Important Vulnerability on Advanced Custom Fields Plugin for WordPress

Imunify360 researchers have recently found a wave of attacks exploiting a known vulnerability in Chamilo LMS (CVE-2023-34960) to escalate and execute arbitrary commands. Chamilo is an e-learning platform, also called Learning Management Systems (LMS), widely used by Universities and NGOs with a total of ~85k installations.

The introduction of cPanel in 1996 simplified Linux hosting management, and almost 30 years  later it’s still a favorite for website owners and hosters alike. The changes in the Linux operating system, additional distributions, new attack vectors, and discovered vulnerabilities force cPanel developers to release security patches frequently. The cPanel software has gone through several version updates, and each change increases complexity. The added complexity makes it more likely for hackers to find vulnerabilities, but your business can reduce risks by following these best practices to avoid becoming a victim of an exploit. The article goes over tips and tricks on how to keep your cPanel account protected.

In the ever-evolving landscape of cybersecurity threats, no one is truly immune from the devastating consequences of a ransomware attack. Recent headlines have highlighted the unfortunate plight of Danish hosting firms CloudNordic and AzeroCloud. Their stories are a stark reminder that even the most vigilant organizations can fall prey to cybercriminals. In this article, we'll delve into the details of this attack, the lessons we can draw from it, and the importance of robust cybersecurity solutions like Imunify360 in safeguarding against such incidents.

сPanel is one of the most popular control panels on the web with a broad community and a large number of extensions. But as always, popularity has its price: every month Imunify web security analysts detect tens of thousands of specialized automated attacks on cPanel users’ accounts. The vast majority of such attacks are simple Brute-Force, however, there is always a portion of more sophisticated attempts like SQLi and others.

In the ever-changing world of web hosting, we're always on the lookout for ways to strike a balance between solid server security and helping hosting businesses grow. This challenge has led us to find innovative solutions that make things safer and open doors to new possibilities. Today, we're excited to introduce you to something revolutionary that enhances security and brings exciting growth opportunities.

In today's digital landscape, monetizing websites through ads has become a standard practice, but it comes with security trade-offs.

Are you a website owner? Do you rely on your website to drive business, engage customers, and generate revenue? If so, you understand the critical importance of keeping your website online and accessible to visitors. In today's digital age, downtime can have a significant impact on your bottom line and reputation. To help you navigate this crucial aspect of website management, NameHero, and Imunify360 are excited to present the webinar on "Mastering Website Uptime: Ensuring Your Online Success."

Cybercriminals, in their relentless pursuit of exploiting vulnerabilities, have recently focused their efforts on a critical flaw in the WooCommerce Payments WordPress plugin. This flaw, tagged as CVE-2023-28121, is a perfect example of how an unauthorized attacker can impersonate users and potentially gain complete control over websites. The sheer scale and potential for site takeovers underscore the importance of deploying comprehensive cybersecurity solutions, such as Imunify360, to detect and protect against such threats in real time.

In the vast landscape of hosting providers, a delicate dance unfolds. These companies rely on a complex web of software and infrastructure components to deliver seamless customer services. However, beneath the surface of this intricate system lies a lurking danger: vulnerabilities that hackers can exploit. To safeguard against these threats, hosting companies must remain constant and employ meticulous patch management practices. In this article, we will delve into the critical importance of patching vulnerabilities in software and infrastructure to ensure the impregnability of hosting systems.

For Linux-based web servers, ModSecurity is an open-source web application firewall (WAF) that protects websites from specific threats. Most threats take advantage of poorly coded web applications either through cross-site scripting (XSS), SQL injection (SQLi), header exploits, session hijacking, and code injection. Web-based exploits are distinctive from network and protocol layer attacks, so they need different technology -- such as a WAF -- to stop them. Most applications have at least one bug, and it could be just one bug that creates a vulnerability. A WAF will help you stop exploits on these vulnerabilities. This articles provides more information about the following topics: