The Australian Cyber Security Centre (ACSC) has released new guidelines to assist organizations in securing Content Management Systems (CMS). The guidelines include good mitigation advice in areas of patching, account management, hardening and monitoring to name a few.
Hackers discovered a bug in PayPal's Google Pay integration to perform unauthorized transactions via PayPal accounts.
Microsoft has introduced a new source code analyzer tool dubbed Microsoft Application Inspector. The tool is designed to "identify interesting features in source code" and can help enable developers understand software components your apps use.
Cisco's Talos security group has released details on two High severity buffer overflow vulnerabilities that affect OpenCV libraries.
The Open Web Application Security Project (OWASP) has released its OWASP API Security Top 10 2019. This is the first version of the API Top 10. OWASP will likely update the guidelines every three to fours years, similar to the other OWASP Top 10 series.
GitHub, one of the world’s leading software development platforms, has launched GitHub Security Lab with aim to secure open source software.
A security researcher recently detected a zero-day CSRF vulnerability CVE-2019-12922 in phpMyAdmin 4.9.0.1, which allows the deletion of any server in the Setup page.
UK's cybersecurity organization NCSC issued a warning that Python 2 is fast approaching its end-of-life (EOL) on January 1, 2020. After that time, organizations will no longer be able to get bug fixes or security patches.
First American Financial Corp., one of the world's largest real estate title insurance companies, exposed hundreds of millions of title insurance customer financial records.
Multiple vulnerabilities have been discovered in Jenkins plugins that could lead to information disclosure. The three affected plugins are Swarm, Ansible and GitLab.