April 2015

Flaws in WordPress eCommerce Plugin Expose Over 5,000 Websites

Researchers at High-Tech Bridge have identified several vulnerabilities in TheCartPress, an eCommerce plugin installed on more than 5,000 WordPress websites.
According to experts, the plugin is plagued by security holes that can be exploited for cross-site scripting (XSS) attacks, arbitrary PHP code execution, and sensitive data disclosure.
read more

MySQL Bug Can Strip SSL Protection From Connections

Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently. The vulnerability is the result of the way that an option in MySQL handles requests for secure connections. Researchers at Duo Security discovered the bug after noticing some […]

Enhancing Visibility and Control of Shadow IT Through Security

It’s important to acknowledge that “shadow IT” shouldn’t be feared. We live in an era where individual SaaS vendors maintain an increasing amount of our corporate data. And for good reasons as these cloud-based services provide organizations with near-instant access to advanced capabilities that allow teams to remain a step ahead of their competition.