Magento Security Update Issued

WordPress 4.2.3 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

A remote code execution vulnerability has been reported in Exim, with immediate public disclosure (we were given no private notice). A tentative patch exists but has not yet been confirmed. Exim is a widely used mail transfer agent used on Unix-like operating systems.

An update for cPanel was just released and it is recommended that you update as soon as possible. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system.

A vulnerability that VMware patched recently in some of its products, is currently being exploited and Russian threat actors are leveraging this vulnerability to install malware on corporate systems and access protected data, the National Security Agency (NSA) warned on Monday.

Numerous updates were just released to address various security vulnerabilities and it is recommended that you update as soon as possible. (XSA-145 to XSA-153) Official Link: http://xenbits.xen.org/xsa/ Source: Hostingseclist

WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation.

Researchers have discovered authorization bypass bugs in three WordPress plugins, making a total of 400,000 WordPress websites vulnerable to cyber attacks. The affected plugins are InfiniteWP, WP Time Capsule and the WP Database Reset plugin.

The OpenSSL project team would like to announce the forthcoming release of OpenSSL versions 1.0.2d and 1.0.1p. These releases will be made available on 9th July. They will fix a single security defect classified as “high” severity. This defect does not affect the 1.0.0 or 0.9.8 releases.

Researchers from universities in Adelaide, Eindhoven, Chicago, Maryland and Pennsylvania have published a paper describing how they used a local side-channel attack to break the Libgcrypt encryption library. The exploit could be used to recover a RSA-1024 key.

  Multiple vulnerabilities for the Drupal CMS have been discovered. Drupal have released versions 8.3.4 and 7.56 which contain fixes for these security vulnerabilities. We recommend that you update Drupal as soon as possible.

We have been made aware of a serious security vulnerability in Bash that affects multiple operating systems and applications.

aaPanel is a free and Open source Hosting Control Panel for RHEL and Debian based systems. It is the Internationalized version for the BAOTA panel(www.bt.cn), developed in China. It allows users to manage their web server through a web-based GUI (Graphical User Interface).

An update for LiteSpeed 4 & 5 was just released to address a security vulnerability within OpenSSL (CVE-2015-1793) and it is recommended that you update as soon as possible.

Joomla! has released version 3.7.3 of its Content Management System (CMS) software that addresses several security issues. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

A serious vulnerability has been discovered in older versions of the popular Code Snippets plugin for WordPress. The flaw allowed anybody to forge a request on behalf of an administrator and inject executable code on a vulnerable site. This is a Cross-Site Request Forgery (CSRF) to Remote Code Execution…