Security Advisory

WordPress 5.8.3 Security Release

On January 6th, Automattic released an important security update for the WordPress core which addresses four separate vulnerabilities. WordPress website administrators are advised to update their websites immediately. All WordPress versions between 3.7 and 5.8 are affected by this, and the security issues include SQL injection, stored XSS and object injection, which we will review

[ Read More ]

Log4j Vulnerability: The Perfect Holiday Present that Nobody Wants

A critical server security vulnerability in the Java logging library Log4j is taking the internet by storm because code to actively exploit this vulnerability is already widely distributed across the web. Originally found on the popular game Minecraft, it has since been shown to affect most web servers running Apache along with its ubiquitous logging

[ Read More ]

Adobe Patches Critical Magento Vulnerabilities in Recent Update

Adobe has recently released several critical security patches for both their open source and commercial versions of their ecommerce platform. There are a total of 18 security vulnerabilities patched according to Adobe, although they list only 16 specific issues in the patch notes. Eleven of these issues are considered critical and five considered important, ranked

[ Read More ]

PHP Repository Exploited by Hackers

The official PHP git repository, http://git.php.net/, was compromised this Sunday, March 28. An attacker was able to modify the PHP source code twice and inject a backdoor into it. Thankfully, both attempts were quickly detected and removed by the PHP team. Per a statement released in PHP’s internal mailing list, the current investigation believes the

[ Read More ]

How Do Websites Get Hacked?

As much as the web has grown, surprisingly not a lot has changed in how websites get hacked. The most important thing you can do in keeping the web – and your own sites and visitors – safe is to understand these unchanging truths and hold them close to heart. Consider the Scale of Hacked

[ Read More ]

UCEPROTECT: When RBLs Go Bad

Realtime Blackhole Lists (RBLs) can be a great tool in your security arsenal. You may not know you’re using them, but all email providers and company email servers leverage these services to verify whether servers and IP addresses are sending spam or other abusive content against a known list of offenders. These services use a

[ Read More ]