Fraudulent classified ads posted on eBay
have been exploiting an opportunity to establish convincing attacks against potential car buyers. Simply viewing one of the sneaky eBay ads causes the victim’s browser to instead request the same listing via an intermediate server, which subtly modifies the content of the page to the fraudster’s advantage.
Netcraft’s site reports now make it easy to see which websites have or have not revoked their SSL certificates in response to the Heartbleed bug.
Around 17% of all trusted SSL web servers were vulnerable to the Heartbleed bug when it was publicly disclosed earlier this month. The bug made it possible to steal a server’s private […]
More than 80,000 SSL certificates were revoked in the week following the publication of the Heartbleed bug, but the certificate revocation mechanisms used by major browsers could still leave Internet users vulnerable to impersonation attacks. Little has changed since Netcraft last reported on certificate revocation behaviour. Why is revocation necessary?
The Heartbleed bug made it possible for […]
In the aftermath of Heartbleed, it has become clear that revoking potentially compromised certificates is essential. On Thursday, CloudFlare announced it was reissuing and revoking all of its SSL certificates. The effects of CloudFlare’s mass revocation are evident in a single Certificate Revocation List (CRL) belonging to GlobalSign, which grew by almost 134,000 certificates. […]
The Netcraft Extension: Heartbleed and phishing protection rolled into one The Heartbleed bug affected around 17% of all trusted SSL web servers when it was announced a week ago.
The critical vulnerability in the OpenSSL cryptographic library has the potential to allow attackers to retrieve private keys and ultimately decrypt a server’s encrypted traffic or even impersonate […]
Version 3.9 of WordPress, named “Smith” in honor of jazz organist Jimmy Smith, is available for download or update in your WordPress dashboard. This release features a number of refinements that we hope you’ll love. A smoother media editing experience Improved visual editing The updated visual editor has improved speed, accessibility, and mobile support. You can paste into the […]
As the results of CloudFlare’s challenge have demonstrated, a server’s private key can be extracted using the Heartbleed vulnerability. Consequently, the 500,000+ certificates used on web servers supporting TLS heartbeat should be urgently replaced and revoked. Whilst the replacement and revocation process has begun — 80,000 certificates have been revoked since the announcement — it […]
The second release candidate for WordPress 3.9 is now available for testing. If you haven’t tested 3.9 yet, you’re running out of time! We made about five dozen changes since the first release candidate, and those changes are all helpfully summarized in our weekly post on the development blog. Probably the biggest fixes are to live […]
WordPress 3.8.3 is now available to fix a small but unfortunate bug in the WordPress 3.8.2 security release. The “Quick Draft” tool on the dashboard screen was broken in the 3.8.2 update. If you tried to use it, your draft would disappear and it wouldn’t save. While we doubt anyone was writing a novella using […]
Only 30,000 of the 500,000+ SSL certificates affected by the Heartbleed bug have been reissued up until today, and even fewer certificates have been revoked. There has been a noticeable rise in certificate re-issuance since 7 April 2014 Some of the first sites to deploy newly issued certificates in response to the OpenSSL vulnerability included Yahoo, Adobe, […]
cPanel Security Team: Heartbleed Vulnerability Heartbleed is a serious vulnerability in OpenSSL 1.0.1 through 1.0.1f. This vulnerability allows an attacker to read 64 kilobyte chunks of memory from from servers and clients that connect using SSL through a flaw in the OpenSSL’s implementation of the heartbeat extension. What does this …
As teased earlier, the first release candidate for WordPress 3.9 is now available for testing! We hope to ship WordPress 3.9 next week, but we need your help to get there. If you haven’t tested 3.9 yet, there’s no time like the present. (Please, not on a production site, unless you’re adventurous.) To test WordPress 3.9 […]
WordPress 3.8.2 is now available. This is an important security release for all previous versions and we strongly encourage you to update your sites immediately. This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies. This was discovered and fixed by Jon Cave of the WordPress […]
A serious overrun vulnerability in the
OpenSSL cryptographic library affects around 17% of SSL web servers which use certificates issued by trusted certificate authorities. Already commonly known as the
Heartbleed bug, a missing bounds check in the handling of the TLS heartbeat extension can allow remote attackers to view up to 64 kilobytes of memory on an […]
Thousands of websites are still hosted on Windows XP computers, despite the operating system reaching the end of its extended support period today.
The website of the Agency for the Safety of Aerial Navigation in Africa and Madagascar (ASECNA) has been hijacked by hackers. Browsing to the site’s homepage currently presents visitors with a PayPal phishing site, where visitors are asked to submit PayPal account details, including their password, address and credit card details. After entering these details, victims are redirected to the real PayPal website.
The third (and maybe last) beta of WordPress 3.9 is now available for download. Beta 3 includes more than 200 changes, including: New features like live widget previews and the new theme installer are now more ready for prime time, so check ‘em out. UI refinements when editing images and when working with media in the editor. We’ve also brought […]
cPanel TSR-2014-0003 Notice of Delay in Disclosure Based on customer feedback, cPanel is extending the time frame between our initial announcement of a Targeted Security Release (TSR) and the disclosure of full details about the contents of the TSR to one week. This change will apply to TSR-2014-0003 and all …
cPanel TSR-2014-0003 Announcement cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact …
Compromised WordPress blogs were used to host nearly 12,000 phishing sites in February. This represents more than 7% of all phishing attacks blocked during that month, and 11% of the unique IP addresses that were involved in phishing. WordPress blogs were also responsible for distributing a significant amount of web-hosted malware — more than 8% of […]
WordPress 3.9 Beta 2 is now available for testing! We’ve made more than a hundred changes since Beta 1, but we still need your help if we’re going to hit our goal of an April release. For what to look out for, please head on over to the Beta 1 announcement post. Some of the changes in […]
An EA Games server has been compromised by hackers and is now hosting a phishing site which targets Apple ID account holders. The compromised server is used by two websites in the ea.com domain, and is ordinarily used to host a calendar based on WebCalendar 1.2.0. This version was released in September 2008 and contains several […]
I’m excited to announce that the first beta of WordPress 3.9 is now available for testing. WordPress 3.9 is due out next month — but in order to hit that goal, we need your help testing all of the goodies we’ve added: We updated TinyMCE, the software powering the visual editor, to the latest version. […]
Inadequate escaping leads to SQL injection vulnerability.
Joomla! CMS versions 3.1.0 through 3.2.2
Upgrade to version 3.2.3
The JSST at the Joomla! Security Center.
Inadequate escaping leads to XSS vulnerability in com_contact.
Joomla! CMS versions 3.1.2 through 3.2.2
Upgrade to version 3.2.3
The JSST at the Joomla! Security Center.
Inadequate escaping leads to XSS vulnerability.
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Upgrade to version 2.5.19 or 3.2.3
The JSST at the Joomla! Security Center.
Inadequate checking allowed unauthorised logins via GMail authentication.
Joomla! CMS versions 2.5.18 and earlier 2.5.x versions, 3.2.2 and earlier 3.x versions
Upgrade to version 2.5.19 or 3.2.3
The JSST at the Joomla! Security Center.
cPanel TSR-2014-0002 Announcement cPanel has released a new build for the 11.42, CURRENT, and EDGE update tiers. This update provides targeted changes to address security concerns with the 11.42 release of the cPanel & WHM product. This build is currently available to all customers via the standard update system. cPanel …
53 queries. 9.75 mb Memory usage. 0.352 seconds.