Joomla! 3.6.4 Security Patch

Joomla! 3.6.4 is now available. This is a security release for the 3.x series of Joomla! which addresses two critical security vulnerabilities and a bug fix for two-factor authentication. We strongly recommend that you update your sites immediately. This release only contains the security fixes and bug fix; no other changes have been made compared […]

Read more
#Apple #iOS Software #Vulnerability Is Linked to #Intrusions – Update now to 9.3.5

Investigators discovered that a company called the NSO Group, an Israeli outfit that sells software that invisibly tracks a target’s mobile phone, was responsible for the intrusions. The NSO Group’s software can read text messages and emails and track calls and contacts. It can even record sounds, collect passwords and trace the whereabouts of the […]

Read more
#WordPress #Plugin Considered #Harmful

Guys from Wordfence found a very strange behavior of a WordPress plugin named “404 to 301”. When you install it, you “give permission to place text links on your website when search engine crawlers access it.” More detailed information at www.wordfence.com

Read more
Highly critical – Remote code execution on #Drupal 7.x

This module enables you to expose #Drupal entities as RESTful web services. RESTWS alters the default page callbacks for entities to provide additional functionality. A #vulnerability in this approach allows an attacker to send specially crafted requests resulting in arbitrary #PHP execution. There are no mitigating factors. This vulnerability can be exploited by anonymous users. […]

Read more
Persistent Cross-Site Scripting in All in One SEO Pack #WordPress Plugin
Cyber Security

A stored Cross-Site Scripting #vulnerability was found in the Bot Blocker functionality of the All in One SEO Pack #WordPress Plugin (1+ million active installs). This issue allows an attacker to perform a wide variety of actions, such as stealing Administrators’ session tokens, or performing arbitrary actions on their behalf. More info: http://s.ibscc.net/zZM5r

Read more
Is someone #spying on you?
Proactive Network Security Solutions

Everyday #personal data is stolen in #criminal #cyber #attacks. A large part of the stolen information is subsequently made public on Internet databases, where it serves as the starting point for other illegal activities. With the HPI Identity Leak Checker, it is possible to check whether your e-mail address, along with other personal data (e.g. […]

Read more
Critical: #glibc remote code execution possible

Investigations showed that the issue affected all the versions of #glibc since 2.9. You should definitely update if you are on an older version though. If the #vulnerability is detected, machine owners may wish to take steps to mitigate the risk of an attack. The glibc #DNS client side resolver is vulnerable to a stack-based […]

Read more
The Government Wants to Listen In on Your Smart Home

This week was jam-packed with security news. A new worldwide survey of crypto products shows that encryption is international, so a ban makes no sense. Researchers found a way to hack power grids by remotely manipulating air conditioners. Obama covered the basics in a new cybersecurity plan, perhaps in an attempt to secure his legacy. […]

Read more
#Cisco RV220W Management Authentication Bypass #Vulnerability

#Cisco RV220W Management Authentication Bypass #Vulnerability A vulnerability in the web-based management interface of Cisco RV220W Wireless Network Security #Firewall devices could allow an unauthenticated, remote attacker to bypass authentication and gain administrative privileges on a targeted device. More information: http://s.ibscc.net/ehAud

Read more
#OpenSSL #Security #Patch available

#OpenSSL #Security #Patch available Severity: High Historically OpenSSL usually only ever generated DH parameters based on “safe” primes. More recently (in version 1.0.2) support was provided for generating X9.42 style parameter files such as those required for RFC 5114 support. The primes used in such files may not be “safe”. Where an application is using […]

Read more