Microsoft XML Core Service Zero Day Vulnerability Being Targeted
Tony Perez On June 12th we reported the release of a new Microsoft Security Advisory. It was of specific interest to us as it was exploitable via…
Month: June 2012
26 posts
WordPress Update – 3.3.3 and 3.4.1 Patches Released!!
Well it was only a few weeks ago, but today, two new patches were released: 3.3.3 and 3.4.1. The good news is, as they are…
Uploadify, Uploadify and Uploadify – The New TimThumb?
Daniel Cid We are seeing a lot of noise again regarding the Uploadify script vulnerabilities affecting some WordPress themes/plugins. If you are not familiar, Uploadify allows anyone…
Plesk Vulnerability Leading to Malware
Our friends over at Unmask Parasites posted two very good reports about a mix of Plesk vulnerabilities being used to mass-compromise websites, and redirecting them…
How To: Lock Your Site by Enabling a Second Layer of Authentication
I put together a post this weekend about my personal experience installing a WordPress site on a clean Server. In the process of hardening the…
Sucuri Labs Weekly Review – June 22nd – 2012
Have you checked out Sucuri Labs? We have been adding a daily feed of the top web-based malware samples that we find every day, and…
Understanding Conditional Malware – IP Centric Variation
In today’s web malware landscape you can’t help but take a minute to familiarize yourself with a concept known as conditional malware. As implied in…
Google Safe Browsing Program 5 Years Old – Been Blacklisted Lately?
Today Google released a nice post: Safe Browsing – Protecting Web Users for 5 Years and Counting. In it they provide a good summary of…
How To: Stop The Hacker By Hardening WordPress
Every day we service 100’s of clients and the question is always asked: How do you stop these hackers!!!” Unfortunately, it’s perhaps the hardest to…
Joomla 2.5.5 released (security update)
David Dede Joomla 2.5.5 was just released today, with a few bugs fixed and 2 important security updates for a privilege escalation and an information disclosure issue:…
How To: Lock Down WordPress Admin Panel With a Dynamic IP
There is often a lot of discussion around locking down access to WP-ADMIN and WP-Login.php, specially around restricting it by IP. The issues and retort…