Sucuri just released notice of a Stored XSS vulnerability within Akismet 3.1.4. Unfortunately for this scenario Akismet is installed by default across millions of WordPress websites – and not every webmaster keeps their website scripts updated (even though you all should!). The current vulnerability affects only those websites who are running Akismet v3.1.4 or lower, […]
Tag Archives: security
Alert: New Malware Campaign Running Targeting WordPress Websites
A new report from Sucuri has come out mentioning a new malware campaign going on that is targeting WordPress websites. The original report went up on Friday, September 18th and it already showed thousands of websites being exploited. We detected thousands of sites compromised with this malware just today and 95% of them are using […]
UK Businesses Can Get A Free VMware vSphere Health Check
VMhosts has launched a free VMware health check service open to all UK businesses. The free health check is offered via a remote installation of Veeam ONE, a free tool intended to identify performance issues with your VMware setup. Furthermore VMhosts will look over your storage and your network configurations. All tests are done by […]
Create A Fake Profile In Seconds
These days almost every place you visit asks you to register and create a profile to get access to something, and these days with online security the way it is – not everyone is comfortable using their own name or email address to create these profiles. This is where fakena.me comes into play. Fakena.me generates […]
Google, Microsoft, Facebook, Twitter & Yahoo Join Together To Fight Child Pornography
Earlier this week Google, Microsoft, Facebook, Twitter & Yahoo officially joined forces with the Internet Watch Foundation to help fight child pornography online. Utilizing a hash-based platform the companies hope to prevent the ability to upload and share any child pornography online. Microsoft already utilizes this technology within PhotoDNA – a standalone tool which has […]
Warning: NFOServers.com Password Database Compromised
Just a quick warning to any customers of NFOServers.com – it seems that yesterday they had experienced a breach in one of their internal databases which stored passwords for VPS’s, dedicated servers, hosting accounts, FTP accounts for gaming servers, and hashed and salted control panel logins. Those of you who have an account with NFOServers.com […]
Symantec Offers Website Security Advice
Symantec has recently published their 2015 Website Security Threat Report. This comprehensive annual report compiles Internet threat data based on the findings of the Symantec™ Global Intelligence Network, and is made up of more than 41.5 million attack sensors and records thousands of events per second. Rob Hoblit, Symantec’s Vice President of Trust Services Product Management, shared […]
Microsoft Joins In On The Fight Against Revenge Porn
Microsoft seems to be on the attack this week against all sorts of illegal online media. First with their release of PhotoDNA to all webmasters yesterday; and now with their announcement to join the fight against revenge porn. Microsoft will honor requests to remove revenge porn photos and videos taken out of Bing search results, […]
Microsoft Releases PhotoDNA To All Website Owners
Child pornography and sexual abuse images have always plagued the Internet and Microsoft has been working hard to help fix that. 6 years ago Microsoft started working on PhotoDNA – a cloud-based tool that utilizes a hash reference system to compare attributes of any given image with those of illegal ones. Law enforcement agencies have […]
WordPress Security: Password Protect Your WordPress WP-Admin Directory
I had just mentioned how popular WordPress has gotten – coming close to a 50% market share among all CMS platforms – and I figured this would be a great time to write a quick tutorial on password protecting your WordPress admin login page. Now I want to mention that this will not prevent hacker […]
Hivelocity Integrates Corero’s Threat Defense System for Enterprise Level DDoS Protection
Hivelocity, a dedicated server, private cloud and infrastructure services provider, has announced this week the launch of an improved suite of DDoS protection services with the addition of Corero’s Threat Defense System. The Corero Smartwall has been incorporated to the existing network defense infrastructure that Hivelocity has had in place for years. Protection plans are […]
Host1Plus Launches DDoS Protection Service
Earlier this week Host1Plus has announced the implementation of DDoS protection for a wide customer audience in all available VPS locations, except Frankfurt, Germany. As DDoS attacks are on the rise and tend to quickly evolve into complex security threats, the protection from such attacks is of the most importance. The collaboration with Staminus has […]
Mozilla Wants You To Go HTTPS Or Else
Google kicked off the migration away from HTTP to HTTPS for most webmasters; and Mozilla aims to put the finishing fork into HTTP by announcing a new program which will essentially force webmasters onto HTTPS or else risk loosing various browser features. Removing features from the non-secure web will likely cause some sites to break. So we […]
Welcome FREAK – Yet Another OpenSSL Vulnerability
It seems like every few months a new SSL vulnerability is pointed out – which I suppose makes sense with the recent popularity that SSL has gotten. Thanks Google. Alas let’s welcome FREAK – a new man-in-the-middle vulnerability discovered by a group of cryptographers at INRIA, Microsoft Research and IMDEA. FREAK stands for “Factoring RSA-EXPORT Keys” […]
DreamHost Releases Their First Transparency Report for 2014
DreamHost is damn serious about your privacy; however being a US-based company they are unfortunately required to comply with various information requests from legitimate domestic law enforcement agencies, along with DMCA takedown requests from rights-holders, and requests to remove content from courts processing defamation or invasion of privacy lawsuits. These are however just requests, and DreamHost […]
Google Apps Leaks WHOIS Data For 280,000+ Domain Names
Private data leaks suck, and unfortunately there have been plenty of them over the past few years – and now Google joins the ranks of other companies as the private information regarding the registrations of 280,000 domain names registered via Google Apps has been leaked. Security research group Cisco Talos had noticed a problem that […]
NYC Gets Hit With DDOS Attack
For the duration of last week and up until yesterday a series of hackers have taken down New York City government’s email system. That included basically all government agencies, including the FBI and NYPD, who were unable to send or receive email messages. Commenting on this, Lancope CTO, TK Keanini, said: “Anything connected to the […]
Worst Passwords of 2014 Released
SplashData has published their yearly list of worst passwords showcasing what were some of the worst passwords of 2014. SplashData collected together data about millions of stolen passwords that were posted online and compiled them to form the 2014 list. That being said looking through this list there are some hilariously weak password choices, and clearly Ford Mustang […]
Understanding SSL Basics – Pros, Cons, Misconceptions
Ever since Google started talking about giving an SEO boost to SSL-enabled websites there’s been plenty of questions going around about SSL from people who’ve never considered it in the past. This prompted me to record the following video to help explain some of the basics of SSL encryption, along with some of the misconceptions […]
Warning: SoakSoak Malware Compromises 100,000+ WordPress Websites
Sucuri has picked up the SoakSoak malware which has compromised over 100,000 websites so far. The point of entry seems to be the same vulnerability Sucuri pointed out a few months back associated with the WordPress plugin Revolution Slider. That being said make sure you’re updated to the latest version of Revolution Slider if you’re […]