Author Archive

By:


Date:
Mar 22, 2016
The evolution of technology has fundamentally changed the security landscape. The trench warfare style of a static frontline for computer security has given way to guerilla warfare. In the past few weeks alone, we’ve seen the Glibc vulnerability and the DROWN SSL vulnerability. Cybersecurity risks pose increased threat to your business, which can be subjected to significant liabilities if your network falls victim to a cyber-related attack. Safeguard your environment and your business by reviewing the five actions crucial for preparedness: identify, protect, detect, respond,… Read More
By:


Date:
Mar 1, 2016
Today, researchers from a number of universities and organizations around the world announced the DROWN SSL exploit.  DROWN, an acronym standing for Decrypting RSA with Obsolete and Weakened eNcryption, is an exploit that allows for remote decryption of SSL communications even if they’re protected by more advanced cipher suites. DROWN was assigned CVE CVE-2016-0800. Read a detailed analysis and fix to this vulnerability at DROWNattack.com Who is Affected? Anyone who uses SSL for any services including, but not limited to, HTTPS or IMAPS should assume… Read More
By:


Date:
Jan 22, 2016
If you’re running a server or desktop with Linux Kernel 3.8 or higher, you and your website or application are vulnerable to a very serious 0-day local privilege escalation vulnerability. Millions of Linux systems around the world are vulnerable to compromise and must be patched. What Damage Can the Linux Vulnerability Cause? This bug (referred to as CVE-2016-0728) affects the keyrings facility in the kernel, allowing the kernel to cache security data, authentication keys, and other sensitive data. The bug creates a leak in the… Read More
By:


Date:
Nov 4, 2015
There’s no disputing that the Internet has had massive effects on international trade, beyond what anyone could have predicted. There was a time when buying a new shovel meant a trip to the local hardware store a few minutes away, but that’s started to change in recent years. These days, people are (arguably) more likely to make such a purchase online, and this is true of many other services as well. Long Distance Relationships on the Internet Pose “Communication Issues” The problem is that sometimes… Read More
By:


Date:
Sep 22, 2015
Codero wants to let you know that the FBI has issued two warnings (here is the second) about a sophisticated scam called Business Email Compromise (BEC), which targets businesses working with foreign suppliers and businesses that regularly perform wire transfer payments. The fraudsters compromise legitimate business e-mail accounts through social engineering or phishing, then conduct unauthorized transfers of funds. Most victims are reporting money lost through wire transfers, others report checks were used instead. Whichever payment method is most commonly associated with normal business practices… Read More
By:


Date:
Apr 16, 2015
Codero wants to urgently let you know that a new critical Windows vulnerability affecting 70 million+ websites hosted on Windows servers has been discovered. Microsoft has deemed this a critical security update for all supported editions of Windows. If you are running any affected version of Windows, you are vulnerable to a remote code execution attack until you install the updates and reboot your servers. This vulnerability can affect both Codero Cloud and Codero's Dedicated Server users. Here's what you need to do to protect your… Read More
By:


Date:
Jan 29, 2015
Updates 1/30/2015: PHP applications are found to be vulnerable. This includes Wordpress and other PHP based applications. Haldaemon and init, common applications, use the glibc library. If you have these running, (and chances are you are) you will need to reboot your server, not just specific services. To be clear, full reboot is more than likely required to ensure a complete secure environment. What is GHOST? The exploit, being called ‘GHOST’, is a buffer overflow that can be executed against two commands that are part of… Read More
By:


Date:
Dec 18, 2014
What happens if your websites suddenly draw a lot of traffic? How about if traffic suddenly spikes? Or what if your sites get ‘slashdotted’?  This is where a link to your site pops up on a very popular site. While the additional exposure is great, if your infrastructure isn’t ready to handle a large influx of traffic, it can easily overwhelm your server. Hosting your websites on one server is fine.  Until that server cannot handle the traffic or goes down.  Sooner or later, every… Read More