May 4, Securityweek – (International) PayPal fixes remote code execution flaw in Partner Program website. PayPal fixed a vulnerability discovered by Vulnerability Lab researchers in its Partner Program Web site which would allow an attacker to leverage a bug in the site’s Java Debug Wire Protocol (JDWP) service to remotely execute server-side commands with root privileges. Source
May 1, Threatpost – (International) Mozilla moving toward full HTTPS enforcement in Firefox. The Mozilla Foundation reported that it will be phasing out unsecured hypertext transfer protocol (HTTP) connections in the Firefox browser in a two-phase plan, in which the company will only offer new browser features to secure, HTTPS (HTTP Secure)-enabled Web sites, before ultimately making existing features incompatible with HTTP sites altogether. Source