Drupal is a very popular Content Management System (CMS) on the Internet today. Drupal security should be at the forefront of anyone running a Drupal site, especially if running older versions of the CMS or it’s modules, since these are a ripe target for attackers….
Joomla! Security Tips: Securing Configurations
Heads up — Depending on your web server’s configuration for active extensions, the following could break some functionality. It is strongly advised to try out any configuration in a testing/staging environment before changing any configuration on production servers Prevent Directory Listing Directory Listing occurs when…
Joomla Security: Top tips to secure a Joomla! application
Joomla! is a very popular Content Management System (CMS) on the Internet today. Joomla security should be at the forefront of anyone running a Joomla! site, especially ones running older versions of the CMS or it’s extensions, since these are a ripe target for attackers….
Identifying open ports – An important step to securing your perimeter
Locking the doors and windows to your house won’t stop someone from getting in if they are really determined. However, it is still a lot harder than opening an unlocked door or window. Breaking into a locked house, takes a lot more time and typically…
In the headlines: Malwarebytes, eBay vulnerability, NASA hack, Waitrose website holes and more
Malwarebytes found to have four vulnerabilities Malwarebytes, a free anti-malware tool with 250 million users, has been exposed as having four vulnerabilities. The main one described involves the software fetching signature updates via unencrypted HTTP, which could allow an attacker to set up a man-in-the-middle…
The Cisco 2016 Annual Security Report; where did 2015 take us?
Cisco have just published their 2016 Annual Security Report, which covers the last year in cyber security while also looking ahead to growing threats. Particularly interesting is the Threat Intelligence section, which examines some of the most common exploits, malware kits and targeted industries in…
Vulnerabilities in the headlines: Linux Kernel, Yahoo Stored XSS, and Open SSH
Linux Kernel Vulnerability and how to fix it A flaw in the Linux Kernel has made big news lately, labelled as a local privilege escalation vulnerability. In fact, the company ‘Perception Point’ which released news of the flaw is under criticism as after reporting it…
Security Scorecard Survey Shows Retail Seriously Underperforming in Web Application Security
While not being in the worst performing sector for security, retail is one of the biggest targets for attackers and a number of breaches hit the headlines in 2015, the most well known being chain store Target. As retailers process a large volume of payments,…
New attacks on SHA-1 and MD5 raise urgency for their obsolescence
A pair of researchers from INRIA, the French Institute for Research in Computer Science and Automation, have published an academic paper titled “Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH” in which they describe a series of transcript collision attacks against the ageing…