Plesk 12 Security Updates Issued

Due to an exploit discovered in our billing and support system, our system was taken offline temporarily. This was done to ensure client data safety. The exploit was patched a short time afterwards, however we have decided to keep the billing portal temporarily offline until validity of this patch…

After the drama and panic in the last few weeks regarding the changes in the control panel landscape and in particular the changes at cPanel, many are now contemplating switching control panels. But what options are currently available? An overview below.

Newsletter, a free WordPress plugin with more than 300,000 installations, was found to contain multiple vulnerabilities that could eventually lead to the takeover of an affected website. The bugs were discovered by the Wordfence team who notified the developer of the plugin.

A remote code execution vulnerability has been reported in Exim, with immediate public disclosure (we were given no private notice). A tentative patch exists but has not yet been confirmed. Exim is a widely used mail transfer agent used on Unix-like operating systems.

Joomla! has released version 3.7.3 of its Content Management System (CMS) software that addresses several security issues. A remote attacker could exploit some of these vulnerabilities to take control of an affected website.

A vulnerability that VMware patched recently in some of its products, is currently being exploited and Russian threat actors are leveraging this vulnerability to install malware on corporate systems and access protected data, the National Security Agency (NSA) warned on Monday.

WordPress 4.2.3 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

Simply patching systems against the Bash/Shellshock vulnerability may not be adequate. Attacks exploiting the flaw appeared within a day of its disclosure. Those attacks may have made changes to systems that would not be remedied by the application of a patch.

Oakley Capital has acquired web hosting control panel Plesk in a deal valued at $105 million, making Plesk a completely independent company from Parallels. According to a statement by Plesk on Friday, it plans to move beyond traditional web hosting into the hyperscale cloud – offering support for WordPress…

Researchers from universities in Adelaide, Eindhoven, Chicago, Maryland and Pennsylvania have published a paper describing how they used a local side-channel attack to break the Libgcrypt encryption library. The exploit could be used to recover a RSA-1024 key.

An update for OpenSSL on RHEL was just released to help address the Poodle OpenSSL security vulnerability and it is recommended that you update as soon as possible. This update adds support for the TLS Fallback Signaling Cipher Suite Value (TLS_FALLBACK_SCSV), which can be used to prevent protocol downgrade…

Joomla! 3.7.1 is now available. This is a security release for the 3.x series of Joomla! which addresses one critical security vulnerability and several bug fixes. The security issue was found to be the result of inadequate filtering of requested data that lead to a SQL Injection vulnerability. We…

VMware has fixed a critical flaw in its vCenter Server that could be exploited to execute code remotely. The vulnerability affects vCenter versions 6.5 and 6.0. Users are urged to upgrade to versions 6.5c or 6.0U3b. US-CERT warned about the vulnerability, stressing exploitation could result in an attacker taking…

An update for LiteSpeed 4 & 5 was just released to address a security vulnerability within OpenSSL (CVE-2015-1793) and it is recommended that you update as soon as possible.

Security updates have been issued for several Linux distributions to address a flaw in Sudo. Sudo allows users to run programs with the security privileges of another user, by default the superuser. Users must, by default, supply their own password for authentication, rather than the password of the target…