Jetpack Critical Security Vulnerability

jetpack

Today a critical vulnerability was found in one of the most popular and widely used WordPress plugins - Jetpack. Fortunately, according to the plugin authors there is no evidence that this issue has been used to hack real sites. However, an update of the plugin was released - Jetpack 4.0.3.

As usual, our security team was pro-active and updated our WAF (web application firewall), adding rules to prevent the hack from being used. This means that even if your plugin is not updated to the latest version, your site will still be protected. However, we urge all Jetpack users to update the plugin to its latest version in which the vulnerability is patched.

ImageMagick Vulnerability Fixed

imagemagick

ImageMagick is one of the most widely used services to process images. Most of the web applications use it for many different purposes - to crop images, to resize them, to generate different thumbnail sizes, etc. Unfortunately, a serious vulnerability was discovered within the service, that allows an attacker to execute code remotely on your site. As usual our security team started working on a way to protect our customers immediately and came up with a solution hours after the vulnerability was disclosed.

Read More

Critical glibc Vulnerability Patched on all SiteGround Servers

gnu

Hours ago a critical vulnerability in  the GNU C Library (glibc) was announced alongside a proof of concept for the attack. This library is one of the main components in the majority of Linux distributions (if not all) including those, used for server OS'es. Without getting into too much technicalities, the exploit allows an attacker to remotely execute code by following a simple link. That's one of the most severe vulnerabilities discovered in the recent years and potentially affects pretty much any Linux server out there.

Given that all SiteGround servers run on CentOS - a Linux distribution, we took immediate measures to secure our machines. I am happy to announce that a patch has been applied on all our servers and our customers are well protected against this security threat!

WordPress 4.4.1 Security & Maintenance Release

wp-vulnerabilityfixed

A new WordPress security update 4.4.1 was announced yesterday. The latest version fixes a cross-site scripting vulnerability that allows a site to be compromised as well as some minor issues.

All WordPress sites at SiteGround with enabled autoupdate service have been updated to the new version 4.4.1 last night and are safe and sound. For all WordPress sites that do not have the autoupdate option on, we have applied a rule in our WAF (web application firewall) that will block possible hacking attempts. As our firewall rule is not covering all possible hack scenarios, we are additionally patching WordPress sites on versions 3.7 to 4.4 at a website level.

Regardless of the security shields we have placed, we still recommend all websites that have not been autoupdated to upgrade to the newest version 4.4.1 or to the latest version within their current branch as soon as possible.

 

Critical Vulnerability in Joomla Fixed on Zero-day

joomla-vulnerability

Yesterday, a serious vulnerability that affects all major Joomla versions was disclosed. Using this security breach a hacker could do a full remote command execution on the targeted site. We have worked together with the Joomla Security teams and came up with a rule in our WAF (web application firewall) that would block hacking attempts using this vulnerability and we don't have reports for hacked accounts through this exploit.

Read More