Blog

blog_cpanel-logo

22 Jan: cPanel TSR-2019-0001 Security update

cPanel is a popular web based control panel tool which will help you manage your web hosting account through a web interface instead of a console. cPanel has released updates that provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available…

magecart-icon

21 Jan: New wave of Magecart attacks uncovered

Magecart, in operation since 2015, is software used by a range of hacking groups to implant malicious computer code into websites and third-party suppliers of digital systems to steal credit card info as people enter it at a checkout page. It’s been used in combination with commodity Magento extension…

blog_drupal

18 Jan: Vulnerabilities in Drupal Pear library (CVE-2018-1000888)

The Drupal content management system (CMS) has released two security updates on Wednesday, each designed to mitigate critical security vulnerabilities in the content management framework. These vulnerabilities were reported by network security and ethical hacking experts from the International Institute of Cyber Security and allow a malicious user to…

libssh

18 Jan: Critical Vulnerability discovered in libssh (CVE-2018-10933)

libssh, a tiny C SSH library, contains an authentication bypass vulnerability in libssh’s server-side code. An attacker can take advantage of this flaw to successfully authenticate without any credentials by presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate…

2fa_logo

14 Jan: Phishing Attacks Bypass Two-Factor Authentication

The internet is a dangerous place, replete with shady people looking to steal your personal information. Two-factor authentication or 2FA, has long been considered an important measuare for protecting your online accounts against such activity. 2FA authentication codes are typically sent via text message or via authentication apps. It’s…

blog_wordpress

13 Jan: Three vulnerabilities in LearnPress discovered

Three vulnerabilities in LearnPress prior to version 3.1.0 have been discovered. LearnPress is a popular plugin with more than 50.000 installations for the WordPress CMS that can be used to create and sell courses online. LearnPress is similar to Moodle, an open source learning platform.

DNS logo

12 Jan: DNS Domain Hijacking Attacks Linked to Iranian Hackers

A hacking campaign linked to Iran appears to be targeting dozens of domains across the globe by way of domain name system (DNS) hijacking, FireEye’s Mandiant Incident Response and Intelligence team have said. The attacks, targeting several countries to redirect traffic and harvest credentials, have been linked to persons…

mkcert logo

11 Jan: MKcert – issue valid TLS certificates for localhost

In the last few years Google have been actively promoting but also mandating a move to a secure web. However, HTTPS apps and websites require TLS certificates, and while deployment is increasingly a solved issue thanks to Let’s Encrypt and their ACME protocol, development still mostly ends up happening…

Linux Icon

11 Jan: Security holes discovered in SystemD toolkit

Security researchers at Qualys have disclosed three vulnerabilities that affect a system service part of SYSTEMD, the popular but controversial Linux system and service manager. SystemD is available for most Linux based operating systems and could allow unprivileged local attackers or malicious programs to gain root access on the…