Improper access control

A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller SHC before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary...

Slow performance for a single tenant database backup of the SAP HANA system

Challenge When backing up a small 128 GB tenant/system DB of SAP HANA, the backup performance might be comparatively slower than a file based backup or using a different backup solution. Cause After several customers pointed out the performance degradation - compared to file based backups - the...

Moderate: Red Hat Security Advisory: openstack-cinder security and bug fix update

An update for openstack-cinder is now available for Red Hat OpenStack Platform 10.0 Newton. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

RingsDB Software 1.0.0 Database Disclosure

Exploit Title : RingsDB Software 1.0.0 Database Disclosure Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 20/04/2019 Vendor Homepage : ringsdb.com Software Download Link : github.com/Sydtrack/ringsdb/archive/1.0.0.zip Software Information Link : ringsdb.com/abo...

MS-ISAC Releases Security Primer on LockerGoga Ransomware

The Multi-State Information Sharing & Analysis Center MS-ISAC has released a Security Primer on LockerGoga Ransomware—a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware can be devastating to an individual or an...

Email service provider loses 2 decades worth of data due to hack attack

By Waqas Famed secure email service provider VFEmail has become a victim of a hack attack by an unknown cybercriminal. The company claims that it has suffered a “catastrophic destruction” of its US servers and almost two decades of data and backups in only a few hours. The entire digital...

Hackers Destroyed VFEmail Service – Deleted Its Entire Data and Backups

What could be more frightening than a service informing you that all your data is gone—every file and every backup servers are entirely wiped out? The worst nightmare of its kind. Right? But that's precisely what just happened this week with VFEmail.net, a US-based secure email provider that lost...

New Mac Malware Targets Cookies to Steal From Cryptocurrency Wallets

Mac users need to beware of a newly discovered piece of malware that steals their web browser cookies and credentials in an attempt to withdraw funds from their cryptocurrency exchange accounts. Dubbed CookieMiner due to its capability of stealing cookies-related to cryptocurrency exchanges, the...

New Mac Malware steals iPhone text messages from iTunes backups

By Waqas The IT security researchers at Palo Alto Networks’ Unit 42 have discovered a dangerous new Mac malware capable of targeting devices for multi-purposes including stealing cryptocurrency. Dubbed CookieMiner by researchers; the Mac malware is a variant of OSX.DarthMiner, another nasty piece...

CVE-2019-3908

Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data...

Procedure to migrate a Cloud Connect tenant to vCloud Director

Challenge SPs who have vCloud Director deployed in their infrastructure can expose vCloud Director resources as cloud hosts for tenant VM replicas. This article describes a procedure of migrating existing tenants to vCloud Director. Solution On the Tenant side: 1. Delete all Cloud Backup and...

Using the blockchain to create secure backups

“Oh no! I’ve got a ransomware notice on my workstation. How did this happen?” “Let’s figure that out later. First, apply the backup from a few minutes ago, so we can continue to work.” Now that wasn't so painful, was it? Having a rollback solution or a recent backup could make this ideal post...

WordPress Plugin Lumise Database Backup Leakage Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WordPress plugin Lumise. An attacker can exploit the vulnerability to obtain sensitive...

WordPress Mirrorwp-Backups Information Disclosure Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in WordPress Mirrorwp-Backups. An attacker can exploit the vulnerability to...

WordPress Plugin Ithemes-BackupBuddy Amazon WP-S3 Information Disclosure Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in the WordPress plugin Ithemes-BackupBuddy Amazon WP-S3. An attacker can...

WordPress Plugin MagicMembers Information Disclosure Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. An information disclosure vulnerability exists in the WordPress plugin MagicMembers. An attacker can exploit the vulnerabilit...

WordPress Mirrorwp-Backups 4.8 Database Disclosure

Exploit Title : WordPress Mirrorwp-Backups 4.8 Database Backup Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 17/12/2018 Vendor Homepage : wordpress.org codecanyon.net/tags/wpmirror wpmirrorobj.com Software Download Link : N/A Tested On : Windows and...

Dell Encryption Enterprise Information Disclosure Vulnerability

Dell Encryption Enterprise is a suite of data protection solutions from Dell USA. The product includes features such as compliance management, authentication, disk data encryption and port encryption. An information disclosure vulnerability exists in Dell Encryption Enterprise version 10.1.0 and...

CVE-2018-15773

Dell Encryption formerly Dell Data Protection | Encryption v10.1.0 and earlier contain an information disclosure vulnerability. A malicious user with physical access to the machine could potentially exploit this vulnerability to access the unencrypted RegBack folder that contains back-ups of...

Versa Networks: Plaintext Credentials in Backups & Configs

In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores...