Domain registrar OpenSRS warns that there is an ongoing phishing attack against domain owners. The object is to trick you into providing credentials that will let the bad guys hijack your domain. If you get email claiming that your domain has been suspended, do not click any of the links or reply to the email… Read More »
mail.his.com is temporarily down because of a hardware problem. Check back for updates. 11:55 AM EDT – mail.his.com disk volumes are being checked for corruption. Repair in progress. 12:10 PM EDT – disk check / repair continues … 12:27 PM EDT – repairs complete, mail.his.com back online 12:38 PM EDT – No mail was… Read More »
WordPress 4.3.1 is now available. This is a an important security notice affecting all previous versions of WordPress and we strongly encourage you to update your sites immediately. Being proactive in the protection of your site is of one of the most important aspects of having a solid web site security policy. This release includes… Read More »
WordPress 4.2.1 Security Release WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. April 27, 2015 the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. If your web site… Read More »
The FBI has warned that ISIL is exploiting vulnerabilities in WordPress sites running out-of-date versions of WordPress or old versions of certain plugins or themes to deface the sites. The FBI’s statement: http://www.ic3.gov/media/2015/150407-1.aspx Sucuri’s writeup with mention of specific plugins to check: http://blog.sucuri.net/2015/04/fbi-public-service-annoucement-defacements-exploiting-wordpress-vulnerabilities.html The current version of WordPress (as of 4/8/2015) is 4.1.1. If you… Read More »
We are patching and rebooting all linux servers for the ‘GHOST‘ security vulnerability. Reboots aren’t needed often with linux, but because this patch replaces a library (glibc) that is used by many programs on each server, a reboot is required.
Email accounts are prime targets for spammers, who can no longer send spam directly from malware-infected computers because of improved spam filtering and steps that major providers like Verizon/Comcast/Cox have taken. If a spammer can hijack an email account, he’ll be able to send spam at high speed from a legitimate account until he gets… Read More »
According to Ars Technica, encrypted eBay passwords and other information have been stolen by cyberattackers. If you have an eBay account, change your password ASAP. If your eBay password is one you’ve used on other services, including your accounts with HIS, change those passwords too, and don’t use the same password on more than one… Read More »
Starting at 6:30 AM on Monday, 5/19/2014, multiple servers were hit with a high-volume spam flood from a Russian botnet that had hijacked user email accounts. The volume was so high that spam.his.com, which filters both incoming and outgoing mail, became backlogged and mail delivery became very slow. We identified the problem shortly after 7 AM and… Read More »
You may have read about the bug in OpenSSL that allowed attackers to access random 64k byte chunks of memory. This bug was reported by CERT on Monday, April 7, 2014. Software vendors supplied patches on April 7 and 8. A few of our SSL servers were vulnerable, and we had all patches applied and were… Read More »