π’ Oracle's massive advertising database operates without user consent, lawsuit claims π’
π Read
via "ITPro".
Rights organisers have accused Oracle of collecting an undue level of sensitive data to identify consumers onlineπ Read
via "ITPro".
IT PRO
Oracle's massive advertising database operates without user consent, lawsuit claims | IT PRO
Rights organisers have accused Oracle of collecting an undue level of sensitive data to identify consumers online
π’ Microsoft 365 business users targeted with new DocuSign phishing scam π’
π Read
via "ITPro".
Threat actors are using fake login forms to trick users into changing their payment detailsπ Read
via "ITPro".
ITPro
Microsoft 365 business users targeted with new DocuSign phishing scam
Threat actors are using fake login forms to trick users into changing their payment details
π’ India forced Twitter to hire a government agent, whistleblower claims π’
π Read
via "ITPro".
Former employee Peiter Zatko says the social media platform gave the agent direct unsupervised access to the companyβs systems and user dataπ Read
via "ITPro".
IT PRO
India forced Twitter to hire a government agent, whistleblower claims | IT PRO
Former employee Peiter Zatko says the social media platform gave the agent direct unsupervised access to the companyβs systems and user data
π’ CMS Distribution partners with GuardYoo for new Attack Surface Management offering π’
π Read
via "ITPro".
The hosted service has been designed to strengthen resilience against vulnerabilities without sacrificing growth, company saysπ Read
via "ITPro".
IT PRO
CMS Distribution partners with GuardYoo for new Attack Surface Management offering | IT PRO
The hosted service has been designed to strengthen resilience against vulnerabilities without sacrificing growth, company says
π’ Digital transformation giant Orion Innovation hit by LockBit ransomware, hacker group claims π’
π Read
via "ITPro".
The company has a star-studded client list that includes some of the biggest sports organisations in the world and an assortment of tech behemothsπ Read
via "ITPro".
IT PRO
Digital transformation giant Orion Innovation hit by LockBit ransomware, hacker group claims | IT PRO
The company has a star-studded client list that includes some of the biggest sports organisations in the world and an assortment of tech behemoths
π’ LastPass breach: CEO says 'no evidence' of customer data being stolen π’
π Read
via "ITPro".
The company said the incident was confined to a single developer account and its associated environmentπ Read
via "ITPro".
IT PRO
LastPass breach: CEO says 'no evidence' of customer data being stolen | IT PRO
The company said the incident was confined to a single developer account and its associated environment
π’ The pros and cons of facial recognition technology π’
π Read
via "ITPro".
Is it really worth risking user privacy in the name of efficiency and security?π Read
via "ITPro".
ITPro
The pros and cons of facial recognition technology
There are plenty of pros and cons of facial recognition technology, but is it really worth risking user privacy in the name of efficiency and security?
π1
π’ What is a 502 bad gateway and how do you fix it? π’
π Read
via "ITPro".
We explain what this networking error means for users and website ownersπ Read
via "ITPro".
IT PRO
What is a 502 Bad Gateway and how do you fix it? | IT PRO
We explain what the 502 Bad Gateway networking error means for users and website owners, and some potential steps for fixing it
π€1
π’ NEC and Fortinet partner to deliver high-performance security for 5G networks π’
π Read
via "ITPro".
The carrier solution will ensure end-to-end security while CSPs contend with increased trafficπ Read
via "ITPro".
IT PRO
NEC and Fortinet partner to deliver high-performance security for 5G networks | IT PRO
The carrier solution will ensure end-to-end security while CSPs contend with increased traffic
π’ Block accused of woefully mishandling data breach affecting 8.2 million users π’
π Read
via "ITPro".
Class-action lawsuit claims the company took too long to inform customers and failed to provide a sufficient explanation for the breachπ Read
via "ITPro".
IT PRO
Block accused of woefully mishandling data breach affecting 8.2 million users | IT PRO
Class-action lawsuit claims the company took too long to inform customers and failed to provide a sufficient explanation for the breach
π1
π’ More than 130 organisations affected by βinexperiencedβ Twilio hackers π’
π Read
via "ITPro".
A thorough investigation revealed sophisticated methods coupled with relatively unsophisticated toolingπ Read
via "ITPro".
IT PRO
More than 130 organisations affected by βinexperiencedβ Twilio hackers | IT PRO
A thorough investigation revealed sophisticated methods coupled with relatively unsophisticated tooling
π΄ LastPass Suffers Data Breach, Source Code Stolen π΄
π Read
via "Dark Reading".
Researchers warned that cyberattackers will be probing the code for weaknesses to exploit later.π Read
via "Dark Reading".
Dark Reading
LastPass Suffers Data Breach, Source Code Stolen
Researchers warned that cyberattackers will be probing the code for weaknesses to exploit later.
βΌ CVE-2021-3688 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3859 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20260 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4215 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25625 βΌ
π Read
via "National Vulnerability Database".
A malicious unauthorized PAM user can access the administration configuration data and change the values.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3427 βΌ
π Read
via "National Vulnerability Database".
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3754 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3651 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3574 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.π Read
via "National Vulnerability Database".