Nettitude Blog

Iain Wallace

Recent Posts

CVE-2015-5243 phpWhois Remote Code Execution

Posted by Iain Wallace on Dec 8, 2015 9:34:33 AM

Malicious input can come from unexpected places.

Read More

Topics: Security Blog, Uncategorized

CVE-2015-5227: Zeropress and Remote Code Execution in the WordPress Landing Pages Plugin

Posted by Iain Wallace on Sep 30, 2015 11:25:19 AM

Finding WordPress plugin vulnerabilities is like shooting fish in a barrel.

Read More

Topics: Security Blog, Uncategorized

Custom Content Type Manager Remote Code Execution

Posted by Iain Wallace on May 21, 2015 12:37:11 PM

In a recent penetration test, we were able to gain administrative access to a client’s WordPress installation by exploiting a known SQL injection vulnerability (CVE-2015-2314) allowing unauthorised access to download usernames and password hashes. Often in tests against WordPress installations, this provides us with enough access to inject malicious code into the site’s template files and gain remote code execution privileges on the operating system hosting the site.

Read More

Topics: Security Blog, Uncategorized

Input Blacklisting – Is It Ever The Correct Approach?

Posted by Iain Wallace on Apr 22, 2015 10:09:04 AM

Background

Read More

Topics: Security Blog, Uncategorized

SSL 3.0 ‘Poodle’ Bug Discovered By Google Researchers

Posted by Iain Wallace on Oct 15, 2014 4:14:12 PM

Following reports yesterday that Windows users are at risk from the ‘SandWorm’ vulnerability, another issue that will affect a large amount of the web was released last night. SSL 3.0, dubbed ‘Poodle’, is a vulnerability existing in old software that is still in use by web browsers and servers. Discovered by Google researchers*, Poodle (Padding Oracle On Downgraded Legacy Encryption), has been in existence for 15 years within SSL version 3.0. While many websites will default to supporting other protocols such as (Transport Layer Security) TLS these days, many still use SSL 3.0, making this a significant security risk for users.

Read More

Topics: Security Blog, Uncategorized

Responding To The Gameover ZeuS Botnet

Posted by Iain Wallace on Jun 3, 2014 5:13:56 PM

You will no doubt have seen the news by now that a global international law enforcement and security firm operation has gained control of one of the world’s largest botnets, but what are the implications for businesses and computer users?

Read More

Topics: Security Blog, Uncategorized

Server Side Request Forgery

Posted by Iain Wallace on May 30, 2014 4:20:34 PM

Many people are aware of how Cross Site Request Forgery can be used to turn a victim’s browser against a vulnerable application, however vulnerabilities also exist that can turn an application server itself against the infrastructure that it is connected to.

Read More

Topics: Security Blog, Uncategorized

About Nettitude

Nettitude is the trusted cyber security provider to thousands of businesses around the world. We stop at nothing to keep your data and business secure in an age of ever-evolving cyber threats.

Our experts use an award winning Threat Intelligence led approach that incorporates real-time data, ensuring that your company is protected at every stage of its journey.

Receive an update when we post!

Recent Posts