Netcraft has found dozens of fake SSL certificates impersonating banks, ecommerce sites, ISPs and social networks. Some of these certificates may be used to carry out man-in-the-middle attacks against the affected companies and their customers. Successful attacks would allow criminals to decrypt legitimate online banking traffic before re-encrypting it and forwarding it to the bank. […]
GCHQ’s website at www.gchq.gov.uk is exhibiting some noticeable performance issues today, suggesting that it could be suffering from a denial of service attack. Last week, documents from whistle-blower Edward Snowden revealed that GCHQ carried out denial of service (DoS) attacks against communications systems used by the hacktivist group Anonymous during their own Operation […]
Apache has been the most common web server on the internet since April 1996, and is currently used by 38% of all websites. Most nefarious activity takes place on compromised servers, but just how many of these Apache servers are actually vulnerable? The latest major release of the 2.4 stable branch is Apache 2.4.7, which was released […]
Case 84385 Summary Arbitrary code execution as cpanel-horde user via cache file poisioning. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The Horde Webmail interfaces accessible to cPanel and Webmail accounts uses PHP serialized cache files to speed up some backend operations. By default …
The National Institute of Standards and Technology (NIST) is still using SSL certificates signed with the SHA-1 signature algorithm, despite issuing a Special Publication disallowing the use of this algorithm for digital signature generation after 2013. “SHA-1 shall not be used for digital signature generation after December 31, 2013.” — NIST recommendation The SSL […]
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging from …
After six weeks and more than 9.3 million downloads of WordPress 3.8, we’re pleased to announce WordPress 3.8.1 is now available. Version 3.8.1 is a maintenance releases that addresses 31 bugs in 3.8, including various fixes and improvements for the new dashboard design and new themes admin screen. An issue with taxonomy queries in WP_Query […]
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels of Important. …
Case 60890 Summary A reseller with limited privileges is allowed to install SSL virtualhosts on arbitrary IPs. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description A reseller account with ACL permission to install SSL certificates could install certificates and matching virtualhosts on IP addresses …
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging from …
Version 3.8 of WordPress, named “Parker” in honor of Charlie Parker, bebop innovator, is available for download or update in your WordPress dashboard. We hope you’ll think this is the most beautiful update yet. Introducing a modern new design WordPress has gotten a facelift. 3.8 brings a fresh new look to the entire admin dashboard. […]
Release candidate 2 of WordPress 3.8 is now available for download. This is the last pre-release, and we expect it to be effectively identical to what’s officially released to the public on Thursday. This means if you are a plugin or theme developer, start your engines! (If they’re not going already.) Lots of admin code […]
In order to show its appreciation for security researchers who follow responsible disclosure principles, cPanel, Inc. is offering a monetary reward program for researchers who provide assistance with identifying and correcting certain Qualifying Vulnerabilities within the scope of this program. Software Covered by this Program – ——————————– * The cPanel …
We’re entering the quiet but busy part of a release, whittling down issues to bring you all of the new features you’re excited about with the stability you expect from WordPress. There are just a few days from the “code freeze” for our 3.8 release, which includes a number of exciting enhancements, so the focus […]
The first beta of the 3.8 is now available, and the next dates to watch out for are code freeze on December 5th and a final release on December 12th. 3.8 brings together several of the features as plugins projects and while this isn’t our first rodeo, expect this to be more beta than usual. […]
As of the 1st November 2013, the Netcraft Anti-Phishing community has helped to block over 6.9 million phishing attacks worldwide. We incentivise phishing reports from the community, and have now added a Netcraft USB Flash Drive to our list of incentives: Prize
When Netcraft USB Flash Drive
after 100 validated phishing reports Netcraft Mug
after 250 Netcraft Polo Shirt
after 500 Targus Laptop […]
Inadequate filtering leads to XSS vulnerability in com_contact.
Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.
Upgrade to version 2.5.16, 3.1.6 or 3.2.
The JSST at the Joomla! Security Center.
Inadequate filtering leads to XSS vulnerability in com_contact.
Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.
Upgrade to version 2.5.15, 3.1.6 or 3.2.
The JSST at the Joomla! Security Center.
Inadequate filtering leads to XSS vulnerability in com_contact, com_weblinks, com_newsfeeds.
Joomla! version 2.5.14 and earlier 2.5.x versions; and version 3.1.5 and earlier 3.0.x versions.
Upgrade to version 2.5.15, 3.1.6 or 3.2.
The JSST at the Joomla! Security Center.
WordPress 3.7.1 is now available! This maintenance release addresses 11 bugs in WordPress 3.7, including: Images with captions no longer appear broken in the visual editor. Allow some sites running on old or poorly configured servers to continue to check for updates from WordPress.org. Avoid fatal errors with certain plugins that were incorrectly calling some […]
Version 3.7 of WordPress, named “Basie” in honor of Count Basie, is available for download or update in your WordPress dashboard. This release features some of the most important architectural updates we’ve made to date. Here are the big ones: Updates while you sleep: With WordPress 3.7, you don’t have to lift a finger to […]
Rasmus Lerdorf – the creator of PHP – is currently trying to get Google to stop blocking the whole php.net website after it was suspected of containing malware. In a tweet earlier this morning, Rasmus posted a screenshot and suggested that the block was caused by a false positive.
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging from …
The second release candidate of WordPress 3.7 is now available for testing! Those of you already testing WordPress 3.7 will be updated automatically to RC2. (Nice.) If you’d like to start testing, there’s no time like the present! Try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”) or download the release candidate here (zip). Please post to the Alpha/Beta […]
WordCamps are casual, locally-organized conferences that celebrate everything related to WordPress, and are a great opportunity to meet other WordPress users and professionals in your community. This has been a great year for WordCamps — there have been 56 so far in more than 20 countries, and there another 15 on the calendar before the year’s […]
The first release candidate for WordPress 3.7 is now available! In RC 1, we’ve made some adjustments to the update process to make it more reliable than ever. We hope to ship WordPress 3.7 next week, but we need your help to get there. If you haven’t tested 3.7 yet, there’s no time like the present. (Please, […]
Partly as a consequence of the US Government shutdown, there are presently more than two hundred .gov websites using expired SSL certificates. Although the shutdown is expected to be a short term measure, the widespread use of expired certificates on .gov sites may cause long term harm. The US Government is effectively training its citizens […]
WordPress 3.7 Beta 2 is now available for download and testing. This is software still in development, so we don’t recommend that you run it on a production site. This has been a quiet beta period. We’re hoping to get some more testers for automatic background updates, which will occur for security and minor releases (like updating […]
53 queries. 10.25 mb Memory usage. 0.343 seconds.