WordPress Attack Vectors and Open Amazon S3 Buckets Identified by Acunetix WVS

Recently there were a lot of news reports about an ongoing attack on sites using WordPress software. Attackers are using around 90,000 computers to try to brute force WordPress credentials. All these servers are trying common account names like admin, administrator, test, tom, jessica, … and common passwords like admin, 123456, password, … against a wide rage of […]

Read More →

New WordPress Checks in Acunetix Web Vulnerability Scanner v8 build 20130416

This new release of Acunetix Web Vulnerability Scanner version 8, build 20130416, includes new and improved vulnerability checks which target WordPress installations, web applications hosted on Amazon S3, various other web applications. New Functionality Added a test that enumerates valid WordPress usernames using various techniques. Added a test for weak WordPress passwords for the usernames […]

Read More →

Protect your WordPress from Mass Brute Force Attacks

Last week a sophisticated botnet that targets and launches brute force attacks against WordPress blogs and websites has been detected. Some WordPress hosting providers suffered downtime, security experts are exploiting this opportunity to sell their WordPress security services and thousands of WordPress sites have been hacked. The botnet is launching a mass brute force attack […]

Read More →

The Risks Associated with Third-Party Software Components

I was recently contacted by a colleague in an information security leadership position who was concerned about his developers using some third-party plug-ins for an enterprise application they were rolling out. His developers wanted to install these third-party components in order to speed up their development work. Sounds like a reasonable thing to do. However, […]

Read More →

Is Your Security Appliance Hackable?

In the late 90’s, businesses embraced the internet; they connected their networks and servers to the internet so their data can be accessed from anywhere around the world. This was a new era that gave businesses the opportunity to grow globally and reach new audiences. By doing so, their networks, servers and data were also […]

Read More →

Acunetix WVS Update 20130308 – New Security Tests

Apart from the usual bug fixes / new functionality, each Acunetix WVS update generally includes new vulnerability tests or an improvement to existing checks. In this post, I would like to summarize the new security tests added in the latest Acunetix WVS update. Unicode Transformation Issues This new security test is looking for issues that […]

Read More →

Unable to Download Error Whilst Trying to Update Acunetix WVS

Symptoms When trying to update the latest build from Acunetix WVS, you encounter the following error: Unable to download http://www.acunetix.com/download/ fullver8/2013_03_08_01_webvulnscan8.exe. Try again later. More Information Acunetix has recently changed its update mechanism to a new and secure product download system. This update has been implemented in build 20130205. Starting from 8 March 2013, old […]

Read More →

Finding Broken Links Using Acunetix WVS

Acunetix WVS has the ability to discover links to pages that do not exist. In a world where sites are updated on a daily basis, it is quite easy to remove a page and forget to amend all links which refer to it resulting in what are known as broken links. Besides being deemed as […]

Read More →