://www.bookachatwithsharon.com   4) Take the first step to decode your burnout: http://decodeyourburnout.com