As a member of the BitNinja Development Team, one of our most important tasks is to develop the protection of BitNinja. When we deal with such a process we can see how an attack works or how a botnet can exploit a vulnerability. It's almost like watching these events behind the scenes. That's why this […]

Our world would be insecure without bug bounty platforms. We don’t know who we can or cannot trust. If we find a vulnerability in a software as a white hat hacker, we would be afraid to report it to the software owners because we wouldn’t know what their reaction would be. Will they reward or […]

Third critical Drupal vulnerability discovered!!! Those who are running a Drupal website couldn’t have a rest over the past few weeks. This is the third time when Drupal recommends to update these sites. During exploring the previous remote code execution (RCE) vulnerability, the CVE-2018-7600, the team discovered a new RCE vulnerability (CVE-2018-7602). If  you or […]

Our team has attended the CloudFest back in March where during the security panel we have attended a presentation about the importance of security by design an important thing in terms of responsibility and suggested OWASP as a standard to start with. In this blog post we would like to show, why it is important […]

CloudFest 2018 – The Security Panel Attending at Cloudfest (formerly known as WHD.Global) is always the highlight of the year event-wise. Catching up with our partners, having lively debates about new technologies and learning from industry leaders are things we always go for. As our ninjas attended in incognito this time – only as attendees, […]

Our Hungarian web hosting partner, web-server.hu had ZERO website infections – since enabling BitNinja’s new WAF 2.0 module. We caught up with the lead sysadmin to talk to him about his experience with BitNinja. What has been your experience with BitNinja overall? “Before we began using  BitNinja, we had to fight daily battles with hackers. […]

As we promised before, our article series inspired by V-day is continuing. Those who are provisioning servers day by day, certainly have some doubts about their process: being time-consuming, non-repeatable, hard to test or simply just something is going wrong in the existing infrastructure during the provisioning. There are opportunities to test failover or rollback processes, […]

A new class of side-channel attacks have been appeared, which exploit the following CPU vulnerabilities: CVE-2017-5715 : branch target injection CVE-2017-5753 : bounds check bypass CVE-2017-5754 : rogue data cache load Meltdown and Spectre rely on them and allow the hackers to read the memory content of other programs, it means they can access the […]

The number of cybersecurity breaches experienced in 2017 were really high, hackers kept themselves busy – just think about the WannaCry ransomware infecting Windows PCs. Furthermore, 2018 is almost here, and the future definitely holds many changes for you, Linux server operators, in the field of cybersecurity. As security always comes first, now it’s time […]