Joomla! is a very popular Content Management System (CMS) on the Internet today. Joomla security should be at the forefront of anyone running a Joomla! site, especially ones running older versions of the CMS or it’s extensions, since these are a ripe target for attackers….
Identifying open ports – An important step to securing your perimeter
Locking the doors and windows to your house won’t stop someone from getting in if they are really determined. However, it is still a lot harder than opening an unlocked door or window. Breaking into a locked house, takes a lot more time and typically…
In the headlines: Malwarebytes, eBay vulnerability, NASA hack, Waitrose website holes and more
Malwarebytes found to have four vulnerabilities Malwarebytes, a free anti-malware tool with 250 million users, has been exposed as having four vulnerabilities. The main one described involves the software fetching signature updates via unencrypted HTTP, which could allow an attacker to set up a man-in-the-middle…
The Cisco 2016 Annual Security Report; where did 2015 take us?
Cisco have just published their 2016 Annual Security Report, which covers the last year in cyber security while also looking ahead to growing threats. Particularly interesting is the Threat Intelligence section, which examines some of the most common exploits, malware kits and targeted industries in…
Vulnerabilities in the headlines: Linux Kernel, Yahoo Stored XSS, and Open SSH
Linux Kernel Vulnerability and how to fix it A flaw in the Linux Kernel has made big news lately, labelled as a local privilege escalation vulnerability. In fact, the company ‘Perception Point’ which released news of the flaw is under criticism as after reporting it…
Security Scorecard Survey Shows Retail Seriously Underperforming in Web Application Security
While not being in the worst performing sector for security, retail is one of the biggest targets for attackers and a number of breaches hit the headlines in 2015, the most well known being chain store Target. As retailers process a large volume of payments,…
New attacks on SHA-1 and MD5 raise urgency for their obsolescence
A pair of researchers from INRIA, the French Institute for Research in Computer Science and Automation, have published an academic paper titled “Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH” in which they describe a series of transcript collision attacks against the ageing…
WordPress 4.4.1 security release patches XSS vulnerability
A high-severity Cross-site scripting (XSS) vulnerability has been fixed in WordPress’ new 4.4.1 release that is now available for download. In addition to the XSS vulnerability reported by security researcher ‘Crtc4L’, the release includes 51 other non-security bug-fixes. WordPress sites configured to receive automatic updates…
In the headlines: Juniper backdoor, BBC hack, Steam attack, UK surveillance bill, and more
Juniper backdoor mystery, NSA are at least partly to blame Last week, tech company Juniper Networks who sell corporate networking solutions, disclosed that they had discovered two unauthorised encryption backdoors in their firewalls. Encryption backdoors will immediately grab attention as one of the surveillance methods…