Learn quick and accurate information regarding IT security that may concern your server or account. Liquid Web takes security very seriously and works to ensure you are kept in the loop regarding security updates and information. Past security information is maintained should it be needed in the future.
Top 10 Password Security Standards
Since ancient times, people have used passwords, which are almost ubiquitous in our personal and professional lives. Though people were expected to remember their passwords as a best practice, it is practically impossible to remember hundreds of complex passwords. Therefore, people created passwords that were easy to remember and reuse across numerous accounts. However, repeated use of the same weak passwords causes data breaches and security issues.
Microsoft Exchange Server Security Update
In this article, we provide updated information concerning the ongoing threat posed by the malware directed at Microsoft Exchange Servers noted in CVE-2021-26855. We also furnish the steps needed to update and secure your Microsoft Exchange Server. In a recent post, the Cybersecurity & Infrastructure Security Agency posted a priority security advisory regarding the recent Microsoft Exchange Server vulnerability. They state:
PHP-FPM/Nginx Vulnerability – CVE-2019-11043
A new vulnerability in PHP-FPM has been noted which could lead to remote code execution on nginx. An earlier message on Twitter exposed the CVE-2019-11043 bug:
WordPress Exploit – AMP Plugin
AMP for WP -Accelerated Mobile Pages allows your site to be faster for mobile visitors. Along with last week’s report, the AMP plugin has also been added to the list exploited. The AMP for WP plugin was reported on October 20, 2018, by its developers. Luckily, the newest version, 0.9.97.20, of this plugin has patched for their known security flaws. This exploit has the means of putting 100,000+ users at potential risk, so its best to check if you are utilizing this plugin. In this tutorial, we will be checking if you use this plugin. Along with updating, we will also show you how to check if your site for compromises.
Protecting against CVE-2018-14634 (Mutagen Astronomy)
There is a new exploit, rated as 7.8 severity level, that affects major Linux distributions of RedHat Enterprise Linux, Debian 8 and CentOS on both VPS servers as well as dedicated servers, called Mutagen Astronomy. Mutagen Astronomy exploits an integer overflow vulnerability in the Linux kernel and supplies root access (admin privileges) to unauthorized users on the intended server. This exploit affects Linux kernel version dating back from July 2007 to July 2017. Living in the kernel, the memory table can be manipulated to overflow using the create_tables_elf() function. After overwhelming the server, the hacker can then overtake the server with its malicious intents.
Protecting Against CVE-2016-3714 (ImageMagick)
A security vulnerability has been discovered in the ImageMagick software suite that can potentially allow remote code execution.
How To Protect Your cPanel Server Against CVE-2016-1531
On March 2, Exim announced via its mailing list that it had discovered a vulnerability in all versions of its mail transport agent. Exim is the default MTA on cPanel servers. The latest version patches the vulnerability, and the latest cPanel update resolves the issue.
Is Your cPanel Server Protected Against CVE-2016-0800 (DROWN)?
A new flaw has been found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could theoretically exploit this vulnerability to bypass RSA encryption, even when connecting via a newer protocol version, if the server also supports the older SSLv2 standard.
Protecting Against CVE-2015-7547
The Google Security Team and Red Hat have discovered a flaw in the way that certain types of DNS lookups are handled on some Linux servers. By exploiting this critical vulnerability, an attacker could gain full control over the system.
Protecting Against CVE-2016-0728
A critical vulnerability in the Linux kernel was announced on Jan. 14, 2016, by security researchers at Perception Point. The vulnerability has existed since 2012, and is present in all devices running version 3.8 of the Linux kernel and higher.
Our Sales and Support teams are available 24 hours by phone or e-mail to assist.