In light of the recent Sony Pictures hack, it’s important to clarify the facts and examine how such an attack might have taken place, to serve as a learning experience for other companies. News about the hack on Sony Pictures’ infrastructure continue to unfold, with…
WordPress Security Tips, Part 2 – Plugins and Themes
Be Selective When Choosing Plugins and Themes WordPress allows you to extend and customize your site with thousands of plugins and themes. While extending your site’s capabilities and customization is important, it should not come at the price of your website’s security. Even if your…
WordPress Security Tips, Part 1 – Basic Security Measures
With WordPress running on 1 in 5 sites on the Internet, it is no surprise that they are a very popular target for both experienced hackers and script-kiddies alike. The following are a few measures that can be taken to address some basic security holes…
US Security firm speculates Iran could be behind worrying cyber attacks
This week a shocking campaign of cyber attacks has been made public by Cylance, a US cybersecurity firm. The report has been released earlier than planned due to the level of risk these attacks pose, in the hope that it might prevent further breaches. This…
Top tips for a secure web server
Powering over 90% of the world wide web, Apache, IIS and nginx are considered the 3 most important web servers. They are considered to be easy to get up and running, have an active development team behind them and react quickly to security issues. Most…
HIPAA – Why you need to keep patient information secure
If you’re a healthcare entity in the United States, then you’ll certainly be familiar with HIPAA. Enacted by congress in 1996, HIPAA addresses the security and privacy of health data among a number of other items. The most important aspect for healthcare providers, insurers and…
nginx security: Tips to harden your configuration; part 2
This is the second part in the series on nginx security. This article follows on from Part 1 with more tips on hardening your nginx server configuration. 5. Make use of ModSecurity ModSecurity is an open-source module that works as a web application firewall. Different functionalities include…
New WordPress XSS Vulnerability gives attackers full control of your website
A dangerous XSS vulnerability has just been identified in WordPress versions prior to 4.0. Using comments, attackers may even be able to gain full administrative control of a vulnerable application. Therefore WordPress have released an urgent update, addressing this bug and 7 others. Users should…
Are you prepared for PCI v3.0?
At the end of December 2014 the new set of Payment Card Industry Data Security Standards (PCI DSS) will come largely into force, with just a few small elements having the later deadline of July 2015 to allow businesses time to adapt. If your company…