The FBI has warned that ISIL is exploiting vulnerabilities in WordPress sites running out-of-date versions of WordPress or old versions of certain plugins or themes to deface the sites. The FBI’s statement: http://www.ic3.gov/media/2015/150407-1.aspx Sucuri’s writeup with mention of specific plugins to check: http://blog.sucuri.net/2015/04/fbi-public-service-annoucement-defacements-exploiting-wordpress-vulnerabilities.html The current version of WordPress (as of 4/8/2015) is 4.1.1. If you… Read More »
We are patching and rebooting all linux servers for the ‘GHOST‘ security vulnerability. Reboots aren’t needed often with linux, but because this patch replaces a library (glibc) that is used by many programs on each server, a reboot is required.
According to Ars Technica, encrypted eBay passwords and other information have been stolen by cyberattackers. If you have an eBay account, change your password ASAP. If your eBay password is one you’ve used on other services, including your accounts with HIS, change those passwords too, and don’t use the same password on more than one… Read More »
You may have read about the bug in OpenSSL that allowed attackers to access random 64k byte chunks of memory. This bug was reported by CERT on Monday, April 7, 2014. Software vendors supplied patches on April 7 and 8. A few of our SSL servers were vulnerable, and we had all patches applied and were… Read More »
Windows XP has reached end-of-life, and there will be no updates or security patches for XP after April 8, 2014. The bad news is that CERT estimates that 30% of all internet-connected PCs are still running XP, so a lot of people are going to be exposed to the latest malware with no help from… Read More »
his.com and hers.com mailboxes on mail.his.com have been increased in size to 5 gigabytes. You can add disk storage if you need it for $1/gb/month. You can check your storage status by logging on to https://webmail.his.com and hovering your mouse over the bar under your name at the top of the screen. Tip: if you… Read More »
There’s a significant attack by a botnet on WordPress sites, where the bots are trying to guess the passwords of common admin logins. More info: http://arstechnica.com/security/2013/04/huge-attack-on-wordpress-sites-could-spawn-never-before-seen-super-botnet/ If you are using WordPress and are using a common username or a common password, change it immediately to something less obvious. Update your WordPress admin password when in… Read More »
In order to expand disk space to accommodate larger user disk allowances, Zimbra servers mail.his.com and dc.his.com will be taken offline briefly this weekend: mail.his.com – starting at 3 AM EDT, Saturday, April 6th – COMPLETED 5:20 AM April 6 dc.his.com – starting at 3 AM EDT, Sunday, April 7th – COMPLETED with no downtime.
This bogus email is making the rounds and seems to be slipping past spam filters at the moment. If you get one of these messages, delete it. The link in the message takes you to a form that asks you to enter your email address and password. If you do this, you can count on… Read More »
We’re seeing a significant increase in the number of ‘phishing’ and malware email messages. Most of these are being stopped by Postini’s spam/virus filters, but some are getting through, and some are getting past our own spam/virus filters that we use to supplement Postini. These messages are well crafted and look like legitimate email from… Read More »