On February 9th President Obama announced the Cybersecurity National Action Plan, including steps such as establishing a cybersecurity commission, introducing new safeguarding measures and supporting both companies and consumers in strengthening their own security. He’s also put the money where his mouth is and backed…
Acunetix v10.5 assigns CVSS 3.0 scoring to its vulnerabilities
The Common Vulnerability Scoring System (CVSS) is an open standard for assessing the severity of security vulnerabilities. “Common” being the keyword, indicating that CVSS is designed to not only be independent to a specific vendor or industry, but also interoperable across systems that vary in…
Drupal Security: Top tips to secure your Drupal application
Drupal is a very popular Content Management System (CMS) on the Internet today. Drupal security should be at the forefront of anyone running a Drupal site, especially if running older versions of the CMS or it’s modules, since these are a ripe target for attackers….
Joomla! Security Tips: Securing Configurations
Heads up — Depending on your web server’s configuration for active extensions, the following could break some functionality. It is strongly advised to try out any configuration in a testing/staging environment before changing any configuration on production servers Prevent Directory Listing Directory Listing occurs when…
Joomla Security: Top tips to secure a Joomla! application
Joomla! is a very popular Content Management System (CMS) on the Internet today. Joomla security should be at the forefront of anyone running a Joomla! site, especially ones running older versions of the CMS or it’s extensions, since these are a ripe target for attackers….
Identifying open ports – An important step to securing your perimeter
Locking the doors and windows to your house won’t stop someone from getting in if they are really determined. However, it is still a lot harder than opening an unlocked door or window. Breaking into a locked house, takes a lot more time and typically…
In the headlines: Malwarebytes, eBay vulnerability, NASA hack, Waitrose website holes and more
Malwarebytes found to have four vulnerabilities Malwarebytes, a free anti-malware tool with 250 million users, has been exposed as having four vulnerabilities. The main one described involves the software fetching signature updates via unencrypted HTTP, which could allow an attacker to set up a man-in-the-middle…
The Cisco 2016 Annual Security Report; where did 2015 take us?
Cisco have just published their 2016 Annual Security Report, which covers the last year in cyber security while also looking ahead to growing threats. Particularly interesting is the Threat Intelligence section, which examines some of the most common exploits, malware kits and targeted industries in…
Vulnerabilities in the headlines: Linux Kernel, Yahoo Stored XSS, and Open SSH
Linux Kernel Vulnerability and how to fix it A flaw in the Linux Kernel has made big news lately, labelled as a local privilege escalation vulnerability. In fact, the company ‘Perception Point’ which released news of the flaw is under criticism as after reporting it…