On the 12th of July 2011, Booz Allen Hamilton the largest U.S. military defence contractor admitted that they had just suffered a very serious security breach, at the hands of hacktivist group AntiSec. Operation Anti-Security (AntiSec) is a hacking operation, carried out by two of the biggest…
Author Archives Acunetix
THE AUTHOR
Acunetix
TimThumb vulnerability: a big number of WordPress plugins and themes are affected
Recently a new high risk vulnerability was discovered in the highly popular TimThumb script. TimThumb is a “A small php script for cropping, zooming and resizing web images (jpg, png, gif). Perfect for use on blogs and other applications.“ TimThumb is included in a lot…
htaccess Files and WordPress Security
Adding server-side protection around the WordPress wp-admin folder is like adding a second layer of protection to your WordPress admin area, login page and files. Server-side protection can be added by adding a .htaccess file (directory level configuration file) in your wp-admin WordPress sub directory….
Are You Visiting a Safe Website?
Nowadays, website malware, online scams and other sorts of web security hazards have become a common nuisance. How can anyone be safe with dangerous websites popping up constantly? Well, you can easily spot if you are on a hacked website or not by following some…
WordPress Database Security: Why Change the Database Tables Prefix
The majority of reported WordPress database security attacks were performed by exploiting SQL Injection vulnerabilities. By renaming the WordPress database table prefixes you are increasing the security of your WordPress blog and website from zero day SQL injections attacks. WordPress Database Security: The Prefix Guessing…
Malicious Hackers Slurp over a million user accounts from Washington Post
The Washington Post website has been hit with a double security breach. Malicious hackers have made off with around 1.3 million user IDs and email address from the “Jobs” section of the site. The attackers were able to gain access on two separate occasions:…
Acunetix Web Vulnerability Scanner Version 7 Build 20110711 Released
An updated build of Acunetix Web Vulnerability Scanner Version 7 was released. This new build (20110711) features improved Cross-Site scripting (XSS) web security checks, an improved crawler, better web 2.0 support and a number of bug fixes. New feature: Included IMAGE tag with source…
How can I change the WordPress database table name prefix?
**Do not do the below change unless you are comfortable with PHPMyAdmin and making changes to MySQL. If not, ask someone who is familiar with WordPress and MySQL to assist you. Also, backup your blog; it is of utmost importance that before doing any changes…
Recently Backdoored WordPress Plugins
In the previous article, The Rise of the Backdoored WordPress Plugins, I discussed the ever-growing threat to WordPress security in the form of compromised plugins. As promised, here are the changes made by attackers to the popular plugins, WPtouch, W3 Total Cache and AddThis. WPtouch…