HeartBleed in the Wild

As most of you probably already know, ten days ago security Researchers disclosed a very serious vulnerability in the OpenSSL library, which is used to power HTTPS on most websites nowadays. The bug allowed an attacker to extract information that was supposed to be private, including SSL private keys, login data or any other information More Info »

The Heartbleed Aftermath: all CloudFlare certificates revoked and reissued

Eleven days ago the Heartbleed vulnerability was publicly announced. Last Friday, we issued the CloudFlare Challenge: Heartbleed and simultaneously started the process of revoking and reissuing all the SSL certificates that CloudFlare manages for our customers. That process is now complete. We have revoked and reissued every single certificate we manage and all the certificates More Info »

The Results of the CloudFlare Challenge

Earlier today we announced the Heartbleed Challenge. We set up a nginx server with a vulnerable version of OpenSSL and challenged the community to steal its private key. The world was up to the task: two people independently retrieved private keys using the Heartbleed exploit. The first valid submission was received at 16:22:01PST by Software More Info »

Critical Update for JetPack WordPress Plugin

The Jetpack team just released a critical security update to fix a security vulnerability in the Jetpack WordPress plugin. The vulnerability allows an attacker to bypass the site’s access control and publish posts on the site. All versions of JetPack since October, 2012 (Jetpack 1.9) are vulnerable, and all users should update to version 2.9.3 More Info »

JCE Joomla Extension Attacks in the Wild

Our friends from SpiderLabs, issued a warning today on their blog about increased activity on their honeypots looking to exploit the old JCE (Joomla Content Editor) vulnerability. JCE is a very popular component that can be found enabled on almost any Joomla site. It has had a few serious vulnerabilities in the past (around 2011 More Info »