Magento 1.9.2.0 released with Security Patch SUPEE-6285

Magento 1.9.2.0 is now available via Softaculous. This release includes security patch SUPEE-6285 and it is strongly recommended to update your sites immediately.

You can refer to the following guide on how to upgrade your installations :
http://www.softaculous.com/docs/How_to_upgrade_installations

Details of the security patch are listed below :

SUPEE-6285 Patch Bundle

Date of Release: 07/07/2015

This bundle includes protection against the following security-related issues:

  • Customer Information Leak via RSS and Privilege Escalation
  • Request Forgery in Magento Connect Leads to Code Execution
  • Cross-site Scripting in Wishlist
  • Cross-site Scripting in Cart
  • Store Path Disclosure
  • Permissions on Log Files too Broad
  • Cross-site Scripting in Admin
  • Cross-site Scripting in Orders RSS

Source : http://docs.magento.com

WordPress 4.0 “Benny” now available

Version 4.0 of WordPress, named “Benny” in honor of jazz clarinetist and bandleader Benny Goodman, is available for download or update. This release brings you a smoother writing and management experience.

WordPress is already updated to 4.0 in Softaculous. You can install a new copy of WordPress 4.0 or update existing installation to the latest version via Softaculous to experience the new features included in 4.0

Manage your media with style
media
Explore your uploads in a beautiful, endless grid. A new details preview makes viewing and editing any amount of media in sequence a snap.

Working with embeds has never been easier
Paste in a YouTube URL on a new line, and watch it magically become an embedded video. Now try it with a tweet. Oh yeah — embedding has become a visual experience. The editor shows a true preview of your embedded content, saving you time and giving you confidence.

WordPress has expanded the services supported by default, too — you can embed videos from CollegeHumor, playlists from YouTube, and talks from TED. Check out all of the embeds that WordPress supports.

Focus on your content
Writing and editing is smoother and more immersive with an editor that expands to fit your content as you write, and keeps the formatting tools available at all times.

Finding the right plugin
add-plugin1
There are more than 30,000 free and open source plugins in the WordPress plugin directory. WordPress 4.0 makes it easier to find the right one for your needs, with new metrics, improved search, and a more visual browsing experience.

Source : wordpress.org

WordPress 3.6.1 Maintenance and Security Release

WordPress team has released WordPress 3.6.1 which is a Maintenance and Security Release

WordPress Update

WordPress 3.6.1 is also a security release for all previous WordPress versions and it is strongly recommend you update your sites.

WordPress has been updated to 3.6.1 in Softaculous. You can update your installation with just one click. Here is the guide :

Update WordPress

The WordPress security team resolved three security issues, and this release also contains some additional security hardening.

The security fixes include :

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post “written by” another user.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website.

The additional security hardening include:

  • Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML.

Source : http://wordpress.org

WHMCS Security Release 4.5.6 and 5.2.6 Update Now !

WHMCS has released new patches for the 4.5, 5.0, 5.1, and 5.2 minor releases. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.

whmcs logo

WHMCS has rated these updates as including critical or important security impacts.

Releases
The following full-release versions of WHMCS have been published and address all known vulnerabilities:
5.2.6

The latest public releases of WHMCS are available inside members area at WHMCS.

WHMCS has been updated to 5.2.6 in Softaculous as well. If you have Softaculous installed on your server you can upgrade to the latest version of WHMCS via Softaculous.

PLEASE NOTE: The 4.5 series reached End Of Life as of June 30th 2013. WHMCS is aware that some customers have not moved to an LTS version due to the newness of the LTS policy. The related 4.5 patch release published along with this Security Advisory is provided as a courtesy to those customers. From this point forward, there will be no more patches provided for 4.5 or any other release that has reached EOL.

There is no reason to believe that these vulnerabilities are known to the public. As such, WHMCS will only release limited information regarding the vulnerabilities at this time.

Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issue.

These Targeted Security Releases and Patches address 9 vulnerabilities in WHMCS versions 4.5, 5.0, .5.1, and 5.2.

Source : http://www.whmcs.com

WordPress 3.5.2 Maintenance and Security Release

WordPress team has released WordPress 3.5.2 Maintenance and Security Release

WordPress Update

This is the second maintenance release of 3.5, fixing 12 bugs.

This is a security release for all previous versions and it is strongly recommend you update your sites immediately.

WordPress has been updated to 3.5.2 in Softaculous. You can update your installation with just one click. Here is the guide :

Update WordPress

The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.

The security fixes included:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
  • Disallow contributors from improperly publishing posts or reassigning the post’s authorship.
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities.
  • Prevention of a denial of service attack, affecting sites using password-protected posts.
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability.
  • Multiple fixes for cross-site scripting.
  • Avoid disclosing a full file path when a upload fails.

Source : http://wordpress.org

WHMCS Security update for 4.x and 5.x released

WHMCS has released new patches for the 4 and 5 series. These updates provide targeted changes to address security concerns with the WHMCS product. You are highly encouraged to update immediately.
WHMCS has rated these updates as including critical and important security impacts.

Security Issue Information
The resolved security issues were all identified by Vlad C. of NetSec Interactive Solutions <http://safeornot.net> (as mentioned by WHMCS). There is no reason to believe that these vulnerabilities are known to the public. As such, WHMCS has only released limited information regarding the vulnerabilities at this time.

Once sufficient time has passed to allow WHMCS customers to update their installed software, WHMCS will release additional information regarding the nature of the security issues. These Targeted Security Releases and Patches address 6 vulnerabilities in WHMCS version 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 5.0, 5.1, and BETA 5.2. Additional, supplemental information is scheduled to be released on April 9th, 2013 by the WHMCS team.

WHMCS V5.2.2 has also been released

This is a maintenance update to address issues reported in the V5.2.1 release earlier this week.

One of the key additions is additional backwards compatibility for modules and custom pages written for earlier versions. This will mean that custom pages should require *NO* changes to continue functioning exactly as before.

Another point of note is that with the V5.2.1 update, the ResellerClub and all other LogicBoxes based modules were updated to use the new API Key method of integration which is safer and more secure, and so if you are a user of any LogicBoxes based domain registrar module in WHMCS you will need to enter an API Key in the Setup > Domain Registrars page before you can continue using it.

Please also be aware that if you use the live chat addon, an update is required to that for compatability with WHMCS V5.2.x.

WHMCS 5.2.2 is now available via Softaculous and you can upgrade your WHMCS installations via one click.

Source : http://whmcs.com

How to make your WordPress installation Secure

WordPress Logo

WordPress is one of the most popular blog today. As it is the most popular application there are numerous hackers who are honing their skills to make it to the big leagues.

WordPress is pretty secure and they provide frequent updates but we can make the installation more secure by following some simple steps :

1. The most easiest way is to be updated with WordPress

WordPress provides security updates immediately if a loop hole is detected, so being updated with WordPress will help you to be more secure. It hardly takes a minute to update WordPress with Softaculous.

2. Generic admin username

Most users make a mistake by continuing with the default username for the administrator account ie is admin. Its a common username and every hacker would know that. Choose a username other than admin you can use your name i.e. john as your username. You can choose the username on the install form.

3. Choose a Strong Password

Using a simple password is a bad idea. Use a password that is more secure to let the hackers stay away from you. Use a combination of alphabets, numbers and special characters.

4. Secure permissions to the config file

The wp-config.php file contains all the configuration and settings of WordPress, exposing this file to hackers is a very big threat to your blog they could easily inject malware into your blog or delete the content on your blog. The solution for this is to revoke the permission to the config file. The WordPress config file is wp-config.php  which located in the root directory of your installation. Change the permission to something safe like 0600 if suPHP is enabled on your server. You can ask your host to confirm which permission is suitable on your server.

5. Backup regularly

Backing up your installation is very important because if your installation is hacked you can restore your installation from the backup. You should always take a back up of your database and files, it is recommended to take a weekly backup of your data there are several plugins that will do it for you or you can use Softaculous to backup and restore your installation.

6. Plugins

Make a point to update the plugins when there is an update available. It is always a good idea to be updated. Also, if you are not using a specific plugin, delete it.