Tag: Vulnerability

Reading Time: 7 minutes

What is Mimikatz?

Mimikatz is a tool created by the French developer, Benjamin Delpy used to gather credentials and can carry out a range of operations connected with penetration testing. Its creation stems from a noted vulnerability of the Windows system function called WDigest. WDigest is designed to allow larger Windows-based network users to establish credentials in multiple applications on a LAN or WAN. This feature stores authentication credentials in memory and allows for their automatic reuse so users only have to enter their login details once.

Continue reading →
Reading Time: 20 minutes

What is Lynis?

Lynis is a well known, seasoned security tool for Linux based systems (including macOS and/or other Unix-based operating systems. It performs an extensive health scan of your systems to support system hardening and compliance testing. The project is open-source software with the GPL license and available since 2007.

Continue reading →
Reading Time: 3 minutes

A new vulnerability in PHP-FPM has been noted which could lead to remote code execution on nginx. An earlier message on Twitter exposed the CVE-2019-11043 bug:

Continue reading →
Reading Time: 3 minutes

AMP for WP -Accelerated Mobile Pages allows your site to be faster for mobile visitors. Along with last week’s report, the AMP plugin has also been added to the list exploited. The AMP for WP plugin was reported on October 20, 2018, by its developers. Luckily, the newest version, 0.9.97.20, of this plugin has patched for their known security flaws. This exploit has the means of putting 100,000+ users at potential risk, so its best to check if you are utilizing this plugin. In this tutorial, we will be checking if you use this plugin. Along with updating, we will also show you how to check if your site for compromises.

Continue reading →
Reading Time: 3 minutes

As of November 9, 2018, the WP GDPR Compliance plugin has been exploited by hackers. This plugin aids e-commerce site owners in compliance with European privacy standards. Since the very nature of GDPR is to protect the personal data and privacy of EU citizens, it should be tended to as soon as possible to avoid a costly cleanup. WP GDPR Compliance is also known for working in conjunction with many forms including Contact Form 7, Gravity Forms, and WordPress Comments.

Continue reading →
Reading Time: < 1 minute

Overview

Information on CVE-2015-5154 was made public on July 27, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.

Continue reading →
Reading Time: < 1 minute
Overview

VENOM, or Virtualized Environment Neglected Operations Manipulation, was made public on May 13, 2015. The vulnerability is in QEMU, a generic and open source machine emulator and virtualizer that is utilized by Xen, KVM, and other modern hypervisors / virtualization platforms.

Continue reading →
Reading Time: 2 minutes

The popular WordPress plugin WP Super Cache has been found to have a cross-site scripting (XSS) vulnerability in versions prior to 1.4.4. On sites with outdated versions, it is possible for an attacker to take complete control of the WordPress site. Please note: this vulnerability only affects users which have installed WP Super Cache. However, if you are unsure if you use the plugin or not you should still take precautions to protect your site.

Continue reading →
Reading Time: 2 minutes

Step 1: Login to WordPress as Administrator

Hopefully, you’re already well-versed in logging into your WordPress site as an administrator!

Continue reading →
Reading Time: 2 minutes

On September 24th, a vulnerability was reported in the GNU Bourne-Again-Shell (BASh, or Bash), specifically a flaw with how Bash processes values of environment variables, that allows remote code execution of varying types in many common configurations. The overall risk is severe due to bash being configured for use, by default, on most Linux servers.

Continue reading →
Newer posts →
Have Some Questions?

Our Sales and Support teams are available 24 hours by phone or e-mail to assist.

1.800.580.4985
1.517.322.0434