With WordPress running on 1 in 5 sites on the Internet, it is no surprise that they are a very popular target for both experienced hackers and script-kiddies alike. The following are a few measures that can be taken to address some basic security holes…
US Security firm speculates Iran could be behind worrying cyber attacks
This week a shocking campaign of cyber attacks has been made public by Cylance, a US cybersecurity firm. The report has been released earlier than planned due to the level of risk these attacks pose, in the hope that it might prevent further breaches. This…
Top tips for a secure web server
Powering over 90% of the world wide web, Apache, IIS and nginx are considered the 3 most important web servers. They are considered to be easy to get up and running, have an active development team behind them and react quickly to security issues. Most…
HIPAA – Why you need to keep patient information secure
If you’re a healthcare entity in the United States, then you’ll certainly be familiar with HIPAA. Enacted by congress in 1996, HIPAA addresses the security and privacy of health data among a number of other items. The most important aspect for healthcare providers, insurers and…
nginx security: Tips to harden your configuration; part 2
This is the second part in the series on nginx security. This article follows on from Part 1 with more tips on hardening your nginx server configuration. 5. Make use of ModSecurity ModSecurity is an open-source module that works as a web application firewall. Different functionalities include…
New WordPress XSS Vulnerability gives attackers full control of your website
A dangerous XSS vulnerability has just been identified in WordPress versions prior to 4.0. Using comments, attackers may even be able to gain full administrative control of a vulnerable application. Therefore WordPress have released an urgent update, addressing this bug and 7 others. Users should…
Are you prepared for PCI v3.0?
At the end of December 2014 the new set of Payment Card Industry Data Security Standards (PCI DSS) will come largely into force, with just a few small elements having the later deadline of July 2015 to allow businesses time to adapt. If your company…
Microsoft IIS – 8 Tips for Security Best Practices
Microsoft Internet Information Services is regarded as a robust product from Microsoft but its default installation and configuration are far from secure. After installing an IIS server on your Windows server, you should review its configuration very carefully. This is not a unique problem of…
Analysing the latest trends in web application attacks
A recent study by a leading web application security vendor has highlighted some interesting statistics about web application attacks. Some of the findings examined below should enable web security practitioners to better anticipate, identify and act against cyber threats. Threat Growth One of the unsurprising…