Fantasy Premier League Will Have 2FA from Next Season
A series of account takeover hacks has prompted the EPL to promise to introduce two-factor auth controls to its official Fantasy Premier League game (FPL) from next season. It has more…
WordPress Ideal Bug found in multiple plugins
Researchers have discovered three WordPress plug-ins with the same vulnerability that allows an attacker to update arbitrary site options on a vulnerable site and completely take it over. Exploiting the flaw does…
Apache Worried On End-Of-Life Softwares
The Apache Software Foundation has warned that its efforts to rapid response to security vulnerabilities are being undermined by organizations running EOL versions of Apache software. The warning came as…
NTT Security Vantage Prevent
NTT Security AppSec Solutions announced a solution that enables to conduct dynamic application security testing at each phase of the development cycle and prevent exploitable vulnerabilities from reaching production. Vantage…
Log4j Update ! Even 2.17 is Exploitable
Another security vulnerability impacting the Log4j logging library was published as CVE-2021-44832. This new security vulnerability is affecting versions up to 2.17.0, which was previously thought to be fixed. This vulnerability is…
AIOSEO WordPress Plugin Flaw
Two critical and high severity security vulnerabilities in "All in One" SEO WordPress plugin exposed over 3 million websites to takeover attacks. A critical Authenticated Privilege Escalation bug (CVE-2021-25036) and…
GoTestWAF An Open Source AppSec tool
GoTestWAF is a tool for API and OWASP attack simulation that supports a wide range of API protocols including REST, GraphQL, gRPC, WebSockets, SOAP, XMLRPC, etc. It was designed to…
SAP Patches Log4j in its Apps
SAP identified a total of 32 applications affected by CVE-2021-44228, a critical vulnerability in the Apache Log4j Java-based logging tool, and has already shipped patches for 20 of them, while…