Venom Vulnerability and SiteGround Cloud and VPS Accounts

vulnerability-fixed-venom

A serious security issue in one of the world's most popular machine emulator and virtualizer QEMU, used by the most popular virtualization systems - KVM, Xen and others has been discovered. The so-called Venom attack allows an user with root access to his/her virtual machine to gain root access to the entire host node under special circumstances. An official patch of for qemu-kvm has already been released and it fixes the vulnerability.
Read More

Protected Against a Vulnerability in WordPress SEO by Yoast Plugin

idealno

A security vulnerability in the famous WordPress SEO plugin by Yoast was just reported by the WP Scan Vulnerability Database website. Our security specialists have immediately reacted to protect all SiteGround customers and have crafted and added new security rules to our WAF (web application firewall). This means that we will actively filter any possible incoming hacking attempts that try to exploit the vulnerability.

Although Yoast SEO users are protected on our servers we still highly recommend to anyone using the plugin to update it to the latest version 1.7.4. This latest release is not vulnerable to the reported Blind SQL Injection.

WP eCommerce Plugin Vulnerability Fixed

bash

Yesterday Sucuri reported a new vulnerability in WP eCommerce - a popular WordPress plugin for online stores. The vulnerability allows attackers to obtain private information from websites. All versions of the WP eCommerce extension before 3.8.14.4 are vulnerable and attackers may export all user accounts, addresses and other information related to people, who used your site and the plugin to purchase any products from your site.
Read More

Time to Say Goodbye to SSL Version 3.0

ssl-farewell

It is no secret that securing your client’s data is an ongoing process and not something that you can simply install on a server/platform. That is why security solutions and protocols evolve all the time and developers frequently release new versions. The two cryptographic protocols that provide communication security over the Internet are TLS and SSL. The latest version of Secure Sockets Layer (SSL version 3.0) is the predecessor of TLS and is nearly 15 years old. So it was only a matter of time for someone to find the next big issue related to the SSL protocol. Yesterday Bodo Möller from the Google Security Team wrote a blog post about a new vulnerability in the design of SSL version 3.0. The vulnerability allows attackers to calculate the plain text of secure connections.
Read More