Drupal development team has released security updates to address a remote code execution flaw, tracked as CVE-2020-13671. The Drupal development team has released security updates to fix a remote code execution vulnerability related caused by the failure to properly sanitize the names of uploaded files. The vulnerability, tracked as CVE-2020-13671, has

A remote code execution (RCE) vulnerability affecting the Concrete5 CMS exposed numerous servers to full takeover, experts warn. A recently addressed remote code execution (RCE) flaw in the Concrete5 CMS exposed numerous websites to attacks. Concrete5 is an open-source content management system (CMS) designed for ease of use, for users with a minimum o

Website owners, listen up: There are lots of things you shouldn’t do with your site, and many more you should avoid with the domains you’re responsible for. Insider malice, bad luck, and the stars aligning in impossible ways can all give your online portfolio a bad hair day. However, if you want to tempt fate, you can bring on the mayhem with website misconf

By David Fiser (Senior Cyber Threat Researcher) WordPress is a well-known open-source content management system (CMS) used for creating websites and personal blogs. The CMS is estimated to be used by 35% of all websites today, which makes it an ideal target for threat actors. A weak point in the platform is all it takes to allow an attacker to break a websit

DISCLAIMER: This post is not partisan, but rather focuses on risk assessment based on history and what threats we are facing in the future. We do not endorse any healthcare plan style in any way, outside of examining its data security risk. For many folks, the term ‘Healthcare for All’ brings up an array of emotions ranging from concern to happiness, and

Drupal maintainers this week released security updates to fix several access bypass vulnerabilities in Drupal 8. Update your installation. On Wednesday Drupal maintainers released security updates to fix several access bypass vulnerabilities in Drupal 8. The flaws affect several components, including the entity access system, the REST API and some views. Th

Drupal team released security updates to fix several vulnerabilities, including the critical access bypass flaw CVE-2017-6922 exploited in spam campaigns. The Drupal development team has released security updates to fix several vulnerabilities, including the critical access bypass flaw tracked as CVE-2017-6922 that has been exploited in spam campaigns. The C

The new WordPress 4.7.5 release fixes six security vulnerabilities affecting version 4.7.4 and earlier, including XSS, CSRF, SSRF flaws. The WordPress 4.7.5 release patches six vulnerabilities affecting version 4.7.4 and earlier. The latest version addresses cross-site scripting (XSS), cross-site request forgery (CSRF), and server-side request forgery (SSRF)

A researcher reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. On Wednesday, the popular security experts Dawid Golunski reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. Golunski classified the flaw as a “medium/high severity

A critical vulnerability affects the Drupal References module that is used by hundreds of thousands of websites using the popular CMS. The Drupal security team has discovered a critical vulnerability in a third-party module named References. The Drupal team published a Security advisory on April 12 informing its users of the critical flaw. The flaw has a hug

This is my first blog in an ongoing “It’s Not Rocket Science” series featuring articles on Information security.“Security is not an absolute, it’s a continuous process and should be managed as such. Security is about risk reduction, not risk elimination, and risk will never be zero. It’s about employing the appropriate security controls tha

Drupal development team has issued a new release of the popular content management system (CMS), Drupal version 8.2.7, that fixes multiple vulnerabilities. The Drupal development team has released the Drupal version 8.2.7 that addressed a number of vulnerabilities in the popular CMS. The list of flaws includes an access bypass issue, a cross-site request for

WordPress 4.7.3 release is out to fix six security issues, but a CSRF vulnerability discovered in July 2016 remains unpatched. WordPress has issued a new security release, the WordPress 4.7.3 release, that addresses six security flaws, including three cross-site scripting (XSS) vulnerabilities.  The flaws were discovered by the security experts Chris Andrè D

More than 1 million WordPress website are at risk due to a critical SQL injection vulnerability in the NextGEN Gallery plugin. Update it asap. Security experts at Sucuri firm have identified a SQL injection flaw in the WordPress image gallery NextGEN Gallery that could be exploited by a remote to gain access to the targeted website’s backend, including sensi

According to the release notes the latest version of WordPress 4.7.2 addresses three security, including  XSS, SQL Injection flaws. The WordPress development team has pushed the WordPress 4.7.2 version that fixed three security issues, including a cross-site scripting and a SQL injection vulnerability. The new update comes just two weeks after WordPress rele