25 Nov

2014

The CryptoPHP Infection – A Story About Getting Paid Themes and Plugins for Free

php2
A few of our email servers went wild sending spam this weekend. After quickly fixing the spam issue, we started the longer process of identifying the cause for the spam. It turned out to be the CryptoPHP infection (check out the official whitepaper), activated through a few WordPress themes and plugins.
Read More…

 

31 Oct

2014

WP eCommerce Plugin Vulnerability Fixed

bash

Yesterday Sucuri reported a new vulnerability in WP eCommerce – a popular WordPress plugin for online stores. The vulnerability allows attackers to obtain private information from websites. All versions of the WP eCommerce extension before 3.8.14.4 are vulnerable and attackers may export all user accounts, addresses and other information related to people, who used your site and the plugin to purchase any products from your site.
Read More…

 

15 Oct

2014

Time to Say Goodbye to SSL Version 3.0

ssl-farewell

It is no secret that securing your client’s data is an ongoing process and not something that you can simply install on a server/platform. That is why security solutions and protocols evolve all the time and developers frequently release new versions. The two cryptographic protocols that provide communication security over the Internet are TLS and SSL. The latest version of Secure Sockets Layer (SSL version 3.0) is the predecessor of TLS and is nearly 15 years old. So it was only a matter of time for someone to find the next big issue related to the SSL protocol. Yesterday Bodo Möller from the Google Security Team wrote a blog post about a new vulnerability in the design of SSL version 3.0. The vulnerability allows attackers to calculate the plain text of secure connections.
Read More…

 

25 Sep

2014

Major Bash Vulnerability Fixed on All Servers

bash

A major security flaw was discovered in the most popular shell (Bash) which is used by default in many Linux and Unix distributions. A shell is a program that takes your commands (accessing folders, listing files, etc.) that you type and sends them to the operating system to be executed. The Bash vulnerability, also known as Shellshock, allows attackers to issue arbitrary commands via crafted environment variables.
Read More…

 

11 Sep

2014

SiteGround Customers Protected Against Serious VirtueMart Vulnerability!

vulnerability

A serious vulnerability in the popular Joomla extension VirtueMart was discovered by the awesome people at Sucuri during one of their regular security audits. It allows regular users to gain Super Administrator privileges to a Joomla website with VirtueMart 2.6.8c and below installed on it. If a site with an older version of VirtueMart allows user registration (which is a default mode in VirtueMart) it can be hacked through this vulnerability.
Read More…

 
Page 1 of 512345