A new cyber security report from Venafi has revealed that over 21% of all websites are still currently using an insecure SSL certificate. SHA-1 certificates were exposed to be vulnerable for man-in-the-middle attacks, collision attacks, and brute force attacks. Remember Heartbleed? “The results of our most recent analysis are not surprising,” said Kevin Bocek, chief security strategist for Venafi. “Even ...
I like keeping up to date on the latest industry reports, it’s a great way to stay on top of industry trends. The most recent report, however, has me a touch worried, or at least is forcing me to pay close attention. RiskIQ, a leading digital threat management company, has found that malvertising threats grew over 132% in 2016 when ...
Unfortunately these days not all traffic is good traffic – and as such the time may come when you may wish to block traffic that is coming from a certain referral domain. Firewall platforms such as Cloudflare have options for this available using their online dashboards – however you can accomplish the same thing without any fancy firewalls – simply ...
Online security is an ever increasing concern, with new data-breaches occurring almost monthly – and more and more scams and hacks being thrust upon the public. Symantec has published the latest Website Security Threat Report and there are some rather alarming statistics within the report. Here are just some key statistics: 318 data breaches reported in 2015 429 million identities ...
Every now and then an infographic pops up that is a bold reminder how important a secure password is – and today we have such an infographic. Coming from Statista, the infographic lists 10 of the most popular LinkedIn passwords from a 2012 LinkedIn hack. I don’t even know where to start here. If by mid-2016 you are still using 123456 ...
Ever logged into you’re email on a public computer and then worried you forgot to log out? Maybe you logged into several different websites. Oh God! Did you leave you’re WordPress blog logged in on that BestBuy display computer?! Next time, use UltraLogout. A simple website you can access via numerous different domain names, and instantly log out of dozens of ...
Speaking of SSL certificates, Amazon has rolled out the Amazon Certificate Manager – a free service that lets you deploy SSL certificates which you can utilize with AWS services. Oh, did I mention – it’s free! The downside being that ACM (Amazon Certificate Manager) is currently only available in the Northern Virginia region – however Amazon will surely roll this out ...
Talk across the Interwebs this morning is revolving around a possible upcoming decision by Google Chrome to flag non-secure websites via a red “x” icon. The feature hasn’t been officially announced, however a new hidden option is now available within Chrome which lets you “Mark non-secure origins as non-secure, or as ‘dubious’“. Want to try it out for yourself? Head ...
Trustwave SpiderLabs have announced a critical SQL injection vulnerability that affects all Joomla website installations running versions 3.2 through 3.4.4. The vulnerability allows an attacker to gain full administrative access of an affected Joomla website. Joomla has patched this in last weeks release of Joomla 3.4.5 however far from everyone has updated their websites and I wanted to take a moment ...
SiteLock is by far the most popular website security solution out there today – catering to roughly 5 million customers around the world. Thanks to the recent partnership with Media Temple the SiteLock suite of services will now be activated across the 1.5 million websites managed by Media Temple! The new service is called CloudTech and combines Media Temple’s existing ...
Sucuri just released notice of a Stored XSS vulnerability within Akismet 3.1.4. Unfortunately for this scenario Akismet is installed by default across millions of WordPress websites – and not every webmaster keeps their website scripts updated (even though you all should!). The current vulnerability affects only those websites who are running Akismet v3.1.4 or lower, and also have the Convert ...
A new report from Sucuri has come out mentioning a new malware campaign going on that is targeting WordPress websites. The original report went up on Friday, September 18th and it already showed thousands of websites being exploited. We detected thousands of sites compromised with this malware just today and 95% of them are using WordPress. We do not have ...
VMhosts has launched a free VMware health check service open to all UK businesses. The free health check is offered via a remote installation of Veeam ONE, a free tool intended to identify performance issues with your VMware setup. Furthermore VMhosts will look over your storage and your network configurations. All tests are done by VCP & MCSE certified consultants. ...
These days almost every place you visit asks you to register and create a profile to get access to something, and these days with online security the way it is – not everyone is comfortable using their own name or email address to create these profiles. This is where fakena.me comes into play. Fakena.me generates a random fake name, street ...
Earlier this week Google, Microsoft, Facebook, Twitter & Yahoo officially joined forces with the Internet Watch Foundation to help fight child pornography online. Utilizing a hash-based platform the companies hope to prevent the ability to upload and share any child pornography online. Microsoft already utilizes this technology within PhotoDNA – a standalone tool which has long been utilized by law ...
Just a quick warning to any customers of NFOServers.com – it seems that yesterday they had experienced a breach in one of their internal databases which stored passwords for VPS’s, dedicated servers, hosting accounts, FTP accounts for gaming servers, and hashed and salted control panel logins. Those of you who have an account with NFOServers.com would be wise to change ...
Symantec has recently published their 2015 Website Security Threat Report. This comprehensive annual report compiles Internet threat data based on the findings of the Symantec™ Global Intelligence Network, and is made up of more than 41.5 million attack sensors and records thousands of events per second. Rob Hoblit, Symantec’s Vice President of Trust Services Product Management, shared his thoughts on the report ...
Microsoft seems to be on the attack this week against all sorts of illegal online media. First with their release of PhotoDNA to all webmasters yesterday; and now with their announcement to join the fight against revenge porn. Microsoft will honor requests to remove revenge porn photos and videos taken out of Bing search results, OneDrive and Xbox Live. You can ...
Child pornography and sexual abuse images have always plagued the Internet and Microsoft has been working hard to help fix that. 6 years ago Microsoft started working on PhotoDNA – a cloud-based tool that utilizes a hash reference system to compare attributes of any given image with those of illegal ones. Law enforcement agencies have been using PhotoDNA for quiet ...
I had just mentioned how popular WordPress has gotten – coming close to a 50% market share among all CMS platforms – and I figured this would be a great time to write a quick tutorial on password protecting your WordPress admin login page. Now I want to mention that this will not prevent hacker attacks, nor prevent someone from ...