Episode 87: Vulnerabilities Affect Discount Rules for WooCommerce Plugin, ModSecurity & Windows

Summary: Vulnerabilities were patched in the Discount Rules for WooCommerce plugin installed on 40k+ WordPress sites. Developers from OWASP said ModSecurity v3 is exposed to denial of service exploits, though maintainers of ModSecurity reject that claim. A severe vulnerability in Windows Netlogon was patched in August; this bug could be exploited to attack enterprise servers. A researcher discovered that the Windows TCPIP Finger command can function as a file downloader & a makeshift command & control server.