Multiple WordPress Plugins SQL Injection Vulnerabilities

Introduction In July 2019, Fortinet’s FortiGuard Labs discovered and reported nine SQL injection vulnerabilities in nine different popular WordPress plugins across a variety of categories, including advertisement, donation, gallery, forms, newsletter, and video player. These plugins are being actively used by hundreds of thousands of WordPress websites, with some of Continue Reading

FortiGuard Labs Security Researcher Discovers Multiple Critical Vulnerabilities in Adobe Photoshop

This past May I discovered and reported multiple critical zero-day vulnerabilities in Adobe Photoshop CC 2019 to the software developer, Adobe Inc. Last Tuesday (Aug 13, 2019), Adobe released several security patches to fix those issues as part of their Patch Tuesday Initiative. These vulnerabilities are identified as CVE-2019-7990, CVE-2019-7991, Continue Reading

ReadySpace Outage Alert

Update on Delayed Email Issue

Dear all, With regard to the previously reported issue with delayed sending/receiving of email that may have affected some users, we are pleased to announce that all users should have normal service restored by now. Thank you for your patience and sincere apologies to all users who had been inconvenienced. Continue Reading

Release of PrestaShop 1.7.2.3

PrestaShop 1.7.2.3 is now available. This maintenance release fixes 17 issues reported on version 1.7.2.x. Some of the most notable fixes are: New loading spinner in Product Creation page. New Context mocker for FrontController tests. Fix for a voucher issue. Fix currency display in supply order. Fix cart rules conflict Continue Reading

Release of PrestaShop 1.7.2.2

PrestaShop 1.7.2.2 is now available. This maintenance release fixes 8 issues reported on version 1.7.2. Some of the most notable fixes are: Price and VAT fixes. Price computing performance improvement. Fix error while reaching AdminModules Download PrestaShop 1.7.2.2 now! Here is the complete list of changes: Back Office: Bug fix: Continue Reading

Release of PrestaShop 1.7.2.1

PrestaShop 1.7.2.1 is now available. This maintenance release fixes 28 issues reported on version 1.7.2. Version 1.7.2.0, released in July, brought a lot of goodies, none the less being the new Stock Management feature. That new minor version was well received, and this patch version simply fixes a few kinks Continue Reading

Release of PrestaShop 1.7.1.2

PrestaShop 1.7.1.2 is now available. This maintenance release fixes 28 issues reported on version 1.7.1. Version 1.7.1.1, released in April, brought a lot of needed updates to v1.7.1.0, two weeks after the release of that new minor version. As a patch version, 1.7.1.2 brings further goodness and stability to the Continue Reading

Zero Patch IoT Environment

Over the last few months or years I have reported vulnerabilities on several IoT devices. None have been patched so far, and I think it is time to discuss the situation openly. One of the issues I have faced several times is the zero-security-culture phenomenon. Some of those IoT companies were typically very small Continue Reading

The Open Security Requirement in the Age of the Cloud

In a 2015 article posted by Forbes, it was reported that 87 percent of people hadn’t heard of the term “Internet of Things” (IoT). At that time, Gartner Inc. estimated that there were 4.9 billion connected devices in use. Fast forward to 2017, and Gartner now reports that number has Continue Reading

Remote Password Change Vulnerability in HPE Vertica Analytic Database

Summary On March 24 2017, I discovered and reported on a remote password change vulnerability in Hewlett-Packard Enterprise’s (HPE) Vertica Analytic Database. This week, HPE released Security Bulletin HPESBGN03734, which contains the fix for this vulnerability and identifies it as CVE-2017-5802. Fueled by ever-growing volumes of Big Data found in Continue Reading

>