An updated build of Acunetix Web Vulnerability Scanner Version 7 was released. This new build (20110823) includes the new Firefox plugin which supports ireFox version 5, two new security checks and a bug fix in the automated WSDL web service scanner. New Security checks Complex…
US Police Servers Breached in New Anonymous Attack
On the 31st of July 2011, the system administrator of Brooks-Jeffrey Marketing (BJM) was working on his newly upgraded servers. At exactly the same time a hacker was slowly sniffing his way through the same systems and picking up everything in his tracks. The hacker had rooted…
Anonymous hack US Department of Defence – Analysis of the Attack
On the 12th of July 2011, Booz Allen Hamilton the largest U.S. military defence contractor admitted that they had just suffered a very serious security breach, at the hands of hacktivist group AntiSec. Operation Anti-Security (AntiSec) is a hacking operation, carried out by two of the biggest…
TimThumb vulnerability: a big number of WordPress plugins and themes are affected
Recently a new high risk vulnerability was discovered in the highly popular TimThumb script. TimThumb is a “A small php script for cropping, zooming and resizing web images (jpg, png, gif). Perfect for use on blogs and other applications.“ TimThumb is included in a lot…
htaccess Files and WordPress Security
Adding server-side protection around the WordPress wp-admin folder is like adding a second layer of protection to your WordPress admin area, login page and files. Server-side protection can be added by adding a .htaccess file (directory level configuration file) in your wp-admin WordPress sub directory….
Are You Visiting a Safe Website?
Nowadays, website malware, online scams and other sorts of web security hazards have become a common nuisance. How can anyone be safe with dangerous websites popping up constantly? Well, you can easily spot if you are on a hacked website or not by following some…
Properly Scoping your Web Security Assessments
I’ve heard experts in time management say that one minute of planning can save you five minutes in execution. This applies to so many things we do in IT and information security but I can’t think of anything more important than security testing. Applying the…
WordPress Database Security: Why Change the Database Tables Prefix
The majority of reported WordPress database security attacks were performed by exploiting SQL Injection vulnerabilities. By renaming the WordPress database table prefixes you are increasing the security of your WordPress blog and website from zero day SQL injections attacks. WordPress Database Security: The Prefix Guessing…
Malicious Hackers Slurp over a million user accounts from Washington Post
The Washington Post website has been hit with a double security breach. Malicious hackers have made off with around 1.3 million user IDs and email address from the “Jobs” section of the site. The attackers were able to gain access on two separate occasions:…