The Joomla! team released a new version of Joomla! CMS yesterday to patch a serious and easy to exploit remote code execution vulnerability that affected pretty much all versions of the platform up to 3.4.5. As soon as the patch was released, we were able to start our investigation and found that it was alreadyRead […]
Archive | Security
RSS feed for this sectionCritical 0-day Remote Command Execution Vulnerability in Joomla
The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. This is a serious vulnerability that can be easily exploited and is already in the wild. Zero day Exploits in the Wild What is very concerning isRead […]
HTTP/2 Demo: Under the Hood
At first glance, the potential performance improvements of HTTP/1.1 versus HTTP/2 on our demo page may seem a bit hard to believe. So, we put together a technical explanation of how this demo actually works. We’d also like to credit the Gophertiles demo, which served as a basis for our own HTTP/2 demo. Overview A […]
Website Malware – Evolution of Pseudo Darkleech
Last March we described a WordPress attack that was responsible for hidden iframe injections that resembled Darkleech injections: declarations of styles with random names and coordinates, iframes with No-IP host names, and random dimensions where the random parts changed on every page load. Back then, we identified that it was not a server-level infection. TheRead […]
Server Security: OSSEC Updated With GeoIP Support
We leverage OSSEC extensively to help monitor and protect our servers. If you are not familiar with OSSEC, it is an open source Host-Based Intrusion Detection System (HIDS); it has a powerful correlation and analysis engine that integrates log analysis, file integrity monitoring, centralized policy enforcement, rootkit detection, real-time alerting, and active response. It provides aRead […]
SHA-1 Deprecation: No Browser Left Behind
After December 31, 2015, SSL certificates that use the SHA-1 hash algorithm for their signature will be declared technology non grata on the modern Internet. Google’s Chrome browser has already begun displaying a warning for SHA-1 based certs that expire after 2015. Other browsers are mirroring Google and, over the course of 2016, will begin […]
Increased Popularity in DDoS Extortion Campaigns
Over the past few months, our security operations group have identified and mitigated an increasing number of DDoS attacks tied to extortion attempts from different cyber crime groups, including DD4BC, Armada Collective and a few more unnamed ones. These DDoS extortion attempts are starting to exploit smaller websites that may be less able to defendRead […]
Tools for debugging, testing and using HTTP/2
With CloudFlare’s release of HTTP/2 for all our customers the web suddenly has a lot of HTTP/2 connections. To get the most out of HTTP/2 you’ll want to be using an up to date web browser (all the major browsers support HTTP/2). But there are some non-browser tools that come in handy when working with […]
HTTP/2 is here! Goodbye SPDY? Not quite yet
Why choose, if you can have both? Today CloudFlare is introducing HTTP/2 support for all customers using SSL/TLS connections, while still supporting SPDY. There is no need to make a decision between SPDY or HTTP/2. Both are automatically there for you and your customers. Enabling HTTP/2 If you are a customer on the Free or […]
Sucuri += HTTP/2 — Announcing HTTP/2 Support
We are happy to announce that we are now offering HTTP/2 support to all clients using our Website Firewall (CloudProxy) product. Our own site already supports HTTP/2 (including this blog) and we will be rolling out HTTP/2 to all account dashboards very soon. We have always supported SPDY (the HTTP/2 predecessor) and decided to upgradeRead […]
