The third (and maybe last) beta of WordPress 3.9 is now available for download. Beta 3 includes more than 200 changes, including: New features like live widget previews and the new theme installer are now more ready for prime time, so check ‘em out. UI refinements when editing images and when working with media in the editor. We’ve also brought […]
Archive for security
987 results.
cPanel TSR-2014-0003 Notice of Delay in Disclosure
Mar27
on March 27, 2014
at 12:44 pm
Posted In: Uncategorized
cPanel TSR-2014-0003 Notice of Delay in Disclosure Based on customer feedback, cPanel is extending the time frame between our initial announcement of a Targeted Security Release (TSR) and the disclosure of full details about the contents of the TSR to one week. This change will apply to TSR-2014-0003 and all …
Comment
cPanel TSR-2014-0003 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact …
WordPress hosting: Do not try this at home!
Mar24
on March 24, 2014
at 1:15 pm
Posted In: Uncategorized
Compromised WordPress blogs were used to host nearly 12,000 phishing sites in February. This represents more than 7% of all phishing attacks blocked during that month, and 11% of the unique IP addresses that were involved in phishing. WordPress blogs were also responsible for distributing a significant amount of web-hosted malware — more than 8% of […]
WordPress 3.9 Beta 2 is now available for testing! We’ve made more than a hundred changes since Beta 1, but we still need your help if we’re going to hit our goal of an April release. For what to look out for, please head on over to the Beta 1 announcement post. Some of the changes in […]
EA Games website hacked to steal Apple IDs
Mar19
on March 19, 2014
at 9:49 am
Posted In: Uncategorized
An EA Games server has been compromised by hackers and is now hosting a phishing site which targets Apple ID account holders. The compromised server is used by two websites in the ea.com domain, and is ordinarily used to host a calendar based on WebCalendar 1.2.0. This version was released in September 2008 and contains several […]
I’m excited to announce that the first beta of WordPress 3.9 is now available for testing. WordPress 3.9 is due out next month — but in order to hit that goal, we need your help testing all of the goodies we’ve added: We updated TinyMCE, the software powering the visual editor, to the latest version. […]
- Project: Joomla!
- SubProject: CMS
- Severity: High
- Versions: 3.1.0 through 3.2.2
- Exploit type: SQL Injection
- Reported Date: 2014-February-06
- Fixed Date: 2014-March-06
- CVE Number: Pending
Description
Inadequate escaping leads to SQL injection vulnerability.
Affected Installs
Joomla! CMS versions 3.1.0 through 3.2.2
Solution
Upgrade to version 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: ??
- Project: Joomla!
- SubProject: CMS
- Severity: Moderate
- Versions: 3.1.2 through 3.2.2
- Exploit type: XSS Vulnerability
- Reported Date: 2014-March-04
- Fixed Date: 2014-March-06
- CVE Number: Pending
Description
Inadequate escaping leads to XSS vulnerability in com_contact.
Affected Installs
Joomla! CMS versions 3.1.2 through 3.2.2
Solution
Upgrade to version 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: ??
- Project: Joomla!
- SubProject: CMS
- Severity: Moderate
- Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
- Exploit type: XSS Vulnerability
- Reported Date: 2014-March-05
- Fixed Date: 2014-March-06
- CVE Number: Pending
Description
Inadequate escaping leads to XSS vulnerability.
Affected Installs
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Solution
Upgrade to version 2.5.19 or 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: JSST
- Project: Joomla!
- SubProject: CMS
- Severity: Moderate
- Versions: 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
- Exploit type: Unauthorised Logins
- Reported Date: 2014-February-21
- Fixed Date: 2014-March-06
- CVE Number: Pending
Description
Inadequate checking allowed unauthorised logins via GMail authentication.
Affected Installs
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Solution
Upgrade to version 2.5.19 or 3.2.3
Contact
The JSST at the Joomla! Security Center.
Reported By: Stefania Gaianigo
cPanel TSR 2014-0002 Full Disclosure Case 89985 Summary Disclosure of cpanel-horde’s MySQL password due to world-readable backups. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description During the upgrade to Horde 5 on 11.42 systems, a backup tarball of the existing Horde configuration files is …
cPanel TSR-2014-0002 Announcement cPanel has released a new build for the 11.42, CURRENT, and EDGE update tiers. This update provides targeted changes to address security concerns with the 11.42 release of the cPanel & WHM product. This build is currently available to all customers via the standard update system. cPanel …
Fake SSL certificates deployed across the internet
Feb12
on February 12, 2014
at 2:53 pm
Posted In: Uncategorized
Netcraft has found dozens of fake SSL certificates impersonating banks, ecommerce sites, ISPs and social networks. Some of these certificates may be used to carry out man-in-the-middle attacks against the affected companies and their customers. Successful attacks would allow criminals to decrypt legitimate online banking traffic before re-encrypting it and forwarding it to the bank. […]
GCHQ website falls after threats from Anonymous
Feb12
on February 12, 2014
at 1:24 pm
Posted In: Uncategorized
GCHQ’s website at www.gchq.gov.uk is exhibiting some noticeable performance issues today, suggesting that it could be suffering from a denial of service attack. Last week, documents from whistle-blower Edward Snowden revealed that GCHQ carried out denial of service (DoS) attacks against communications systems used by the hacktivist group Anonymous during their own Operation […]
Are there really lots of vulnerable Apache web servers?
Feb07
on February 7, 2014
at 1:14 pm
Posted In: Uncategorized
Apache has been the most common web server on the internet since April 1996, and is currently used by 38% of all websites. Most nefarious activity takes place on compromised servers, but just how many of these Apache servers are actually vulnerable? The latest major release of the 2.4 stable branch is Apache 2.4.7, which was released […]
Case 84385 Summary Arbitrary code execution as cpanel-horde user via cache file poisioning. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The Horde Webmail interfaces accessible to cPanel and Webmail accounts uses PHP serialized cache files to speed up some backend operations. By default …
NIST continues using SHA-1 algorithm after banning it
Feb04
on February 4, 2014
at 1:00 pm
Posted In: Uncategorized
The National Institute of Standards and Technology (NIST) is still using SSL certificates signed with the SHA-1 signature algorithm, despite issuing a Special Publication disallowing the use of this algorithm for digital signature generation after 2013. “SHA-1 shall not be used for digital signature generation after December 31, 2013.” — NIST recommendation The SSL […]
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging from …
After six weeks and more than 9.3 million downloads of WordPress 3.8, we’re pleased to announce WordPress 3.8.1 is now available. Version 3.8.1 is a maintenance releases that addresses 31 bugs in 3.8, including various fixes and improvements for the new dashboard design and new themes admin screen. An issue with taxonomy queries in WP_Query […]
Case 84681 Summary Arbitrary file read for ACL limited reseller accounts via XML-API. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The WHM XML and JSON APIs allowed arbitrary files to be read through the “getpkginfo” API call. By sending a crafted input to …
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels of Important. …
Case 60890 Summary A reseller with limited privileges is allowed to install SSL virtualhosts on arbitrary IPs. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description A reseller account with ACL permission to install SSL certificates could install certificates and matching virtualhosts on IP addresses …
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging from …
Version 3.8 of WordPress, named “Parker” in honor of Charlie Parker, bebop innovator, is available for download or update in your WordPress dashboard. We hope you’ll think this is the most beautiful update yet. Introducing a modern new design WordPress has gotten a facelift. 3.8 brings a fresh new look to the entire admin dashboard. […]
Release candidate 2 of WordPress 3.8 is now available for download. This is the last pre-release, and we expect it to be effectively identical to what’s officially released to the public on Thursday. This means if you are a plugin or theme developer, start your engines! (If they’re not going already.) Lots of admin code […]
In order to show its appreciation for security researchers who follow responsible disclosure principles, cPanel, Inc. is offering a monetary reward program for researchers who provide assistance with identifying and correcting certain Qualifying Vulnerabilities within the scope of this program. Software Covered by this Program – ——————————– * The cPanel …
We’re entering the quiet but busy part of a release, whittling down issues to bring you all of the new features you’re excited about with the stability you expect from WordPress. There are just a few days from the “code freeze” for our 3.8 release, which includes a number of exciting enhancements, so the focus […]
The first beta of the 3.8 is now available, and the next dates to watch out for are code freeze on December 5th and a final release on December 12th. 3.8 brings together several of the features as plugins projects and while this isn’t our first rodeo, expect this to be more beta than usual. […]
Incentives for Phishing Site Reporters
Nov14
on November 14, 2013
at 4:51 pm
Posted In: Uncategorized
As of the 1st November 2013, the Netcraft Anti-Phishing community has helped to block over 6.9 million phishing attacks worldwide. We incentivise phishing reports from the community, and have now added a Netcraft USB Flash Drive to our list of incentives: Prize
When Netcraft USB Flash Drive
after 100 validated phishing reports Netcraft Mug
after 250 Netcraft Polo Shirt
after 500 Targus Laptop […]