Important Vulnerability on Advanced Custom Fields Plugin for WordPress

We’re pleased to announce the support of Debian 12 (Plesk, DirectAdmin, and generic panels, see stand-alone integration) by Imunify products with one important note: Imunify360-firewall required legacy iptables support. To turn it on execute the following commands:

Imunify360 researchers have identified a growing number of malicious redirects on Joomla CMS.

In this post, discover how Imunify360 is leading the charge against a sophisticated cyber threat targeting Joomla CMS. This post delves into the rise of malicious redirects caused by a deceptive fake-plugin, capable of injecting harmful scripts into websites. Learn about the insidious mechanism of this threat, which targets unsuspecting visitors with phishing and malware, and how Imunify360's advanced security measures, including its proactive scanner and comprehensive defense system, offer robust protection against such evolving cyber dangers. Protect your Joomla site with Imunify360's integrated antivirus, firewall, and WAF, ensuring the safety and integrity of your online presence.

One of the easiest ways to attack a web site is to gain entry through a content management system, such as WordPress. To do this, hackers try to force a login to a site’s WordPress installation using frequently used passwords. These sorts of attacks are known as brute-force attacks. Additionally, read our website hosting security and WordPress Security article and learn how to keep your website secure.

In today's digital landscape, server security is crucial for hosting providers. Cyber threats are rampant, demanding the safeguarding of infrastructure and maintaining trust. XetNET faced escalating cyber threats, overwhelmed IT and security teams, and the risk of reputation damage. Their goals were clear: robust protection, uncompromised performance, real-time monitoring, and seamless integration.

We designed a set of messages to report information about security threats that are dangerous for the server. Imunify uses cPanel contact manager to send notifications about those threats. We hope you will find them helpful. This feature can be managed through CLI. 

IMPORTANT: Upcoming Requirement for Configuration

In one month, a change will take effect for all users utilizing generic control panel integration.

The "[integration_scripts].panel_info" option, currently optional, will become mandatory. This requirement is exclusive to generic control panel users and does not apply to those on cPanel, Plesk, or DirectAdmin.

We ask you to prepare by populating this option with the appropriate script, as detailed in our documentation: Specifying Panel Information Documentation.

We’re pleased to announce the launch of a new Imunify360 feature called MyImunify, designed to help hosting companies generate revenue from their security services and give more flexibility with their hosting plans. 

Imunify360 researchers have recently found a wave of attacks exploiting a known vulnerability in Chamilo LMS (CVE-2023-34960) to escalate and execute arbitrary commands. Chamilo is an e-learning platform, also called Learning Management Systems (LMS), widely used by Universities and NGOs with a total of ~85k installations.