Microsoft Internet Information Services is regarded as a robust product from Microsoft but its default installation and configuration are far from secure. After installing an IIS server on your Windows server, you should review its configuration very carefully. This is not a unique problem of…
Analysing the latest trends in web application attacks
A recent study by a leading web application security vendor has highlighted some interesting statistics about web application attacks. Some of the findings examined below should enable web security practitioners to better anticipate, identify and act against cyber threats. Threat Growth One of the unsurprising…
Critical Drupal SQL Injection vulnerability
Drupal has released a HIGHLY CRITICAL security advisory for its latest version of the popular content management system, urgently advising users to update to Drupal 7.32 or install a patch to fix the vulnerability. The vulnerability, reported by Stefan Horst from SektionEins GmbH, allows for unauthenticated…
POODLE gives the final bite and puts SSLv3 to rest
Yesterday, the details of the latest vulnerability affecting SSL started emerging, and in no time, everyone started talking, or rather blogging about POODLE. POODLE stands for Padding Oracle On Downgraded Legacy Encryption and affects the 15 year old SSLv3, which should have been deprecated and…
ShellShock’s magnitude for potential damage – truly shocking!
48 hours since the latest in the series of BIG BUGS 2014 has made the news, and the Internet community is still struggling to assess the damage. After the initial moments of disbelief, researchers started coming to terms with the fact that Bash had a…
BASH Vulnerability leaves IT Experts Shell Shocked!
Yesterday, a critical vulnerability was reported in GNU Bash. Bash is the Bourne Again Shell that is installed on all Linux distributions. The vulnerability is related to the way environment variables are parsed before running the BASH shell. It is possible to create environment variables that include…
Statistics about the leaked Gmail, Yandex, Mail.ru passwords
Around 10 million email addresses and passwords were recently leaked on a Russian Bitcoin forum. Many websites report about 5 million Gmail accounts the leak includes also accounts from 2 popular russian mail providers (Yandex and Mail.ru). The leak contains the following: ~5 million Gmail…
WordPress 4.0 “Benny” released
The long awaited WordPress version 4.0, codenamed “Benny” in honour of jazz clarinettist and band leader Benny Goodman has been released. While this does seem like a major release to some of us, since it includes a good amount of features easing the blog writers’…
Balancing web security with your compliance requirements
As an executive responsible for many aspects of running your business, it can be difficult and downright confusing trying to understand the balance between Web security and compliance. Your IT, information security, and internal audit teams may be telling you completely different things based on…