Security Alerts & News
by Tymoteusz A. Góral

History
#1736 WordPress plugins leave BlackFriday shoppers vulnerable
Researchers are calling into question the safety of some of the top WordPress e-commerce plugins used on over 100,000 commercial websites prepping for Black Friday and Cyber Monday online sales.

In reviewing the top 12 WordPress e-commerce plugins, application security testing firm Checkmarx found four with severe vulnerabilities tied to reflected XSS (cross-site scripting), SQL injection and file manipulation flaws.

“If these vulnerabilities are exploited, users of over 135,000 websites could find their personal data, including credit card information, threatened,” according to Checkmarx’s analysis of the plugins, published Tuesday.

One of the four plugins contained three vulnerabilities, the other three contained one each.
Read more
#1739 Siemens-branded CCTV webcams require urgent firmware patch
#1738 Ransomware abusing encrypted chat app Telegram protocol cracked
#1737 Great. Now even your headphones can spy on you
#1736 WordPress plugins leave BlackFriday shoppers vulnerable
#1735 Exploit code released for NTP vulnerability
#1734 Elegant 0-day unicorn underscores “serious concerns” about Linux security
#1733 Cisco: Security landscape plagued by too many vendors
#1732 InPage zero-day used in attacks against banks
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12