Netcraft has found that Halifax has been left vulnerable to convincing impersonation attacks for five years. The operator of a website promoting Spanish hotels is able to send and receive emails on the official Halifax online banking domain, and get legitimate security certificates issued for the same domain.
WordPress 5.2 Beta 3 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the latest WordPress 5.2 beta: try the WordPress Beta Tester plugin (you’ll want […]
The post Your Automatic Server Update to Plesk 17.8 appeared first on Plesk.
The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks.
Joomla! CMS versions 3.0.0 through 3.9.4
Upgrade to version 3.9.5
The JSST at the Joomla! Security Centre.
The “refresh list of helpsites” endpoint of com_users lacks access checks, allowing calls from unauthenticated users.
Joomla! CMS versions 3.2.0 through 3.9.4
Upgrade to version 3.9.5
The JSST at the Joomla! Security Centre.
The Media Manager component does not properly sanitise the folder parameter, allowing attackers to act outside the media manager root directory.
Joomla! CMS versions 1.5.0 through 3.9.4
Upgrade to version 3.9.5
The JSST at the Joomla! Security Centre.
Last year, we shared “7 Ways We’ve Improved Email Hosting on cPanel & WHM” and we looked at some cool features for email accounts. After much improvement, we felt that Plus Addressing was an interesting enough feature to include as a blog post! So what is plus addressing? Known officially as subaddressing, plus addressing delivers mail in a particular way so that you can better organize incoming mail. Additionally, plus addressing is used as a method to …
WordPress 5.2 Beta 2 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the WordPress 5.2 beta: try the WordPress Beta Tester plugin (you’ll want to […]
The post “Cybersecurity is changing; We need new protection strategies” – Say CloudLinux (Imunify360) appeared first on Plesk.
This year’s CloudFest was brand new for Phil Hodges. Take a look at what he got out of it!
WordPress 5.2 is targeted for release at the end of this month, and with it comes an update to the minimum required version of PHP. WordPress will now require a minimum of PHP 5.6.20. Beginning in WordPress 5.1, users running PHP versions below 5.6 have had a notification in their dashboard that includes information to […]
WordPress reached a significant milestone this month. With some exciting developments in Core, an interesting new proposal, and the return of a valuable global event, March was certainly an interesting time. WordPress Now Powers One-Third of the Web WordPress’ market share has been steadily increasing, and as of halfway through this month, it powers over […]
WordPress 5.2 Beta 1 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. You can test the WordPress 5.2 Beta two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]
“Eating your own dog food” is a popular practice amongst companies where the employees are encouraged, and often do, use their own product in real life scenarios. The phrase “eating your own dog food” was purported to have been coined in the 1970s when television advertisements for Alpo Dog Food. Spokesman Lorne Greene pointed out that he had fed Alpo to his own dogs. Another possibility, even stranger, was a story of the president of …
In 2018, cPanel, with their longterm partner CloudLinux, began offering Imunify360 as a featured security product. With cPanel & WHM Version s82 or 84, we are integrating ImunifyAV into all cPanel & WHM servers. Imunify360 is a product set from our industry partner CloudLinux and will provide all customers with the most effective malware detection solution in the industry. We have spent years working extensively with the development teams at CloudLinux on a variety of …
WordPress now powers over 1/3rd of the top 10 million sites on the web according to W3Techs. Our market share has been growing steadily over the last few years, going from 29.9% just one year ago to 33.4% now. We are, of course, quite proud of these numbers! The path here has been very exciting. […]
cPanel & WHM Version 80 will not support MySQL 5.5, and updates to cPanel & WHM Version 80 will be blocked for any server still running MySQL 5.5. We are also blocking updates for any cPanel & WHM servers that connect to MySQL 5.5 servers running. The MySQL/MariaDB Upgrade interface inside WHM makes upgrading safe and easy. Why the block? On December 31st, 2018, MySQL version 5.5 entered End of Life status. Any server currently running MySQL …
As a part of an ongoing initiative to improve user experience in our product, in cPanel & WHM Version 78 we introduced cPanel Analytics. This functionality is intentionally built with ease of use and privacy in mind. It provides us with deeper insight into how our customers utilize cPanel, WHM, and Webmail without compromising the privacy of those users. We tested the feature directly with a few customers on cPanel & WHM Version 74, made some adjustments in …
The item_title layout in edit views lacks escaping, leading to a XSS vulnerability.
Joomla! CMS versions 3.2.0 through 3.9.3
Upgrade to version 3.9.4
The JSST at the Joomla! Security Centre.
The JSON handler in com_config lacks input validation, leading to XSS vulnerability.
Joomla! CMS versions 3.2.0 through 3.9.3
Upgrade to version 3.9.4
The JSST at the Joomla! Security Centre.
The sample data plugins lack ACL checks, allowing unauthorized access.
Joomla! CMS versions 3.8.0 through 3.9.3
Upgrade to version 3.9.4
The JSST at the Joomla! Security Centre.
The media form field lacks escaping, leading to a XSS vulnerability.
Joomla! CMS versions 3.2.0 through 3.9.3
Upgrade to version 3.9.4
The JSST at the Joomla! Security Centre.
An extremely convincing phishing attack that impersonates a multi-game skin trade bot appears to be using a fake Extended Validation TLS certificate to steal Steam accounts. The ongoing phishing attack impersonates TradeIt.gg, which facilitates the trading of skins, weapons and other in-game commodities within popular games like CS:GO, TF2 and DOTA. When a victim attempts […]
WordPress 5.1.1 is now available! This security and maintenance release introduces 10 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously […]
Exim (Experimental Internal Mailer) is a mail transfer agent known for being a general and flexible mailer, with many tools for checking incoming email. Created in 1995 by Philip Hazel, an estimated 57% of publicly reachable mail servers on the internet use Exim. Using the Sendmail design model, Exim has defined stages where it gains or loses privileges on a server, to help increase the security of mail delivery overall. Many of the benefits that Exim provides …
One of the more popular methods of publishing content on a website is a CMS (Content Management System). A CMS generally has a graphic user interface where a user can log in, create or upload content, update existing content, design how they would want their website to appear, and other related tasks. The three most popular CMS choices by usage are WordPress, Joomla, and Drupal. A cursory glance at these three different pieces of software shows …
A new version of WordPress, significant security enhancements, important discussions, and much more – read on to find out what has been going on in the WordPress community for the month of February. Release of WordPress 5.1 Near the end of the month, WordPress 5.1 was released, featuring significant stability and performance enhancements as well […]
Strengthening connections with our users is a huge part of the work that we do on the Community Team here at cPanel, and conferences like JoomlaDay Florida are perfect for that. Even on years that it sells out (like this one), it’s only around 150 of our best friends with great chances to interact, and still intimate enough that we get a chance to really talk to some of the best folks there. I …
Many hosting providers have a large customer base with varying needs for their online projects. Available for systems running EasyApache 4, the MultiPHP Manager interface allows you to easily manage the PHP and PHP-FPM configurations of your cPanel accounts and domains. Hosting providers can switch between a number of different PHP versions with the click of a button, or allow more advanced users to upgrade to a newer version of PHP more quickly than others. There are …
A Little Better Every Day: Version 5.1 of WordPress, named “Betty” in honour of acclaimed jazz vocalist Betty Carter, is available for download! 🕺🏻
60 queries. 8.75 mb Memory usage. 1.703 seconds.