WHAT ARE THE SIGNS OF A HACKED WEBSITE?

The hacked website is a big problem becoming for business owners. Getting your site blacklisted, loss of traffic, complaints from client and hosting companies and all of the hard work you have put in into the promotion of your business is in danger. When the Giants Go DownEvery website is vulnerable to outage, even larger, well-known companies occasionally suffer website downtime. Every so often a client will contact us after the “death” of his website. Knowing the first symptoms of a...


Server's of LimeSurvey service was attacked by hackers

Server's of LimeSurvey service was attacked by hackers Specialists from the company RIPS Technologies found a dangerous vulnerability in the popular service for organizing online surveys LimeSurvey. vulnerability allow you to run arbitrary code on web servers. LimeSurvey is a free open source Internet application. According to Securityweek, it is downloaded about 10 thousand times a month. Users install the client on their server and interact with the system through the web interface. Two...


Facebook fights extortion of likes

Facebook fights extortion of likes The administration of Facebook is taking new measures to protect data - the social network introduced a special algorithm for recognizing faces. It will help users in time to find out that their photos have been published, even if they were not noted on the images. Inhabitants of the social network began to complain that posts with appeals like "Put LIKE if Aries" are becoming more, but until recently it did not cause fear. In this regard, the team of Facebook...


OWASP named the most serious risks for Web applications

OWASP named the most serious risks for Web applications Participants in the Open Web Application Security Project (OWASP) have compiled another list of the most dangerous threats for Web applications Participants in the Open Web Application Security Project (OWASP) have compiled another list of the most dangerous threats for Web applications. The new rating is formed on the basis of data from companies responsible for the security of web applications, as well as survey results of about 500...


In the popular WordPress plugin Formidable Forms are found and fixed critical vulnerability

In the popular WordPress plugin Formidable Forms are found and fixed critical vulnerability The popular Formidable Forms plug-in, available in both free and paid versions, has more than 200,000 active installations. The plugin offers website owners a tool for creating contact pages, polls, polls and other forms The well-known Finnish researcher Jouko Pynnönen, a specialist at Klikki Oy, warned of a number of critical vulnerability that he was able to detect in this product. The most dangerous...


Oracle fixed 20 dangerous vulnerabilities in Java SE

Oracle fixes 20 dangerous vulnerabilities in the Java SE In total, Oracle fixed 252 vulnerabilities in its products Oracle released the October security update Critical Patch Update 2017, which fixes a total of 252 vulnerabilities in a number of products, including Oracle Database Server and Java SE. The company fixed vulnerabilities in the Java Virtual Machine and in five other components of Oracle Database Server. The most dangerous of the problems was rated at 8.8 on the CVSS scale. Two of...


Hackers scan sites in search for private SSH-keys

Hackers scan sites in search for private SSH-keys A publication of a report on the lack of adequate protection for SSH led to an unexpected surge of scans Hackers scanned Web sites running WordPress in search for directories containing private SSH keys, in order to hack them with accidentally compromised credentials. Authentication by SSH can be carried with a classical model (using the login and password), as well as with the help of keys. In the second case, the administrator generates a pair...


Closed critical vulnerability in the PeopleSoft kernel engine

Closed critical vulnerability in the PeopleSoft kernel engine Closed on Tuesday, October 17, a vulnerability with remote code execution as part of a large quarterly issue of Oracle's critical patches has become an alarming call for businesses using PeopleSoft with open access from the Internet This bug with CVE-2017-10366 allows an attacker to remotely execute code on a server running PeopleSoft software. Researchers from ERPScan found that the error lies in the kernel engine. In other words,...


The WordPress plugin "Display Widgets" distributes malware

The WordPress plugin "Display Widgets" distributes malware The plug-in "Display Widgets", numbering more than 200 thousand installations, was finally removed from the plug-ins directory to WordPress after a series of incidents, which resulted in the substitution of malicious code for new releases. This code was a backdoor allowing the plug-in owners to control the content on the sites using the plug-in and perform the substitution of their ad units. All users of Display Widgets are advised to...


Detected critical vulnerability in Apache Struts

Detected critical vulnerability in Apache Struts The update of the Apache Struts 2.5.13 web framework, used to create Java web applications using the Model-View-Controller paradigm, is published. The release includes a critical vulnerability fix (CVE-2017-9805) that allows you to run code on the server side. The attack can be carried out by sending a specially designed HTTP request. The vulnerability is manifested when using the REST plug-in with an XStream handler for deserializing XML blocks...


Magento vulnerability has put 250 000 eCommerce websites under threat

Magento vulnerability has put 250 000 eCommerce websites under threat DefenceCode researchers (a company that provides consulting services in the field of information security) found a vulnerability in the Magento eCommerce platform that allows hackers to upload malware to the web servers.h4> Magento allows adding Vimeo videos in the description of a product. It is then shown as a preview image with a link to the video. When the web address of the image leads to another file (PHP scenario for...


Thousands of routers are used to hack WordPress based websites

Thousands of routers are used to hack WordPress based websites Wordfence specialists found that vulnerable routers are used to brute-force WordPress based websites. Experts noticed something strange last month when the amount of cyber-attacks in Algeria jumped suddenly. The country went from 60th to 24th place in Wordfence rating. A closer look at the problem shown that the Algerian WordPress websites were attacked from 10 000 different IP-addresses. And 95% of those addresses are own by a ...


Vulnerability in Nginx allows for root privileges in the system

Vulnerability in Nginx allows for root privileges in the system Attackers are able to escalate their privileges and compromise the system as a result Security researcher Dawid Golunski states that vulnerability in nginx (CVE-2016-1247) allows local attackers to obtain root privileges in the system. Intruders who have managed to compromise an application hosted on nginx server and gained access to www-data account can easily exploit this vulnerability. Attackers can escalate their privileges,...