SAP Kicks Log4Shell Vulnerability Out of 20 Apps

SAP’s still feverishly working to patch another 12 apps vulnerable to the Log4Shell flaw, while its Patch Tuesday release includes 21 other fixes, some rated at 9.9 criticality. SAP has…

Fueled by Pandemic Realities, Grinchbots Aggressively Surge in Activity

E-commerce’s proverbial Who-ville is under siege, with a rise in bots bent on ruining gift cards and snapping up coveted gifts for outrageously priced resale. The festive season is moving…

80K Retail WooCommerce Sites Exposed by Plugin XSS Bug

The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts. The plugin “Variation Swatches for WooCommerce,” installed across 80,000…

XSS Vulnerability Patched in Plugin Designed to Enhance WooCommerce

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 11, 2021…

Ethical Hacking, book review: A hands-on guide for would-be security professionals

Ethical Hacking: A Hands-on Introduction to Breaking In • By Daniel G Graham • No Starch Press • 376 pages • ISBN 9781718501874 • £41.99 / $49.99    The parlous…

WooCommerce Extension – Reflected XSS Vulnerability

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On November 1, 2021…

Is a Consolidated Approach Better for WAAP Security?

Most organizations and industries are shifting to a digital environment as it is where the future is headed. It seems the environment is in a frenzy, but if you look…

SSL certificate research highlights pitfalls for company data, competition

Research into how the enterprise handles and deploys security certificates has revealed risks to data that may be overlooked.  On Thursday, the Detectify Labs team published a report based on…

Inside 1,602 pentests: Common vulnerabilities, findings and fixes

Infosec Institute –  Infosec Institute –  Each year, Cobalt releases its State of Pentesting report, which extracts trends and statistics about the state of security from penetration testing engagements on…

XSS Vulnerability in NextScripts: Social Networks Auto-Poster Plugin Impacts 100,000 Sites

WordFence –  WordFence –  Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On August 19, 2021,…