Posts Tagged ‘online security’

By:


Date:
Jan 22, 2016
If you’re running a server or desktop with Linux Kernel 3.8 or higher, you and your website or application are vulnerable to a very serious 0-day local privilege escalation vulnerability. Millions of Linux systems around the world are vulnerable to compromise and must be patched. What Damage Can the Linux Vulnerability Cause? This bug (referred to as CVE-2016-0728) affects the keyrings facility in the kernel, allowing the kernel to cache security data, authentication keys, and other sensitive data. The bug creates a leak in the… Read More
By:


Date:
Sep 22, 2015
Codero wants to let you know that the FBI has issued two warnings (here is the second) about a sophisticated scam called Business Email Compromise (BEC), which targets businesses working with foreign suppliers and businesses that regularly perform wire transfer payments. The fraudsters compromise legitimate business e-mail accounts through social engineering or phishing, then conduct unauthorized transfers of funds. Most victims are reporting money lost through wire transfers, others report checks were used instead. Whichever payment method is most commonly associated with normal business practices… Read More
By:


Date:
Sep 3, 2015
One of the biggest stories of the past few weeks is the recent breach of affair-oriented dating site Ashley Madison. Hackers released the personal information of more than 37 million users, which has led to embarrassment, blackmail, and government investigations. Regardless of the moral position of a company like this, this kind of breach is an unprecedented disaster for any organization hosting sensitive information. Its entire business was built on the notion of secrecy; in the eyes of the public, it has failed miserably in… Read More
By:


Date:
Apr 9, 2015
So you are building the prototype of your million dollar app, your site is almost ready to launch and you’re ready to go live! Just one problem -- you need a hosting environment that will allow you to start lean and grow bigger as you need. Picking the right hosting provider is a crucial decision. Picking the wrong hosting provider can mean negative customer experiences, severe growing pains and performance disruption. The right hosting provider will ensure you can continue to serve your customers 24/7/365,… Read More
By:


Date:
Mar 13, 2015
If you’re using a version of the popular WordPress SEO plugin Yoast prior to 1.7.3.3, you and your site are vulnerable to a blind SQL injection attack. What damage can the vulnerability cause? The issue with Yoast can lead to a database breach and exposure of confidential information. “The orderby and order GET parameters are not sufficiently sanitised before being used within a SQL query.” Read the full security advisory here. A particular GET request causes the SQL query to execute and sleep for 10 seconds if… Read More
By:


Date:
Jan 29, 2015
Updates 1/30/2015: PHP applications are found to be vulnerable. This includes Wordpress and other PHP based applications. Haldaemon and init, common applications, use the glibc library. If you have these running, (and chances are you are) you will need to reboot your server, not just specific services. To be clear, full reboot is more than likely required to ensure a complete secure environment. What is GHOST? The exploit, being called ‘GHOST’, is a buffer overflow that can be executed against two commands that are part of… Read More
By:


Date:
Nov 4, 2014
It’s true; the internet really is out to get you.  Everything from compromised hosts to foreign intelligence agencies are probing the internet for weaknesses.  It’s important, especially in light of recent events like the POODLE, Sandworm, Shellshock and Heartbleed exploits, to keep your servers up to date and patched.  However, it is equally important to invest in your own peace of mind and security by protecting your servers with a hardware firewall. Firewalls tend to be a little misunderstood, so to remedy that issue, let’s… Read More
By:


Date:
Oct 17, 2014
Researchers at Google recently announced a vulnerability in SSLv3, one of the protocols used for web traffic security.  They have dubbed this exploit ‘POODLE,’ an acronym for Padding Oracle On Downgraded Legacy. SSLv3 is an older protocol, and has largely been replaced by the newer TLS protocol family.  However, older browsers that do not support the TLS family of protocols rely exclusively on SSL. When presented with a TLS connection, browsers like IE6 will propose that the connection use SSLv3, and most servers will comply.… Read More