Back in September, eBay made the headlines due to a number of Cross Site Scripting (XSS) vulnerabilities found on their site. Following pressure from security experts and users, a few of these vulnerabilities were patched, although eBay were quoted as saying they would not remove…
Lessons we can learn from the Sony Pictures hack
In light of the recent Sony Pictures hack, it’s important to clarify the facts and examine how such an attack might have taken place, to serve as a learning experience for other companies. News about the hack on Sony Pictures’ infrastructure continue to unfold, with…
WordPress Security Tips, Part 2 – Plugins and Themes
Be Selective When Choosing Plugins and Themes WordPress allows you to extend and customize your site with thousands of plugins and themes. While extending your site’s capabilities and customization is important, it should not come at the price of your website’s security. Even if your…
WordPress Security Tips, Part 1 – Basic Security Measures
With WordPress running on 1 in 5 sites on the Internet, it is no surprise that they are a very popular target for both experienced hackers and script-kiddies alike. The following are a few measures that can be taken to address some basic security holes…
US Security firm speculates Iran could be behind worrying cyber attacks
This week a shocking campaign of cyber attacks has been made public by Cylance, a US cybersecurity firm. The report has been released earlier than planned due to the level of risk these attacks pose, in the hope that it might prevent further breaches. This…
Top tips for a secure web server
Powering over 90% of the world wide web, Apache, IIS and nginx are considered the 3 most important web servers. They are considered to be easy to get up and running, have an active development team behind them and react quickly to security issues. Most…
HIPAA – Why you need to keep patient information secure
If you’re a healthcare entity in the United States, then you’ll certainly be familiar with HIPAA. Enacted by congress in 1996, HIPAA addresses the security and privacy of health data among a number of other items. The most important aspect for healthcare providers, insurers and…
nginx security: Tips to harden your configuration; part 2
This is the second part in the series on nginx security. This article follows on from Part 1 with more tips on hardening your nginx server configuration. 5. Make use of ModSecurity ModSecurity is an open-source module that works as a web application firewall. Different functionalities include…
New WordPress XSS Vulnerability gives attackers full control of your website
A dangerous XSS vulnerability has just been identified in WordPress versions prior to 4.0. Using comments, attackers may even be able to gain full administrative control of a vulnerable application. Therefore WordPress have released an urgent update, addressing this bug and 7 others. Users should…