Dark Reading

Lock Down APIs to Prevent Breaches

Web and mobile application developers need to take more care in creating secure applications, as attackers are increasingly testing Web application programming interfaces (APIs) to compromise cloud ...
Searchenginejournal.com

WooCommerce WordPress Plugin Exploit Enables Fraudulent Charges

The WooCommerce Square plugin enables WordPress sites to accept payments through the Square POS, as well as synchronize product inventory data between Square and WooCommerce. Square plugin enables a ...
TechCrunch

US, Australia cyber agencies warn IDOR security flaws can be exploited ‘at scale’

U.S. and Australian government cybersecurity agencies are warning that common and easily exploitable security vulnerabilities in websites and web apps can be abused to carry out large-scale data ...
Bleeping Computer

CISA warns of breach risks from IDOR web app vulnerabilities

CISA warned today of the significant breach risks linked to insecure direct object reference (IDOR) vulnerabilities impacting web applications in a joint advisory with the Australian Cyber Security ...
Threat Post

Uber Portal Leaked Names, Phone Numbers, Email Addresses, Unique Identifiers

Vulnerabilities in UberCENTRAL, a portal used by businesses to facilitate rides, could have leaked the names, phone numbers, email addresses, and unique IDs. A series of vulnerabilities in UberCENTRAL ...
techtimes

Florida's Tax Website Exposes Hundreds of Sensitive Data: Filers' Bank Accounts, Social Security Numbers

Security Researcher Kamran Mohsin revealed a now fixed security flaw that has been detected on Florida's Department of Revenue website. According to a report from TechCrunch, it exposed taxpayers' ...