Sucuri just released notice of a Stored XSS vulnerability within Akismet 3.1.4. Unfortunately for this scenario Akismet is installed by default across millions of WordPress websites – and not every webmaster keeps their website scripts updated (even though you all should!). The current vulnerability affects only those websites who are running Akismet v3.1.4 or lower, and also have the Convert ...
A new report from Sucuri has come out mentioning a new malware campaign going on that is targeting WordPress websites. The original report went up on Friday, September 18th and it already showed thousands of websites being exploited. We detected thousands of sites compromised with this malware just today and 95% of them are using WordPress. We do not have ...
VMhosts has launched a free VMware health check service open to all UK businesses. The free health check is offered via a remote installation of Veeam ONE, a free tool intended to identify performance issues with your VMware setup. Furthermore VMhosts will look over your storage and your network configurations. All tests are done by VCP & MCSE certified consultants. ...
These days almost every place you visit asks you to register and create a profile to get access to something, and these days with online security the way it is – not everyone is comfortable using their own name or email address to create these profiles. This is where fakena.me comes into play. Fakena.me generates a random fake name, street ...
Earlier this week Google, Microsoft, Facebook, Twitter & Yahoo officially joined forces with the Internet Watch Foundation to help fight child pornography online. Utilizing a hash-based platform the companies hope to prevent the ability to upload and share any child pornography online. Microsoft already utilizes this technology within PhotoDNA – a standalone tool which has long been utilized by law ...
Just a quick warning to any customers of NFOServers.com – it seems that yesterday they had experienced a breach in one of their internal databases which stored passwords for VPS’s, dedicated servers, hosting accounts, FTP accounts for gaming servers, and hashed and salted control panel logins. Those of you who have an account with NFOServers.com would be wise to change ...
Symantec has recently published their 2015 Website Security Threat Report. This comprehensive annual report compiles Internet threat data based on the findings of the Symantec™ Global Intelligence Network, and is made up of more than 41.5 million attack sensors and records thousands of events per second. Rob Hoblit, Symantec’s Vice President of Trust Services Product Management, shared his thoughts on the report ...
Microsoft seems to be on the attack this week against all sorts of illegal online media. First with their release of PhotoDNA to all webmasters yesterday; and now with their announcement to join the fight against revenge porn. Microsoft will honor requests to remove revenge porn photos and videos taken out of Bing search results, OneDrive and Xbox Live. You can ...
Child pornography and sexual abuse images have always plagued the Internet and Microsoft has been working hard to help fix that. 6 years ago Microsoft started working on PhotoDNA – a cloud-based tool that utilizes a hash reference system to compare attributes of any given image with those of illegal ones. Law enforcement agencies have been using PhotoDNA for quiet ...
I had just mentioned how popular WordPress has gotten – coming close to a 50% market share among all CMS platforms – and I figured this would be a great time to write a quick tutorial on password protecting your WordPress admin login page. Now I want to mention that this will not prevent hacker attacks, nor prevent someone from ...
Hivelocity, a dedicated server, private cloud and infrastructure services provider, has announced this week the launch of an improved suite of DDoS protection services with the addition of Corero’s Threat Defense System. The Corero Smartwall has been incorporated to the existing network defense infrastructure that Hivelocity has had in place for years. Protection plans are being offered on a per ...
Earlier this week Host1Plus has announced the implementation of DDoS protection for a wide customer audience in all available VPS locations, except Frankfurt, Germany. As DDoS attacks are on the rise and tend to quickly evolve into complex security threats, the protection from such attacks is of the most importance. The collaboration with Staminus has resulted in an exceptional DDoS ...
Google kicked off the migration away from HTTP to HTTPS for most webmasters; and Mozilla aims to put the finishing fork into HTTP by announcing a new program which will essentially force webmasters onto HTTPS or else risk loosing various browser features. Removing features from the non-secure web will likely cause some sites to break. So we will have to monitor the ...
It seems like every few months a new SSL vulnerability is pointed out – which I suppose makes sense with the recent popularity that SSL has gotten. Thanks Google. Alas let’s welcome FREAK – a new man-in-the-middle vulnerability discovered by a group of cryptographers at INRIA, Microsoft Research and IMDEA. FREAK stands for “Factoring RSA-EXPORT Keys” which currently affects OpenSSL, Apple’s ...
DreamHost is damn serious about your privacy; however being a US-based company they are unfortunately required to comply with various information requests from legitimate domestic law enforcement agencies, along with DMCA takedown requests from rights-holders, and requests to remove content from courts processing defamation or invasion of privacy lawsuits. These are however just requests, and DreamHost has decided to publish their ...
Private data leaks suck, and unfortunately there have been plenty of them over the past few years – and now Google joins the ranks of other companies as the private information regarding the registrations of 280,000 domain names registered via Google Apps has been leaked. Security research group Cisco Talos had noticed a problem that seems to have existed since ...
For the duration of last week and up until yesterday a series of hackers have taken down New York City government’s email system. That included basically all government agencies, including the FBI and NYPD, who were unable to send or receive email messages. Commenting on this, Lancope CTO, TK Keanini, said: “Anything connected to the Internet is subject to this ...
SplashData has published their yearly list of worst passwords showcasing what were some of the worst passwords of 2014. SplashData collected together data about millions of stolen passwords that were posted online and compiled them to form the 2014 list. That being said looking through this list there are some hilariously weak password choices, and clearly Ford Mustang owners suck at online security. ...
Ever since Google started talking about giving an SEO boost to SSL-enabled websites there’s been plenty of questions going around about SSL from people who’ve never considered it in the past. This prompted me to record the following video to help explain some of the basics of SSL encryption, along with some of the misconceptions surrounding it. Throughout the above ...
Sucuri has picked up the SoakSoak malware which has compromised over 100,000 websites so far. The point of entry seems to be the same vulnerability Sucuri pointed out a few months back associated with the WordPress plugin Revolution Slider. That being said make sure you’re updated to the latest version of Revolution Slider if you’re using it on any of ...