Bash CVE-2014-6217 and CVE-2014-7169 CVE-2014-6217 is a critical vulnerability in all versions of GNU Bash, the Bourne Again Shell.This vulnerability allows an attacker to execute arbitrary shell commands any time a Bash shell executes with environmental variables supplied by the attacker. On cPanel & WHM systems, there are numerous entry …
A recent spate of phishing attacks has taken to using the data URI scheme for evil. Supported in most browsers, these special URIs allow the content of a phishing page to be contained entirely within the URI itself, effectively eliminating the need to host the page on a remote web server and adding an additional […]
Inadequate checking allowed the potential for a denial of service attack.
Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
Upgrade to version 2.5.26, 3.2.6, or 3.3.5
The JSST at the Joomla! Security Center.
Inadequate checking allowed the potential for remote files to be executed.
Joomla! CMS versions 2.5.4 through 2.5.25, 3.2.5 and earlier 3.x versions, 3.3.0 through 3.3.4
Upgrade to version 2.5.26, 3.2.6, or 3.3.5
Please refer to AkeebaBackup.com for additional details.
The JSST at the Joomla! Security Center.
Inadequate checking allowed unauthorised logins via LDAP authentication.
Joomla! CMS versions 2.5.24 and earlier 2.5.x versions, 3.2.4 and earlier 3.x versions, 3.3.0 through 3.3.3
Upgrade to version 2.5.25, 3.2.5, or 3.3.4
The JSST at the Joomla! Security Center.
Inadequate escaping leads to XSS vulnerability in com_media.
Joomla! CMS versions 3.2.0 through 3.2.4 and 3.3.0 through 3.3.3
Upgrade to version 3.2.5 or 3.3.4
The JSST at the Joomla! Security Center.
Version 4.0 of WordPress, named “Benny” in honor of jazz clarinetist and bandleader Benny Goodman, is available for download or update in your WordPress dashboard. While 4.0 is just another number for us after 3.9 and before 4.1, we feel we’ve put a little extra polish into it. This release brings you a smoother writing and management experience […]
The first release candidate for WordPress 4.0 is now available! In RC 1, we’ve made refinements to what we’ve been working on for this release. Check out the Beta 1 announcement post for more details on those features. We hope to ship WordPress 4.0 next week, but we need your help to get there. If you […]
The fourth and likely final beta for WordPress 4.0 is now available. We’ve made more than 250 changes in the past month, including: Further improvements to the editor scrolling experience, especially when it comes to the second column of boxes. Better handling of small screens in the media library modals. A separate bulk selection mode […]
WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately. This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress […]
cPanel TSR-2014-0006 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact …
cPanel TSR-2014-0005 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact …
WordPress 4.0 Beta 2 is now available for download and testing. This is software still in development, so we don’t recommend that you run it on a production site. To get the beta, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip). For more of what’s new in version 4.0, check out […]
WordPress 4.0 Beta 1 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site just to play with the new version. To test WordPress 4.0, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can […]
More than a week after we reported deceptive search engine ads being used in Bitcoin wallet attacks, fraudsters are still using Bing ads to trick Blockchain users into visiting phishing sites — but this time, the ads are using some crude social engineering ploys. Searching for “blockchain” on bing.com currently displays the following pair of phishing ads […]
An ongoing series of phishing attacks against the Steam gaming community is making effective use of look-alike domains to trick users into surrendering their usernames and passwords. The fraudsters behind these attacks then attempt to bypass Steam’s two-factor authentication with a malicious executable that is deceptively named SteamGuard.exe.
Fraudsters are exploiting loopholes in the presentation of ads by major search engines in order to lure victims to phishing sites. Searching for “blockchain”, the name of a popular Bitcoin wallet provider, caused deceptive ads to be displayed at the top of search results pages from Google, Bing, Yahoo, and DuckDuckGo. In contrast to the […]
Criminals are running massive dedicated phishing campaigns against online dating sites, marking an interesting – but not unusual – shift in focus from the traditional phishing targets such as banks and other financial institutions. The most recent attack used a single compromised website to host hundreds of fraudulent PHP scripts, most of which were designed […]
With only two weeks until the recently seized Gameover Zeus botnet is likely to be functioning again, the UK’s National Crime Agency has published urgent advice on how to protect computers against the Gameover Zeus and CryptoLocker trojans. Unfortunately, the page hosting this urgent advice is proving rather troublesome to view: GetSafeOnline, Offline When it can be viewed, […]
Malicious adverts displayed on the Ask.fm website have been automatically redirecting users to malware sites, where they are prompted to install unwanted or malicious software under the pretense of Java and Flash Player updates. This particular advert is benign and serves only as an example of the banner’s placement Ask.fm is a popular social network which allows […]
Fraudsters have exploited a redirection vulnerability in a PayPal website in an attempt to steal Apple IDs. Phishing emails sent by the fraudster were disguised as receipts from the iTunes Store for expensive items, enticing victims to try to cancel the fake orders. The emails stated, "If you did not order the above products and […]
TSR-2014-0004 cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging …
Fraudsters are impersonating online banking websites in order to gain unauthorised access to customers’ emails. Most online banking phishing sites simply try to steal whatever credentials are required to gain access to a victim’s bank account, but by also gaining access to the victim’s email account, the fraudster can prevent the victim from receiving any […]
Although many secure websites reacted promptly to the
Heartbleed bug by patching OpenSSL, replacing their SSL certificates, and revoking the old certificates, some have made the critical mistake of reusing the potentially-compromised private key in the new certificate. Since the Heartbleed bug was announced on 7 April, more than 30,000 affected certificates have been revoked and […]
After three weeks and more than 9 million downloads of WordPress 3.9, we’re pleased to announce that WordPress 3.9.1 is now available. This maintenance release fixes 34 bugs in 3.9, including numerous fixes for multisite networks, customizing widgets while previewing themes, and the updated visual editor. We’ve also made some improvements to the new audio/video […]
Nearly 100 Thai Government websites were hacked and used to serve malware last month.
Use of the SHA-2 cryptographic signature algorithm has received a significant boost in the wake of the Heartbleed Bug. More than half a million SSL certificates were potentially compromised as a result of the Heartbleed vulnerability — affected certificates require urgent re-issuance and revocation. The good news is that many of the new certificates have been […]
Fraudsters have taken to Microsoft Azure to deploy phishing sites, taking advantage of Microsoft’s free 30-day trial. Free hosting! In order to get a phishing site hosted at Azure, the fraudster has several options: steal the credentials for a Microsoft account, compromise a virtual machine running at Azure, or use Microsoft’s free trial which provides $200 of […]
53 queries. 9.75 mb Memory usage. 0.468 seconds.