According to a Google Security Researcher who was able to defeat all of the current patches and make the vulnerability easier to exploit, they are now recommending the following unofficial patch until it is pushed upstream:
Further Information:
source: hostingseclist
An update for cPanel was just released to address various security vulnerabilities. These updates provide targeted changes to address security concerns with cPanel and WHM. We recommend that you update as soon as possible.
An update for Plesk 12 (Windows) was just released to address various security vulnerabilities and it is recommended that you update as soon as possible. Official Link: http://download1.parallels.com/Plesk/PP12/12.0/release-notes/parallels-plesk-12.0-for-windows-change-log.html#12018-mu52
Researchers from the University of Maryland recently defeated Google’s reCAPTCHA 2 audio challenge system with the unCAPTCHA 2 proof of concept which bypasses the latest version of reCAPTCHA with 91% accuracy as of January, 2019.
Due to an exploit discovered in our billing and support system, our system was taken offline temporarily. This was done to ensure client data safety. The exploit was patched a short time afterwards, however we have decided to keep the billing portal temporarily offline until validity of this patch…
In April 2020, Google announced Web Vitals — a new set of metrics designed to measure the speed and user experience of websites. Last week, Google announced that these metrics will make its way into a core algorithm update as new ways of judging and ranking sites based on…
Numerous updates were just released to address various security vulnerabilities and it is recommended that you update as soon as possible. (XSA-145 to XSA-153) Official Link: http://xenbits.xen.org/xsa/ Source: Hostingseclist
Researchers from universities in Adelaide, Eindhoven, Chicago, Maryland and Pennsylvania have published a paper describing how they used a local side-channel attack to break the Libgcrypt encryption library. The exploit could be used to recover a RSA-1024 key.
An update for LiteSpeed 4 & 5 was just released to address a security vulnerability within OpenSSL (CVE-2015-1793) and it is recommended that you update as soon as possible.
A vulnerability that VMware patched recently in some of its products, is currently being exploited and Russian threat actors are leveraging this vulnerability to install malware on corporate systems and access protected data, the National Security Agency (NSA) warned on Monday.
This Public Service Announcement is a follow up to SA-CORE-2014-005 – Drupal core – SQL injection. This is not an announcement of a new vulnerability in Drupal. Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of…
Google confirmed Sunday that a new version of its Penguin filter aimed at fighting spam went live on Friday. Penguin targets sites deemed to be spammy, especially those found in violation of Google’s guidelines about linking. Some noticed major changes in Google search results beginning late Friday night US…
Multiple vulnerabilities for the Drupal CMS have been discovered. Drupal have released versions 8.3.4 and 7.56 which contain fixes for these security vulnerabilities. We recommend that you update Drupal as soon as possible.
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having CVSSv3 scores ranging from…
Joomla! has released version 3.7.3 of its Content Management System (CMS) software that addresses several security issues. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.
An update for Xen was just released to address two major security vulnerabilities and it is recommended that you update as soon as possible.
