WordPress 4.7.5 Security Release – Immediate Update Recommended

By on May 19, 2017 in Website Support Advice

FunctionEight would like to encourage you to update to 4.7.5 as soon as possible. If you can remember last January 2017, WordPress released 4.7.2 and they delayed disclosing a vulnerability for a week. That vulnerability was the infamous WordPress defacement vulnerability which resulted in hundreds of thousands of sites being defaced and multiple highly active attack campaigns.

Thanks to the responsible disclosure to the WordPress security team, the following vulnerabilities that affected WordPress versions 4.7.4 and earlier were patched:

  1. Insufficient redirect validation in the HTTP class.
  2. Improper handling of post meta data values in the XML-RPC API.
  3. Lack of capability checks for post meta data in the XML-RPC API.
  4. A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog.
  5. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files.
  6. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer.

Security releases are important as they keep your websites safe from outside threats. Please make sure you update you websites immediately.

Additionally, WordPress 4.7.5 also contains a few maintenance fixes on REST API, Taxonomy, Build/Test Tools and Administration.

Reference : https://wordpress.org/news/2017/05/wordpress-4-7-5/

Good thing we have updated our client’s WordPress immediately after the release announcement.

To help you with your website upgrade please contact april.kwong@functioneight.com

Peter Diamandis Tech Blog – TOP 10 TECH TRENDS TRANSFORMING HUMANITY

By on January 12, 2017 in Random

This is a long but worthwhile read, if you find modern tech trends even the slightest bit interesting.  I personally don’t often read articles all the way to the end – but this one I most certainly did.  Go directly to the blog at this link http://www.diamandis.com/blog/top-10-tech-trends-transforming-humanity or click onto our Read More where we have copied all the content directly

HK SME Technology Voucher Programme

sme-voucher-programIf you are an SME in Hong Kong and have plans in 2017 to implement some Technology Solutions, contact FunctionEight as you may be eligible for the HKSAR’s new Technology Voucher Programme (TVP) which allows for a two thirds reimbursement of a project value of HK$300,000.

This is a significant step forward for HK in terms of SME development and FunctionEight would love to help your company utilise this new SME benefit, so thanks to The Innovation and Technology Commission for getting this off the ground.

Examples of projects that could be approved that FunctionEight can help with are:-

  • Cyber Security Solutions
  • Document management and mobile access solutions
  • Electronic inventory management systems
  • Big data and cloud analytics solutions
  • Appointment scheduling and queue management systems
  • Clinic management systems
  • ERP solutions
  • Location based services

As a note, all financial services companies regulated by the SFC should be taking advantage of this TVP to assist in their compliance with the SFC’s guidelines.

Of course there are many more but the above are examples that should be approved. If you have any plans for technology development please contact me through LinkedIn or by my email phil@functioneight.com or call me on +852 6277 0800

Hong Kong sees a boom in IT security outsourcing

This article written by Gigi Onag, and featured recently in ComputerWorld, caught our attention.  We felt it was well worth highlighting in our F8 blog for the simple reason that we have been offering outsourced IT security reviews and services to our clients for quite some time.

http://cw.com.hk/feature/hong-kong-sees-boom-it-security-outsourcing  This link will take you to the original article, or simply go to “Read More” below to read the entire article

If this is an area of interest/concern to you or your company and you would like to seek advice, then please feel free to contact us.  Either Martin Abert directly at martin@functioneight.com or our sales team via F8.sales@functioneight.com

Still Running FRAILware in your environment?

risk-ahead

It is over 12 months since Microsoft officially stopped providing any support for Windows Server 2003.  Its End Of Life (EOL) was the 14th July 2015.  Of course, there are many companies who still pay US$600 per server to Microsoft per year to keep their environment protected and some, namely government departments, are paying millions per year for this facility.  However, for many companies, probably a scary number, they have simply left the 2003 servers running unprotected and evermore vulnerable.

Statistically in July 2014 there were approximately 65% of all organisations in the Asia Pacific Region running Windows Server 2003.  In the 12 months leading up to the 14th July 2015 EOL deadline that percentage reduced to 60%.  In the 12 months since the deadline anonymous, aggregate technology usage data provided by Spiceworks users in Asia shows that a little more than 50% of organizations still have at least one instance of Windows Server 2003 running in their environment.

This is quite a staggering statistic when you consider that more than 1 out of every 2 companies in Asia is still running at least ONE copy of Microsoft Server 2003, more than a year after Microsoft stopped supporting it or patching any vulnerabilities.

Older posts