By Sanjay Talwani · November 22, 2021, 4:39 PM EST
The Arizona Department of Revenue proposed a policy to clarify when dedicated computer servers, virtual private servers and web hosting are taxable rentals of tangible personal property subject to the state’s…
To view the full article, register now.
Pen testers and vendor disagree over appropriate mitigations
Security researchers have achieved remote code execution (RCE) and privilege escalation on web hosting platform cPanel & WHM via a stored cross-site scripting (XSS) vulnerability.
cPanel & WHM is a suite of Linux tools that enable the automation of web hosting tasks via a graphical user interface (GUI). cPanel is used in the hosting of more than 168,000 websites, according to Datanyze.
During a black-box pen test, RCE was also demonstrated via a “more convoluted” CSRF bypass chained with a cross-site WebSocket hijacking attack that was possible…