cPanel TSR-2019-0002 Full Disclosure | cPanel Newsroom

Yesterday cPanel released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the changes included in that update. Information on cPanel’s security ratings is available at If your deployed cPanel & Continue Reading

cPanel TSR-2019-0001 Full Disclosure | cPanel Newsroom

Yesterday we released new builds for versions 70, 76, and 78. These updates provided targeted changes to address security concerns with the cPanel & WHM product. Below is the full disclosure of the updates that were included in these builds. SEC-415 Summary Internal data disclosed to OpenID providers. Security Rating Continue Reading

A Technical Analysis of the Petya Ransomworm

Yesterday, a new ransomware wreaked havoc across the world. This new malware variant, which combines the functionality of ransomware with the behaviors of a worm, is being called Petya, Petrwrap, and even NotPetya, since researchers are still investigating as to whether its ability to modify the Master Boot Record of Continue Reading

3CX SBC Notification – Issue Fixed

Please be aware that since yesterday 3CX SBC clients configured to use encryption will not connect to 3CX Servers. New versions have been updated that correct the problem. Download windows, raspberry pi and Debian versions below. We will publish more information shortly. Windows SBC Users: Download 3CX SBC from here Continue Reading

Effectively Using Threat Intelligence

Yesterday, Fortinet and the other founding members of the Cyber Threat Alliance announced the establishment of the CTA as an independent organization. It’s an important, unified step forward in the global battle against cyber criminals. If we want to get ahead of cybercrime, we must share information. A collection of Continue Reading

Yet Another Padding Oracle in OpenSSL CBC Ciphersuites

Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it’s in the code that fixes Lucky13. It was found by Juraj Somorovsky using a tool he developed called TLS-Attacker. Like in the “old days”, it has Continue Reading

A Deep Dive Into DNS Packet Sizes: Why Smaller Packet Sizes Keep The Internet Safe

Yesterday we wrote about the 400 gigabit per second attacks we see on our network. One way that attackers DDoS websites is by repeatedly doing DNS lookups that have small queries, but large answers. The attackers spoof their IP address so that the DNS answers are sent to the server Continue Reading