Episode 125: Critical SQL Injection Vulnerability Patched in WooCommerce

A critical SQL injection vulnerability was discovered in WooCommerce, the most popular e-Commerce plugin used by over 5 million WordPress sites. The WordPress.org team pushed a forced security update ensuring that over 90 versions of WooCommerce were patched. The REvil ransomware gang targeted a...

Symantec Encryption Management Server < 3.2.0 MP6 - Remote Command Injection

Vantage Point Security Advisory 2014-007 ======================================== Title: Symantec Encryption Management Server - Remote Command Injection ID: VP-2014-007 Vendor: Symantec Affected Product: Symantec Encryption Gateway Affected Versions: 3.2.0 MP6 Product Website:...

Cyber Security Fraud in the Banking Industry: Lessons Learned in OCC Examiner Training

In late October 2011, Coalfire participated in a day of IT audit training with about 35 bank examiners. As you would expect, we covered a lot of previously hot topics. The conversation changed as we started talking about the amount of fraud being realized by community banks and credit unions...