OpenSSL Vulnerability

Urgent Action Required

There is a vulnerability present within OpenSSL that can allow sensitive information that is stored in the server memory to be disclosed to an attacker.

A public proof of concept has already been released and in our testing we were able to see credentials, session and private information!

It is highly recommended that you upgrade OpenSSL on all of your servers to one of the patched versions and also ensure that any other software using OpenSSL is patched as well. It would also be a good idea to revoke any private keys as this vulnerability has apparently been known for a couple years now.

Vulnerability Explained:
http://heartbleed.com"

Test If You Are Vulnerable:
http://filippo.io/Heartbleed

Ongoing Discussion at WHT:
http://www.webhostingtalk.com/showthread.php?t=1364373

Bangkok protests

Bangkok protests have reached the Woktron office today. Naturally, we remain fully operational.

vBulletin active exploit

We have been trying to validate a possible 0day in vBulletin. While we do not have definitive proof that one exists at this time, we decided to send out a alert to be on the safe side.

You can read more about it here: http://thehackernews.com/2013/11/vBulletin-hacked-Zero-Day-vulnerability.html?m=1

Various forums have taken their sites down until further notice, if you are going to keep your forum online make sure you have great backups.

Ongoing Discussion via WHT:
http://www.webhostingtalk.com/showthread.php?t=1322855

source: hostingseclist.com

Joomla vulnerability discovered

A vulnerability has been discovered in older versions of the Joomla! content management software that allow an authenticated attacker to upload active content through the media manager form ('administrator/components/com_media/helpers/media.php'). Joomla! allows files with a trailing '.' to pass the upload checks.

Joomla versions 1.6 and greater allow site owners to grant public access to the media manager. For versions 1.5 and greater, the default configuration of Joomla only allows privileged users to access the media manager form. We are not aware if versions earlier than 1.5 are affected.

Read more ...

Yet another WHMCS exploit

This is getting beyond ridiculous at this point. Another exploit related to WHMCS billing software has been discovered.

It would appear that poor coding practices are the root cause of this.

To our clients: Security is our utmost priority. To ensure data safety, we have taken our billing system again offline. We hoped that by partnering with the industry standard WHMCS software, we would have a secure and future proof solution. This turns out to be not the case.

At this point we are taking a closer look at alternatives.

More info here

Woktron Live Chat