CVE-2024-42019

A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication...

CVE-2024-42019

A vulnerability that allows an attacker to access the NTLM hash of the Veeam Reporter Service service account. This attack requires user interaction and data collected from Veeam Backup & Replication...

CVE-2024-4259

Missing Authorization vulnerability in SAMPAŞ Holding AKOS AkosCepVatandasService, SAMPAŞ Holding AKOS TahsilatService allows Collect Data as Provided by Users. This issue affects AKOS AkosCepVatandasService: before V2.0; AKOS TahsilatService: before V1.0.7...

CVE-2024-4259

Missing Authorization vulnerability in SAMPAŞ Holding AKOS AkosCepVatandasService, SAMPAŞ Holding AKOS TahsilatService allows Collect Data as Provided by Users. This issue affects AKOS AkosCepVatandasService: before V2.0; AKOS TahsilatService: before V1.0.7...

CVE-2024-4259

Missing Authorization vulnerability in SAMPAŞ Holding AKOS AkosCepVatandasService, SAMPAŞ Holding AKOS TahsilatService allows Collect Data as Provided by Users. This issue affects AKOS AkosCepVatandasService: before V2.0; AKOS TahsilatService: before V1.0.7...

Etcd Keys API Information Gathering

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Etcd Keys API Information Gathering', 'Description' = %q This module queries the etcd API to recursively retrieve all of the stored key value...

CVE-2024-4428

Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024...

CVE-2024-4428

Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users. This issue affects Managment Portal: through 21.05.2024...

Menulux Managment Portal 安全漏洞

Menulux Managment Portal is an information technology management portal from Menulux. A security vulnerability exists in Menulux Managment Portal that stems from the presence of an incorrect privilege management vulnerability that allows the collection of user-supplied data...

“We will hold them accountable”: General Motors sued for selling customer driving data to third parties

Texas Attorney General Ken Paxton has sued General Motors GM for the unlawful collection and sale of over 1.5 million Texans’ private driving data to insurance companies without their knowledge or consent. In June, the Attorney General AG announced he had opened an investigation into several car...

Enhancing Incident Response Readiness with Wazuh

Incident response is a structured approach to managing and addressing security breaches or cyber-attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated actions to enhance readiness. Improving these areas ensures a swift and...

Meta Settles for $1.4 Billion with Texas Over Illegal Biometric Data Collection

Meta, the parent company of Facebook, Instagram, and WhatsApp, agreed to a record $1.4 billion settlement with the U.S. state of Texas over allegations that it illegally collected biometric data of millions of users without their permission, marking one of the largest penalties levied by regulato...

SIEM is not storage, with Jess Dodson (Lock and Code S05E16)

This week on the Lock and Code podcast… In the world of business cybersecurity, the powerful technology known as "Security Information and Event Management" is sometimes thwarted by the most unexpected actors—the very people setting it up. Security Information and Event Management—or SIEM—is a te...

US senators ask FTC to investigate car makers’ privacy practices

An ongoing US Senate investigation indicated that connected car makers violate consumer privacy by sharing and selling drivers’ data, including their location, on a vast scale, and that the same car makers often obtain consumer consent through deception. Based on this investigation, senators have...

This Machine Exposes Privacy Violations

A former Google engineer has built a search engine, webXray, that aims to find illicit online data collection and tracking—with the goal of becoming “the Henry Ford of tech lawsuits.”...

Ctrix Virtual Apps and Desktop - Troubleshooting; Tools and Data collection

Introduction This article is a summary of the top support articles related to the data collection process. There are two main areas covered in this summary including data collection guidance and tools. Top Knowledge Content Citrix Tools: CTX203082 - Citrix Supportability Pack CTX677255 - Citrix...

How to Collect a Citrix Diagnostic Facility (CDF) Trace at System Startup

The CDFControl utility is an event tracing controller or consumer for capturing Citrix Diagnostic Facility CDF trace messages displayed from various Citrix tracing providers. It is made to troubleshoot complex Citrix related issues, parse filter support, and collect performance data. To download...

CVE-2024-4341

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928...

CVE-2024-4341

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3928...

CVE-2024-4341

CVE-2024-4341 affects Extreme XDS (ExtremePacs) prior to version 3928. The issue is described as an Authorization Bypass Through User-Controlled Key with Missing Authorization, allowing an attacker to Collect Data as provided by users. The underlying root cause is an improper privilege management...