WE HAVE MANY SUPPORT OPTIONS

3Get our response in 2 hours or less.

You can also email us at info @ intelliplans .com // Need Remote Support? Windows or Mac

WE'RE AVAILABLE 24/7

Sales: 800.229.0674
24/7 Phone Support: 850.549.2282 | 480.624.2500
Customer Service | Contact Form | Email

IP Blog

Welcome to our blog. Share - Engage - Learn - Accelerate.

 

  • Level 3 Systems Administrator with over 15 years of experience managing server infrastructures and data-center operations across multiple platforms (Unix, Linux, Windows)
  • Effectively plan, install, configure and optimize the IT infrastructure to consistently achieve high availability and performance.
  • Proven ability to create and deliver solutions tied to business growth, organizational development and systems/network optimization.
  • Skilled problem identifier and troubleshooter comfortable managing systems, projects and teams in a range of IT environments.
  • LAN/WAN/NOC Administration
  • Project Management
  • Workflow Planning
  • Productivity Improvement
  • Systems Installation, Configuration & Upgrading
  • Security Solutions
  • Database Design &
  • Management
  • NOS Patches & Updates
  • Level 2 Technical Support, Training & Mentoring

 

 

WordPress Under Attack As Double Zero-Day Trouble Lands

WordPress Under Attack As Double Zero-Day Trouble Lands

The WordPress platform is yet again under attack, thanks to vulnerabilities across old and new versions of the content management system.

The most pressing issue is a fresh zero-day, a previously unknown and unpatched weakness, affecting the latest version of WordPress, 4.2, and prior iterations, as revealed by Finnish company Klikki Oy yesterday. It released a video and proof of concept code for an exploit of the flaw, which allows a hacker to store malicious JavaScript code on WordPress site comments. Under normal circumstances, this should be blocked as it could be abused to send visitors’ usernames and passwords to a hacker’s site – what’s known as a cross-site scripting attack. All that’s required is for a user’s browser to parse the code when they land on the affected site.

If a logged-in administrator visits the affected page, the hacker could acquire access to the server, Klikki Oy warned. “Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target system.” For website admins, the advice for now is to disable comments until a fix is released.

Ryan Dewhurst, security researcher and owner of the WordPress vulnerability database WPScan, told FORBES he’d tested the attack code and it worked. His own proof of concept hack can be found on Github. He noted the attack requires the hacker to have a previously approved comment on the target site so the comment containing the exploit does not need approving.

Rate this blog entry:
Continue reading
835 Hits
0 Comments

SWF Files Injecting Malicious iFrames on WordPress, Joomla Sites

Researchers have seen an uptick in Adobe Flash .SWF files being used to trigger malicious iFrames across websites.

Several hundred WordPress and Joomla websites have been swept up in the campaign, first observed by researchers at the firm Sucuri last November.

“Though it’s uncertain how many iterations existed in the wild when we first reported the issue, this time we’ve found a lot of websites where the infection looks similar,” Peter Gramantik, a senior malware researcher at the firm wrote Thursday.

According to Gramantik the infection is clearly marked by a .SWF file with three random characters as a name that’s stored in a site’s images/banners/ folder. As far as the firm has seen, each file has a random hashed ID parameter attached to the end of it.

While the malware’s variable names, coding logic, and UserAgent remain the same, one of the main differences from last November’s version of the campaign and this one is that this incarnation has spread to from Joomla sites to WordPress sites. As is to be expected, the website delivering the malicious payload has changed as well.

The .SWF files, also known as small web format files, inject an invisible iFrame, which can go on to drop other exploits.


Source: https://threatpost.com/

"Distrust and caution are the parents of security" - Benjamin Franklin

Rate this blog entry:
Continue reading
813 Hits
0 Comments

Google's bug-hunting hacker team is infuriating Microsoft and Apple

Google's bug-hunting hacker team is infuriating Microsoft and Apple

Is Google being a bully?

Google is continuing to investigate potential security flaws in its competitors' software and threatening to publicly disclose these vulnerabilities if they are not patched within 90 days, despite a lukewarm response from targets like Microsoft and Apple, Bloomberg reports.

"Project Zero," which is made up of an all-star team of security researchers, has been running since July 2014. But the effort has become more of a hot button issue recently after Google revealed at least two high-profile security bugs in Microsoft's Windows, prompting a aggravated response from the software giant.

In the most recent instance, in January, Microsoft had actively been working on a patch for a bug in Windows 8.1, and asked Google to hold fast until "Patch Tuesday," Microsoft's established date for the roll-out of bug fixes. This gives companies time to test patches before deployment. But Google refused to bend on its standard 90-day deadline.

Rate this blog entry:
Continue reading
1211 Hits
0 Comments

Trojan Threatens Owners of Drupal, WordPress and Joomla Sites

Trojan Threatens Owners of Drupal, WordPress and Joomla Sites

Fox-IT, a security vendor located in Netherlands, says that cyber crooks are running a blackhat SEO (search engine operation) operation which is threatening website owners using Joomla, Drupal and WordPress with a secret backdoor Trojan that links to the underlying web server in support of their operations.

The attackers are tricking administrators of website to install their malware-laden, pirated and other plug-ins for free. As per Fox-IT, cybercriminals can institute control of the server when a malware nicknamed 'CryptoPHP' is dropped on the server.

Fox-IT warns that CryptoPHP has compromised thousands of websites. The threat is so named as it uses RSA Public Key cryptography to protect communication with servers. Several sources have been associated with spread of the backdoor known as nulledstylez.com but many other websites like wp-nulled.com, mightywordpress.com and freemiumscripts.com are dealing in copied illegally plugins and themes.

The site has flagged each downloads subject to it being virus free but Fox-It points out that the versions made available for download varied in that they had been verified as virus free by VirusTotal. The pirated downloads have been re-checked and it has been found that files with different timestamps comprise the backdoor concealed in PHP code.

Rate this blog entry:
Continue reading
1371 Hits
0 Comments

Boston.com among websites attacked by Syrian hacker group

By Trisha Thadani and Kiera BlessingGlobe Correspondents  November 28, 2014

Boston.com and several other news and retail websites could not be accessed for a time Thursday after a third-party service provider used by the sites was hacked.

A group called the Syrian Electronic Army claimed responsibility, according to a statement from the third-party sever, Gigya. The Syrian Electronic Army supports Syrian president Bashar Assad and claims to have hacked dozens of websites, such as CNN, Forbes, UNICEF, and Microsoft.A post on Gigya’s blog by chief executive Patrick Salyer said the company experienced “sporadic failures” with access to its service starting about 6:45 a.m. Thursday. The issue was largely resolved by 7:40 a.m.

The company said no user data had been compromised.

“To be absolutely clear: Neither Gigya’s platform itself nor any user, administrator, or operational data has been compromised and was never at risk of being compromised,” Salyer said.

When users accessed the affected websites Thanksgiving morning, they were greeted by a pop-up that read, “You’ve been hacked by the Syrian Electronic Army (SEA),” and then were redirected to an image of the group’s logo, according to an article on Boston.com.

Boston.com deputy editor Hilary Sargent said she was not aware of the site previously being affected by such an episode.

The hackers took control of Gigya’s domain name and altered its settings to direct users to another website, Salyer said.

Several affected companies, including Office Depot, the New York Daily News, the Dallas Morning News, and Boston.com confirmed that they had been affected. Others, such as Microsoft, said they were not aware of any problem with their website, despite the Syrian Electronic Army’s claims.

Salyer said Gigya has “the highest levels of security around our service and user data” and that the company has “put additional measures in place to protect against this type of attack in the future.”

In October, the Massachusetts Maritime Academy’s website was hacked by an extremist group three times in two days. Those trying to use the site were redirected to a photo of what appeared to be a soldier’s grave, with Arabic writing beneath the photo.

The academy’s president, Rear Admiral Richard Gurnon, called the hack a “case of mistaken identity,” saying the website could be mistaken for the Naval Academy’s by someone who doesn’t speak English well.

The Maritime Academy’s site was taken offline until the issue was resolved.

The Syrian Electronic Army does not claim to have any affiliation with extemists.

Trisha Thadani can be reached at [email protected]. Kiera Blessing can be reached at [email protected].

Rate this blog entry:
Continue reading
1303 Hits
0 Comments
TOP