New research shows 58% of adults worried about data and privacy online

data privacy security harm

The research, produced jointly by the Information Commissioner’s Office (ICO) and Ofcom, the telecoms regulator looked at various aspects of perceived harm online, with data and privacy being just one element of the research (other areas include risks from harmful content and children coming to harm online). The findings indicate that 58% of adults in the UK are concerned about data and/or privacy online, with fraud or identify theft being the main threat of concern; 54% were concerned about hacking […]

Highly critical Drupal code security alert

Drupal Notice

The Drupal team have published a highly critical update to the Drupal core which they say plugs a vulnerability that “potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.” The vulnerability is within multiple subsystems of Drupal 7.x and 8.x and is severe enough that patches have been released for some unsupported versions. If you’re running Drupal for your website you are strongly urged to upgrade or patch […]

WordPress 4.9.2 security release & YITH Wishlist vulnerability

wordpress

On January 16th WordPress released a security update to patch a vulnerability in the latest version of WordPress. According to the release notes (the update fixes a number of bugs too), “an XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for most use cases, they have been removed from WordPress.” It is strongly recommended that you make sure your WordPress site is updated […]

WordPress patches 4 new security issues

wordpress

All versions of WordPress 3.7 onwards have been patched to fix four new security vulnerabilities. As reported in the security and maintenance release notes for v4.9.1, the following fixes have been implemented in the latest security release: Use a properly generated hash for the newbloguser key instead of a determinate substring. Add escaping to the language attributes used on html elements. Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds. Remove the ability to upload JavaScript […]

WordPress 4.8.3 security release

wordpress

WordPress, the popular web platform, have today released a security update to some of its files to prevent an SQL injection vulnerability. According to the WordPress release post all prior versions of WordPress “are affected by an issue [which] can create unexpected and unsafe queries leading to potential SQL injection (SQLi).” The WordPress core doesn’t appear to be affected and the fix is aimed more are preventing plugins and themes accidentally causing the vulnerability. More details can be found here. If you’ve got […]

Joomla! 3.8 patches 2 security issues

Online Security

Last week Joomla! released a new version, 3.8. The new version is an update to the Joomla! 3 series. Whilst it is primarily a feature release with 300 improvements and two major features it also patches two security issues: Core – Information Disclosure in LDAP Authentication Plugin (affecting Joomla 1.5.0 – 3.7.5) Core – Information Disclosure in com_content Archived Articles Model (affecting Joomla 3.7.0 – 3.7.5) You are advised to update to this latest version to address the security issues. […]

Security update to WordPress (4.8.2)

wordpress

Yesterday, WordPress issued an update to it’s core. This is a security release, so you’re strongly advised to update immediately if you’re running WordPress. According to the release notes for v4.8, it fixes 9 security vulnerabilities in version 4.8.1 and earlier. Check that you’re running on the latest version by logging into your WordPress dashboard – if you have auto-updates enabled you should already be running on the latest version. As these are security vulnerabilities that are likely to be, now, […]

Drupal Security Release (8.3.7)

Drupal Notice

Web hosting platform, Drupal, have issued a maintenance release of their software that patches a number of security fixes. Users are urged to upgrade to the latest version, 8.3.7 as soon as possible. The release patches a number of security vulnerabilities: Views – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6923 REST API can bypass comment approval – Access Bypass – Moderately Critical – Drupal 8 – CVE-2017-6924 Entity access bypass for entities that do not have UUIDs or […]

Website vulnerability leads to £60k ICO fine

latest compliance news posts

The Information Commissioner’s Office (ICO) (the UK’s “data regulator”) has fined a small video game rental company £60,000 after failing to take basic action to prevent an SQL injection vulnerability with their website, which led to a data breach and access to customer details. This latest fine just indicates that any size business is at risk and data protection is not just about how you use personal data for marketing, it’s also about security and website security at that. You can […]

SQL Injection Vulnerability in Joomla

Online Security

An update has been released for the Joomla web platform. The release patches an SQL injection vulnerability in version 3.7 of the web software and you’re advised to update immediately to the new version. SQL injections enable malicious code to be run against a database which could allow a hacker to gain access to database content, gaining access to a site or changing content – in the realm of databases used for web hosting, this means the attacker could gain […]