CloudLinux Security Update

An update for CloudLinux LVE Manager (cPanel) was just released to address various security vulnerabilities and it is recommended that you update as soon as possible.

Update:

yum update lvemanager

Official Link:
http://www.cloudlinux.com/blog/clnews/467.php

source: hostingseclist.com

OpenSSL Vulnerability

Urgent Action Required

There is a vulnerability present within OpenSSL that can allow sensitive information that is stored in the server memory to be disclosed to an attacker.

A public proof of concept has already been released and in our testing we were able to see credentials, session and private information!

It is highly recommended that you upgrade OpenSSL on all of your servers to one of the patched versions and also ensure that any other software using OpenSSL is patched as well. It would also be a good idea to revoke any private keys as this vulnerability has apparently been known for a couple years now.

Vulnerability Explained:
http://heartbleed.com"

Test If You Are Vulnerable:
http://filippo.io/Heartbleed

Ongoing Discussion at WHT:
http://www.webhostingtalk.com/showthread.php?t=1364373

Bangkok protests

Bangkok protests have reached the Woktron office today. Naturally, we remain fully operational.

vBulletin active exploit

We have been trying to validate a possible 0day in vBulletin. While we do not have definitive proof that one exists at this time, we decided to send out a alert to be on the safe side.

You can read more about it here: http://thehackernews.com/2013/11/vBulletin-hacked-Zero-Day-vulnerability.html?m=1

Various forums have taken their sites down until further notice, if you are going to keep your forum online make sure you have great backups.

Ongoing Discussion via WHT:
http://www.webhostingtalk.com/showthread.php?t=1322855

source: hostingseclist.com

Joomla vulnerability discovered

A vulnerability has been discovered in older versions of the Joomla! content management software that allow an authenticated attacker to upload active content through the media manager form ('administrator/components/com_media/helpers/media.php'). Joomla! allows files with a trailing '.' to pass the upload checks.

Joomla versions 1.6 and greater allow site owners to grant public access to the media manager. For versions 1.5 and greater, the default configuration of Joomla only allows privileged users to access the media manager form. We are not aware if versions earlier than 1.5 are affected.

Read more ...

Woktron Live Chat