Critical Drupal SQL Injection vulnerability

Drupal has released a HIGHLY CRITICAL security advisory for its latest version of the popular content management system, urgently advising users to update to Drupal 7.32 or install a patch to fix the vulnerability. The vulnerability, reported by Stefan Horst from SektionEins GmbH allows for unauthenticated users to gain full control of the database, and to be […]

Read More →

Recommendations for TLS/SSL Cipher Hardening

Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL) are widely used protocols designed secure the transfer of data between the client and the server through authentication and encryption and integrity. Contrary to common assumptions TLS/SSL is a not only a widely used technology in websites and web applications (using the HTTP protocol), […]

Read More →

BASH Vulnerability leaves IT Experts Shell Shocked!

Yesterday, a critical vulnerability was reported in GNU Bash.  Bash is the Bourne Again Shell that is installed on all Linux distributions.   The vulnerability is related to the way environment variables are parsed before running the BASH shell. It is possible to create environment variables that include function definitions. BASH processes the trailing strings after these function […]

Read More →

WordPress 4.0 “Benny” released

The long awaited WordPress version 4.0, codenamed “Benny” in honour of jazz clarinettist and band leader Benny Goodman has been released.  While this does seem like a major release to some of us, since it includes a good amount of features easing the blog writers’ and blog managers’ tasks;  security advocates may feel let down […]

Read More →