Web Security Vulnerabilities Exposed by Google Searches (Google Hacking)

Google Hacking is a hacking technique used by hackers to identify web security vulnerabilities on web applications or gather information for general or individual targets. Mostly this information includes configuration and source code files, sensitive data, database information, etc. This technique makes use of the Google Search engine to search for specific information regarding an […]

Read More →

Responding to DoS attacks at the web layer

Are you ready to respond to DoS attacks at the web layer? In this article, Kevin Beaver shares an anecdote from his own experience whilst highlighting some important steps to take. First things first; responding to DoS attacks at the web layer starts with ensuring you have a solid incident response plan in place. But […]

Read More →

WordPress Caching Plugins Remote PHP Code Execution

Two very popular WordPress caching plugins: WP Super Cache (4,373,811 downloads) and W3 Total Cache (1,975,480 downloads) have been affected by a vulnerability that allows remote users to execute arbitrary PHP code. The affected versions are: WP Super Cache (version 1.2 and below,  version 1.3.x and up are OK) W3 Total Cache (version 0.9.2.8 and below, version 0.9.2.9 is […]

Read More →

WordPress Attack Vectors and Open Amazon S3 Buckets Identified by Acunetix WVS

Recently there were a lot of news reports about an ongoing attack on sites using WordPress software. Attackers are using around 90,000 computers to try to brute force WordPress credentials. All these servers are trying common account names like admin, administrator, test, tom, jessica, … and common passwords like admin, 123456, password, … against a wide rage of […]

Read More →

New WordPress Checks in Acunetix Web Vulnerability Scanner v8 build 20130416

This new release of Acunetix Web Vulnerability Scanner version 8, build 20130416, includes new and improved vulnerability checks which target WordPress installations, web applications hosted on Amazon S3, various other web applications. New Functionality Added a test that enumerates valid WordPress usernames using various techniques. Added a test for weak WordPress passwords for the usernames […]

Read More →

Protect your WordPress from Mass Brute Force Attacks

Last week a sophisticated botnet that targets and launches brute force attacks against WordPress blogs and websites has been detected. Some WordPress hosting providers suffered downtime, security experts are exploiting this opportunity to sell their WordPress security services and thousands of WordPress sites have been hacked. The botnet is launching a mass brute force attack […]

Read More →

The Risks Associated with Third-Party Software Components

I was recently contacted by a colleague in an information security leadership position who was concerned about his developers using some third-party plug-ins for an enterprise application they were rolling out. His developers wanted to install these third-party components in order to speed up their development work. Sounds like a reasonable thing to do. However, […]

Read More →