Category: Security Bulletins

The Security Bulletins category provides quick and accurate information regarding IT security that may concern your server or account. We take security very seriously and work to ensure you are kept in the loop regarding these updates.We also maintain past security information should it be needed in the future.

Reading Time: 4 minutes

Introduction

Microsoft Exchange Security Update
   

In this article, we provide updated information concerning the ongoing threat posed by the malware directed at Microsoft Exchange Servers noted in CVE-2021-26855. We also furnish the steps needed to update and secure your Microsoft Exchange Server. In a recent post, the Cybersecurity & Infrastructure Security Agency posted a priority security advisory regarding the recent Microsoft Exchange Server vulnerability. They state:

Continue reading →
Reading Time: 3 minutes

A new vulnerability in PHP-FPM has been noted which could lead to remote code execution on nginx. An earlier message on Twitter exposed the CVE-2019-11043 bug:

Continue reading →
Reading Time: 3 minutes

AMP for WP -Accelerated Mobile Pages allows your site to be faster for mobile visitors. Along with last week’s report, the AMP plugin has also been added to the list exploited. The AMP for WP plugin was reported on October 20, 2018, by its developers. Luckily, the newest version, 0.9.97.20, of this plugin has patched for their known security flaws. This exploit has the means of putting 100,000+ users at potential risk, so its best to check if you are utilizing this plugin. In this tutorial, we will be checking if you use this plugin. Along with updating, we will also show you how to check if your site for compromises.

Continue reading →
Reading Time: 2 minutes

There is a new exploit, rated as 7.8 severity level,  that affects major Linux distributions of RedHat Enterprise Linux, Debian 8 and CentOS on both VPS servers as well as dedicated servers, called Mutagen Astronomy. Mutagen Astronomy exploits an integer overflow vulnerability in the Linux kernel and supplies root access (admin privileges) to unauthorized users on the intended server. This exploit affects Linux kernel version dating back from July 2007 to July 2017.  Living in the kernel, the memory table can be manipulated to overflow using the create_tables_elf() function. After overwhelming the server, the hacker can then overtake the server with its malicious intents.

Continue reading →
Reading Time: < 1 minute

Overview

A security vulnerability has been discovered in the ImageMagick software suite that can potentially allow remote code execution.

Continue reading →
Reading Time: 2 minutes

Overview

On March 2, Exim announced via its mailing list that it had discovered a vulnerability in all versions of its mail transport agent. Exim is the default MTA on cPanel servers. The latest version patches the vulnerability, and the latest cPanel update resolves the issue.

Continue reading →
Reading Time: 2 minutes

Overview

A new flaw has been found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could theoretically exploit this vulnerability to bypass RSA encryption, even when connecting via a newer protocol version, if the server also supports the older SSLv2 standard.

Continue reading →

Protecting Against CVE-2015-7547

Posted on by dpepper
Reading Time: 3 minutes

The Google Security Team and Red Hat have discovered a flaw in the way that certain types of DNS lookups are handled on some Linux servers. By exploiting this critical vulnerability, an attacker could gain full control over the system.

Continue reading →

Protecting Against CVE-2016-0728

Posted on by dpepper
Reading Time: 2 minutes

Overview

A critical vulnerability in the Linux kernel was announced on Jan. 14, 2016, by security researchers at Perception Point. The vulnerability has existed since 2012, and is present in all devices running version 3.8 of the Linux kernel and higher.

Continue reading →

cPanel TSR-2016-0001

Posted on by dpepper
Category: Security Bulletins | Tags: cPanel
Reading Time: 3 minutes

Overview

On January 18, 2016, cPanel announced that it had discovered vulnerabilities affecting all current versions of its control panel software. At the time of the announcement, cPanel issued a Targeted Security Release for each software tier, which the company said addresses 20 vulnerabilities in cPanel and WHM.

Continue reading →
← Older posts
Have Some Questions?

Our Sales and Support teams are available 24 hours by phone or e-mail to assist.

1.800.580.4985
1.517.322.0434