Tag Archives: security

50 Top Server Monitoring & Application Performance Monitoring (APM) Solutions

August 6th 2017 Update: This list now contains 70 Top Server Monitoring & Application Performance Monitoring (APM) Solutions. Back in 2014, I compiled a list of the top 20 server performance monitoring solutions. Largely because I already had a list saved locally for my own reference. Sharing that list publicly was a great way to gain feedback and recommendations on […]

3rd DDoS attack today, beginning of a new era

4th Update: 20 min video response by Dale Drew, the chief security officer of Internet backbone company Level 3. 3rd Update: More details emerging “that some of the infrastructure responsible for the distributed denial-of-service (DDoS) attacks against Dyn DNS were botnets compromised by Mirai malware.” says Flashpoint. I’ll continue to update with additional information and important links. 2nd Update: 3rd Attack […]

WordPress Plugin being exploited. Delete inactive plugins

For the past few days an increasing number of WordPress websites have been infected by attackers exploiting a vulnerability in the WordPress plugin: WP Mobile Detector. The plugin with over 10,000 active installs was at one point removed completely from the WordPress repository with no patch available. However, as of today the WP Mobile Detector plugin has been patched […]

OpenSSL Security Updates – Severity: High

A new set of security updates for OpenSSL were just released this morning to address various security vulnerabilities, some of which are considered to be “high” severity. Please update as soon as possible. To update keep an eye open for Linux distro updates via package managers such as yum, apt-get, etc. Control panel updates for cPanel and others will be released over […]

The Sony Hack: An Inside Job. Here’s why…

From day one, as details leaked about stolen system administrator passwords, many of us knew that the Sony Hack had to have been an inside job. The simple reason is that system administrators setup notifications for both denied login attempts and more importantly, alerts for successful logins. These hackers reportedly stole a “System’s Administator’s password” which […]

Poodlebleed vulnerability SSL version 3.0

Google Online Security blog released details of a SSLv3 vulnerability called POODLE attack. Here you’ll find links to all the important info, all in one place! Official website: poodlebleed.com (Test your website against Poodlebleed) Security advisory (PDF download) | Google Blog | Firefox Blog | OpenSSL update | Red Hat | Nice article Fedora Blog | Discussion on […]

CVE-2014-6271: Vulnerability in Bash allows remote execution of arbitrary code

Patch instructions for CVE-2014-6271 and CVE-2014-7169 are at the end of this post. UPDATE 1: Patching Bash may not be the end of this. There’s still discussion regarding if the changes completely fixed or not. UPDATE 2: Another patch being tested. UPDATE 3: From Red Hat “Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can […]

Patched Servers Remain Vulnerable to Heartbleed OpenSSL

If an attacker has already exploited the Heartbleed bug to steal your SSL private keys they can continue to decrypt all past and future traffic even after the vulnerability has been patched. A security vulnerability in OpenSSL called the Heartbleed bug (CVE-2014-0160) has been found. This vulnerability has been open for exploit for about 2 years but was only recently […]