Windows-based PHP installations configured to use PHP-CGI are specifically at risk as the vulnerability exploits Unicode processing in the CGI module.

CVE-2024-4577 is a critical vulnerability in PHP, specifically affecting Windows systems running PHP in CGI mode. This flaw allows attackers to execute arbitrary code remotely by exploiting an argument injection vulnerability. 

Affected systems

• PHP Versions:
  • 8.3.x (before 8.3.8)
  • 8.2.x (before 8.2.20)
  • 8.1.x (before 8.1.29)
• Default XAMPP Installations on Windows
• Windows Systems Running in Chinese and Japanese Locales
• Any Internet-Facing Windows Server Exposing php.exe or php-cgi.exe

Further reading and related sources

• How is CVE-2024-4577 Being Exploited?
• Security Now podcast
• Cybersecuritynews.com
• Securityaffairs.com

Opt-in forms is an essential tool for building your mailing list and successful email marketing. However, they are frequently exploited by bots and malicious actors, leading to various problems.

In this article we cover the following points:

• Automated bot signups, fake, malicious signups and form spamming.
• Understanding the risks.
• How and why it happens.
• Why you need to protect your opt-in forms.
• Available protection methods in nuevoMailer.
• Best practices: Double opt-in & more.
• Monitoring and automation.

Keywords: opt-in form protection, email deliverability, sender reputation, domain reputation, form spamming, double opt-in, Captcha methods, data protection, monitoring, list cleaning.

You can read the full article here.

• This updated version is primarily for your users, your clients.
• Your clients will enjoy a brand new interface with a night mode. You, as administrator can easily personalize your users' interface with a skin file, editable in your master administration panel.
• Clicks frequency analysis and a hidden Honeypot link to capture automated clicks from bots and scanners.
• Rate limiter in Opt-in forms plus a hidden spam trap field.
• Automatic link tracking also for plain Text newsletters.
• Several reports and charts were improved.
• Numerous other improvements in practically every feature.
• See all new features in nuevoMailer ESP v.4.2 here.

Cybersecurity guru Steve Gibson joins Leo Laporte every Tuesday. Steve and Leo break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business. Security Now is a must listen for security professionals every week.

Steve Gibson, the man who coined the term spyware and created the first anti-spyware program, creator of SpinRite and ShieldsUP shares his opinion about nuevoMailer in episode 981.

Security now is an informative, insightful and at the same time entertaining podcast that you will find quite interesting even if you are not a security professional.

Website Planet is the web’s premier hub for individuals and businesses seeking to create, promote, or expand their online presence.

Website Planet provides authoritative reviews, in-depth comparisons, accessible guides, and powerful tools to help you achieve your digital ambitions.

We recently had the pleasure to discuss with Luka @website planet about email marketing. Here is the link to the discussion.

This new update for nuevoMailer ESP introduces Google reCaptcha v3 as an option for opt-in forms.

The coming 3rd party cookie restrictions which Chrome has already started to apply make the current captcha method inapplicable in some cases.
This is a problem especially for ESPs since your users want to put their opt-in forms in their own websites.
Therefore in 4.1 the current captcha method was updated (using partitioned cookies) and Google reCaptcha v3 comes as a new alternative, another option.

Read about all the new developments in nuevoMailer ESP v.4.1 here.

Gmail and Yahoo (AOL) have announced new protection standards and requirements for bulk email senders. In short, they require that you,

• Authenticate your email using DKIM, SPF and DMARC records.
• Enable easy opt-out.
• Ensure you're sending emails your subscribers want.

When?

• Yahoo says 1st quarter of 2024. See blog post with details.
• Gmail by February 2024 but in fact it is already in effect. See blog post with details.

What you should do

• Check your emails for DKIM, SPF and DMARC records. Use a service like Mail tester.
• Another awesome service is dmarctester.com.
• Check your nuevoMailer activity log for errors.
• Check your email clients report. If you had seen a drop in Gmail then something may be wrong.
• Use Google's postmaster tools.
• With nuevoMailer SB v.9.9 and ESP v.4 you can DKIM-sign your emails. You should only do this if your provider does not give you this option. You can read more on this here.

Gmail will stop accepting your emails if they are not DKIM-signed or without an SPF record. Here is a detailed article on this issue from Spamresource.com.

What you should do

• Check your emails for DKIM and SPF records.
• Check your nuevoMailer activity log for errors.
• Check your email clients report. If you had seen a drop in Gmail then something may be wrong.
• Use Google's postmaster tools.
• With nuevoMailer SB v.9.9 and ESP v.4 you can DKIM-sign your emails. You should only do this if your provider does not give you this option. You can read more on this here.

The nuevoMailer API and Zapier app are now available also for your clients.

Furthermore, they have Subscriber tags and Outbound webhooks. See all new features in nuevoMailer ESP v.4 here.