Zero-day Duplicator Plugin Vulnerability – Patch it with BitNinja WAF
Eniko Toth

Zero-day Duplicator Plugin Vulnerability – Patch it with BitNinja WAF

On 19 February 2020, Wordfence reported a highly critical vulnerability found in the popular Duplicator plugin for WordPress. This plugin is useful when users want to migrate and copy WordPress sites. With Duplicator, sysadmins can create a new copy of the site and the generated file can be downloaded from the WP dashboard. WordPress Duplicator Plugin Zero-day Vulnerability Exploiting the newly discovered zero-day vulnerability allows hackers to download arbitrary files from the target sites. More than 1 million WordPress websites are affected by this security flaw. When users crea...
Read more
Best of 2019 – The 15 Most-Read Cybersecurity News
Eniko Toth

Best of 2019 – The 15 Most-Read Cybersecurity News

Hackers and cyberattack techniques are evolving every day. Hosting companies and every server owner should keep an eye on the cybersecurity news to prepare themselves and protect their systems against the new types of threats. That’s why BitNinja collects the hottest cybersecurity news and sends out a Cybersecurity Digest each month. Now, we’ve summarized the Top 15 articles from 2019 that our readers loved the most. Here is the list: 1. Hackers Planted Backdoor in Webmin, Popular Utility for Linux/Unix Servers On the 10th of August at the DevConf, a Turkish researcher revealed a z...
Read more
5 Steps to Creating an Effective Cyber Security Policy for Employees
Eniko Toth

5 Steps to Creating an Effective Cyber Security Policy for Employees

Technology is always evolving, and there are continuous new developments that change the spectrum of what is possible and what companies can do with technology. Because of this, cyberattacks, and therefore cybersecurity, are constantly adapting and reviewing their methods to stay on top of things. This is difficult for cybersecurity teams because technology moves so fast that staying ahead of the curve is harder than it seems. Without even noticing them, vulnerabilities can occur and often the most corrective measures in cybersecurity are taken after a massive breach or failure. Tha...
Read more
How malware could be affecting your business without you realising
Eniko Toth

How malware could be affecting your business without you realising

All businesses need to be doing as much as possible to ensure that they are defended against cyber-attacks. But cyber-crime has become so sophisticated that in many cases your company could be compromised without you even realizing it. Here we take a look at some of the ways that malware could be working within your system without you knowing. Cryptojacking You have probably heard of cryptocurrencies such as Bitcoin. These alternatives to traditional currency were first introduced practically in 2009 and they have become extremely popular very quickly. But you might not realize that some...
Read more
Five key things we can learn from this year’s cyber-attacks
Eniko Toth

Five key things we can learn from this year’s cyber-attacks

The number of cyber-attacks against businesses grows every year, with 2019 likely to see record numbers already. While it is not good news that businesses continue to suffer from attacks, the number of reported incidents in the news does at least provide savvy organizations with learning opportunities to avoid making the same mistakes. Here are five key learnings from high-profile cyber-attacks this year-to-date. Secure your databases properly In April, Canadian telecommunications firm Freedom Mobile suffered a breach when an unprotected database was exposed, leaking sensitive personal a...
Read more
8 Best Cybersecurity Books to Read
Eniko Toth

8 Best Cybersecurity Books to Read

In our Ninja HQ, we have a library with more than 400 books. We love learning new things and we truly believe in the life-long learning approach. In this quickly changing world, keeping yourself up-to-date is essential. There are tons of books on cybersecurity, but in this article, we’d like to give you a personal recommendation if you’d like to find the best books about this topic. I asked our CEO, George Egri about his favorite books and here comes the Top 8s: Malware Forensics Field Guide for Linux Systems Written by: Cameron H. Malin, Eoghan Casey, James M. Aquilina De...
Read more
A Cybersecurity Guide for Small Businesses
Eniko Toth

A Cybersecurity Guide for Small Businesses

If you use the internet and have valuable information on either your phone, laptop, tablet, or computer, then you are at risk from a cyber attack. Below we will cover five key areas to consider when devising a strategy to protect your business assets. Cybersecurity is the term used to describe how businesses and individuals protect their data and digital assets from loss, theft or any other type of compromise. Cyber attacks can occur in a multitude of different ways, with more being thought up daily. Couple this with more and more business being done online, there is a growing trend in mali...
Read more
New security feature against phishing sites
Boglarka Angalet

New security feature against phishing sites

Cybercriminals can easily attempt to break into shared hosting environments to use their resources for different types of attacks. Phishing is one of the most irritating forms, where the provider, the website owner and all of their visitors are affected. These attacks also highlight the responsibility of hosting providers, and that’s why we have just launched BitNinja’s new anti-phishing feature, to give a new weapon in your hands for fighting the hackers. Why phishing? Phishing is quite an old-school hacker technique, which seems to never go out of fashion. Since the technique simply...
Read more
New BitNinja WAF Rules to Protect Against RCE Attacks
Eniko Toth

New BitNinja WAF Rules to Protect Against RCE Attacks

Your server’s safety is the number one priority for us, that’s why we have created two new BitNinja WAF rules which are already part of the safe minimum ruleset. They grant protection against the following vulnerabilities: Magento Remote Execution Protection Those who are using Magento and didn't apply the patch are vulnerable to RCE (remote code execution) attacks. By targeting the “Cms_Wysiwyg” controller, the attacker can take over the site and gain information such as customers’ credit card details. BitNinja will block requests sent to this controller which contain exact para...
Read more
The Most Famous Vulnerabilities – Remote Code Execution (RCE)
Jozsef Konnyu

The Most Famous Vulnerabilities – Remote Code Execution (RCE)

If someone wants to use a server resource or take control of the server in some way or wants to steal data, then he does it via remote code execution vulnerability. What is Remote Code Execution? This vulnerability triggers in so many ways, but in most cases, it is possible via the following methods. •Untreated inputs •Untreated file uploads We talk about an untreated input when there is little validation on the server side or none at all. For example, we have a server control panel, and we have an input on it, where we can add commands which will run directly on the server. In...
Read more