Month: February 2019

Top 5 eCommerce Posts for February

How Post-Purchase Marketing Can Convert One-Time Shoppers into Loyal Customers – Growth Hackers Many brands believe that they can create loyal customers with a single purchase. However, that’s not true. Brand loyalty does not come easy. 7 Old-school Selling Tips for Ecommerce – Practical Ecommerce Many online retailers don’t focus on selling. An online store […]

5 Best Practices for your SAST Evaluation

Static Application Security Testing (SAST) solutions analyze the source code of applications for vulnerabilities without running or deploying the code. In case you are not sure if SAST is the right approach for you or what different SAST approaches exist we recommend reading our previous blog post about a comparison of different testing approaches.
1. POC Time Plan To make your evaluation as efficient as possible it helps to sketch a rough time plan.

WordPress 5.0.0 Remote Code Execution

Impact Your browser does not support the video tag. An attacker who gains access to an account with at least author privileges on a target WordPress site can execute arbitrary PHP code on the underlying server, leading to a full remote takeover. We sent the WordPress security team details about another vulnerability in the WordPress core that can give attackers exactly such access to any WordPress site, which is currently unfixed.

Kali Linux 2019.1 Release

Welcome to our first release of 2019, Kali Linux 2019.1, which is available for immediate download. This release brings our kernel up to version 4.19.13, fixes numerous bugs, and includes many updated packages.

Tool Upgrades

The big marquee update of this release is the update of Metasploit to version 5.0, which is their first major release since version 4.0 came out in 2011.

root@kali:~# msfconsole

     ,           ,
    /            
   ((__—,,,—__))
      (_) O O (_)_________
          _ /            |
          o_o   M S F   |
                  _____  |  *
                |||   WW|||
                |||     |||

       =[ metasploit v5.0.2-dev                           ]
+ — –=[ 1852 exploits – 1046 auxiliary – 325 post       ]
+ — –=[ 541 payloads – 44 encoders – 10 nops            ]
+ — –=[ 2 evasion                                       ]
+ — –=[ ** This is Metasploit 5 development branch **   ]

msf5 >

Metasploit 5.0 is a massive update that includes database and automation APIs, new evasion capabilities, and usability improvements throughout. Check out their in-progress release notes to learn about all the new goodness

Kali Linux 2019.1 also includes updated packages for theHarvester, DBeaver, and more. For the complete list of updates, fixes, and additions, please refer to the Kali Bug Tracker Changelog.

ARM Updates

The 2019.1 Kali release for ARM includes the return of Banana Pi and Banana Pro, both of which are on the 4.19 kernel. Veyron has been moved to a 4.19 kernel and the Raspberry Pi images have been simplified so it is easier to figure out which one to use. There are no longer separate Raspberry Pi images for users with TFT LCDs because we now include re4son’s kalipi-tft-config script on all of them, so if you want to set up a board with a TFT, run ‘kalipi-tft-config’ and follow the prompts.

Download Kali Linux 2019.1

If you would like to check out this latest and greatest Kali release, you can find download links for ISOs and Torrents on the Kali Downloads page along with links to the Offensive Security virtual machine and ARM images, which have also been updated to 2019.1. If you already have a Kali installation you’re happy with, you can easily upgrade in place as follows.

root@kali:~# apt update && apt -y full-upgrade

Ensuring your Installation is Updated

To double check your version, first make sure your Kali package repositories are correct.

root@kali:~# cat /etc/apt/sources.list
deb http://http.kali.org/kali kali-rolling main non-free contrib

Then after running ‘apt -y full-upgrade’, you may require a ‘reboot’ before checking:

root@kali:~# grep VERSION /etc/os-release
VERSION=”2019.1″
VERSION_ID=”2019.1″
root@kali:~#
root@kali:~# uname -a
Linux kali 4.19.0-kali1-amd64 #1 SMP Debian 4.19.13-1kali1 (2019-01-03) x86_64 GNU/Linux

If you come across any bugs in Kali, please open a report on our bug tracker. We’ll never be able to fix what we don’t know about.

Evocative Announces Investment and Partnership with Fiber Internet Center, Silicon Valley California.

Evocative is expanding its network and internet services in the Silicon Valley and Los Angeles Markets.

San Jose, CA, February 13, 2019 – Evocative, a leading national provider of secure, compliant hybrid and multi-cloud Internet services, today announced that it is investing and partnering with Fiber Internet Center located in Palo Alto, CA.

Evocative’s initial minority investment in Fiber Internet Center will increase to an outright purchase of the company pending regulatory approval from the California Public Utilities Commission. The two companies will start working together to integrate their layer 1 – 3 network and services immediately to offer a seamless network, colocation, hosting and multi-cloud service solutions.

Fiber Internet Center and Fiber International (a California licensed CLEC) was started in 2001 by Bob Evans and Gus Sanchez who built and selected their customers and helped them navigate their network needs. Much of the customer base started with a few people, then grew to thousands of employees. This base continues to merge, go public or be acquired. Others are fortune 500 companies who demand highly reliable, ultra high-speed internet connectivity. The company provides network and internet services in 150 buildings and data centers in Northern and Southern California. The company has dense network capacity in the City of Palo Alto with immediate access to reach an additional 500 buildings.

Evocative is at the forefront of the IT transformation and we believe a multi-cloud hybrid IT internet services to be the foundation for enterprises of all size. We are one step closer in delivering a full-service solution for our clients ranging from network, colocation, hosting to multi-cloud services. “We are thrilled to partner with Fiber Internet Center and Bob Evans. We like to take this opportunity in welcoming all FIC clients, employees and partners to the Evocative family” said Arman Khalili CEO of Evocative.

About Evocative

Evocative is a leading national provider of secure, compliant hybrid and multi-cloud Internet services company. Evocative provides Network, Colocation, Hosting and multi-cloud services in 5 markets Silicon Valley, Los Angeles, Phoenix, Dallas and Reston, VA. For additional information on our services, please request contact us using our online form. 

About Fiber Internet Center

Fiber Internet Center has been providing carrier-grade, reliable, ultra high-speed fiber and internet services to the Silicon Valley market since 2001. For additional services please visit http://fiberinternetcenter.com/

MEDIA CONTACT:
Matt Schryver
480 567 6186
moc.evitacovenull@sserp

The post Evocative Announces Investment and Partnership with Fiber Internet Center, Silicon Valley California. appeared first on Evocative Data Centers.

Script: Mass-Download WordPress plugins

After seeing this advisory about an issue that should really have been caught by a cursory source code check, I wanted to see if there are any other low-handing fruits in WordPress plugins.
Instead of my normal process of a mixture of black box testing and proper source code analysis, I decided to download a large number of WordPress plugins and run a couple of grep searches against them, without any deeper analysis.