CurrentC is a competitor to Apple Pay and Google Wallet. Should we worry about it getting its fingers into our bank accounts, given the recent data breach?more…
Spotting Malicious Injections in Otherwise Benign Code
Being able to spot suspicious code, and then determine whether it is benign or malicious is a very important skill for a security researcher. Every day we scan through megabytes of HTML, JS and PHP. It’s quite easy to miss something bad, especially when it doesn’t visually stick out and follows patterns of a legitimate […]more…
Security Advisory – Medium Severity – WP eCommerce WordPress Plugin
Advisory for: WordPress WP eCommerce Plugin Security Risk: Medium (DREAD score : 6/10) Exploitation level: Easy/Remote Vulnerability: Information leak and access control bypass. Patched Version: 3.8.14.4 If you’re using the popular WP eCommerce WordPress plugin (2,900,000 downloads), you should update it right away. During a routine audit for our Website Firewall (WAF), we found a […]more…
Vulnerabilities found in more command-line tools, wget and tnftp get patches
The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities. Two remote command execution vulnerabilities were patched this week in the popular wget download agent and tnftp client for Unix-like systems. This comes after a remote code […]more…
Millions of Drupal websites at risk from failure to patch
You should assume that your Drupal 7 website has been compromised if you didn’t patch it within 7 hours of the release of Drupal 7.32 on 15 October 2014.more…