Hundreds of WordPress themes and plugins that make use of the Genericons package, could be vulnerable to a DOM-based XSS vulnerability affecting millions of WordPress installations. Genericons are versatile vector icons embedded in a webfont from Automattic (the creators of WordPress). The vulnerability resides in…
What the Verizon Report 2015 tells us about web app attacks
Verizon’s annual report, now in its eighth year, analyzes breach intelligence and data from multiple sources, including customers of Verizon’s forensics response division and customers of FireEye, the firm that investigated the recent hack of Sony Pictures Entertainment. It also examines data from cases investigated…
WordPress 4.2.1 Security Release addresses yet another XSS vulnerability
Yesterday, WordPress announced another security release, urging all users to update all WordPress installations immediately. WordPress Security Release 4.2.1 fixes yet another Stored Cross Site Scripting (XSS) vulnerability, which allows an unauthenticated user to inject JavaScript in WordPress comments. The injected script can be affect both…
Acunetix helps Sendy discover and remediate their vulnerabilities
‘Acunetix allowed us to identify some major vulnerabilities before hackers were able to exploit them. This has made Sendy a far more secure application and hugely reduced the risk of us being breached.’ Ben Ho, Developer, Sendy Sendy is a self hosted email newsletter application…
Critical XSS vulnerability addressed in latest WordPress update
Yesterday, WordPress 4.1.2 was released. This is a very important security release, which addresses a critical cross-site scripting (XSS) vulnerability, which could allow an anonymous user to compromise a WordPress site. The security release also addresses 3 other vulnerabilities affecting previous releases of WordPress. In…
PCI Security Council presses companies to switch to TLS
The PCI Security Council recently confirmed that the upcoming update to the PCI DSS guidelines, version 3.1 will include a change pressing companies to switch to TLS web encryption as opposed to the outdated SSL. This is mainly a response to Heartbleed, ShellShock and POODLE,…
Acunetix Dishes Out Security Solution to Catertrax
Catertrax, one of Acunetix’ valued clients, have recently provided us with a case study of their use of the scanner and how it helps them to maintain their security and reassure their customers. ‘Acunetix has helped make our application stronger and given our clients the…
Acunetix represented at national conference in Portugal
On 9, 10 April Acunetix partner RedShift consulting participated in the 1st NATO Cyber Defence Projects’s Conference “A Smart Approach to a Smarter Cyber Defence” in Portugal. The event aimed to enhance and reinforce international cooperation by stimulating the involvement of academia and industry at the NATO and National…
Acunetix detects new critical IIS server vulnerability CVE-2015-1635 (MS15-034)
Yesterday was Patch Tuesday – Microsoft’s monthly rendezvous with all administrators wanting to keep their Microsoft products up to date with all security patches. This was no ordinary Patch Tuesday for web administrators. MS15-034 contains a CRITICAL security update for Microsoft IIS which addresses a remote…