Security Update | JQuery Fie Upload Flaw, Costs of a Data Breach

November 5, 2018

JQuery File Upload Flaw Exists in Hundreds of WordPress Plugins

Problem: In October, a researcher with Akamai discovered a serious flaw in a popular JQuery’s file upload plugin. That plugin has been available for nearly eight years and is now a part of nearly 8,000 online applications, including the very popular WordPress plugin JQuery File Upload.

The problem allows hackers to gain remote access to your server’s upload directory (server/php/files). From there, they can execute files remotely and take over your server instance.

The researcher credited with finding the problem is Larry Cashdollar. He suspects that hackers are actively using this vulnerability to attack websites and other services.

“I suspected this vulnerability hadn’t gone unnoticed and a quick Google search confirmed that other projects that used this code or possibly code derived from it were vulnerable,” Cashdollar said in his blog post.

Solution: First, update to the most recent version of the JQuery File Upload plugin. Cashdollar and another researcher have already helped create a patch. Upgrade to the most current version of the plugin to correct this flaw.

Next, update your webserver space not to execute files in the upload directory used by the plugin. The following is a suggested template that can be used to update a server.

Cost of a Data Breach

The cost of a data breach in 2018 reached an average $148 per record and took organizations an average of 196 days to detect a breach, according to a study by the Ponemon Institute.

The study was sponsored by IBM and conducted as the annual Cost of Data Breach Study .

The study analyzed the effectiveness of AI-enabled security tools. It also discussed the costs of a data breach.

The US is the most expensive country in which to fix a data breach, per the study. The most targeted region, however, is the Middle East.

The average total cost of a breach ranged from $2.2 million for incidents with fewer than 10,000 compromised records to $6.9 million for incidents with more than 50,000 compromised records, according to the study.

The study also found that anti-malware services that used AI helped save $8 per record in costs.

 

*****

Need help securing your website? Contact the experts at Visual String where we provide both immediate support and long term maintenance for WordPress websites.

Categorised in: ,