Security Flaws Found in Popular WooCommerce Plugin
Despite reported attempts from Patchstack to contact the vendor, no response has been received
Vendor security covers risks introduced by suppliers, including software flaws, exposed systems, and weak access to customer data.
Search across headline titles and summaries.
Background for this topic.
Vendor is an external organization that supplies an IT product or service, such as software, hardware, cloud hosting, or managed security. In security reporting, the term usually concerns a third party whose technology, personnel, or connectivity forms part of an organization’s environment or handles its data.
Vendor risk depends on the access and dependency involved. A compromised or poorly secured vendor can expose customer information, introduce vulnerabilities through software updates or components, or provide attackers with a route into connected systems. Practical controls include risk-based due diligence, contractual security and notification requirements, least-privilege access, vulnerability and software-supply-chain review, monitoring, and prompt removal of access when a relationship ends. Assessments should also address privacy obligations and how the vendor will support investigation and recovery if a security incident occurs.
Despite reported attempts from Patchstack to contact the vendor, no response has been received
Spammers will probably bid to buy it, so community is trying to find a better home for decades-old service Exclusive The Spam and Open Relay Blocking System (SORBS) – a longstanding source of info on known sources of spam widely used to create blocklists – has been shuttered by its owner, cyber security software vendor Proofpoint.…
Firm Claims Safe Security Competed Unfairly, Engaged in 'Skullduggery'SecurityScorecard accused Safe Security and former employee Mary Polyakova in a civil complaint of stealing confidential customer information and engaging in unfair competition. The lawsuit seeks to protect SecurityScorecard's trade secrets and recover monetary damages.
Company Addresses Flaws in End-of-Life NAS DevicesNetworking solutions vendor Zyxel fixed critical vulnerabilities in end-of-life network-attached storage devices that allow remote code execution. It left two vulnerabilities allowing attacks by authenticated local attackers unpatched.
That backdoor's not meant to be there? Zyxel just released security fixes for two of its obsolete network-attached storage (NAS) devices after an intern at a security vendor reported critical flaws months ago.…
London Incident Is Latest Major Ongoing Outage From Recent Ransomware AttacksA cyberattack on a U.K. laboratory services provider is disrupting patient care and testing services at several London-based NHS hospitals and other care facilities. Meanwhile, in the U.S., Ascension is providing a restoration timeline for its hospital EHRs in the wake of its attack.
Also, free pianos are the latest internet scam bait, Cooler Master gets pwned, and some critical vulnerabilities Infosec in brief Cybersecurity software vendor Check Point is warning customers to update their software immediately in light of a zero day vulnerability under active exploitation.…