1068 matches found
CVE-2023-6517 Seeing the SMS Verification Code in Mia Technology's Mia-Med
Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. MİA-MED allows Collect Data as Provided by Users. This issue affects MİA-MED: before 1.0.7...
The Web Scraping Problem, Part 3: Protecting Against Botnets
...
In conversation: Bruce Schneier on AI-powered mass spying
For decades, governments and companies have surveilled the conversations, movements, and behavior of the public. And then the internet came along and made that a whole lot easier. Today, search engines collect our queries, browsers collect our device information, smartphones collect out locations...
PT-2024-10359 · Drupal · Open Social
Name of the Vulnerable Software and Affected Versions: Open Social versions 0.0.0 through 12.04 Description: The issue is related to improper access control in Drupal Open Social, allowing the collection of data from common resource locations. This can be exploited by a remote attacker to bypass...
Google changes wording for Incognito browsing in Chrome
Users of Chrome Canary have noticed some slight changes in the wording that Google uses for Incognito mode. Chrome Canary is mainly intended for use by developers. It’s updated nearly daily with new features, and because it can be used alongside versions of the “normal” Chrome browser known...
How to Opt Out of Comcast’s Xfinity Storing Your Sensitive Data
One of America’s largest internet providers may collect data about your political beliefs, race, and sexual orientation to serve personalized ads...
Signal, AI Generated Art Least, Amazon, Facebook Most Invasive Apps, Study
By Waqas In-depth analysis reveals concerning patterns in user data collection, with shopping and food delivery apps at the forefront. This is a post from HackRead.com Read the original post: Signal, AI Generated Art Least, Amazon, Facebook Most Invasive Apps, Study...
Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode'
Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the "incognito" or "private" mode on web browsers. The class-action lawsuit sought at least $5...
VulnCheck KEV: CVE-2022-31711
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication...
Iranian Hackers Using MuddyC2Go in Telecom Espionage Attacks Across Africa
The Iranian nation-state actor known as MuddyWater has leveraged a newly discovered command-and-control C2 framework called MuddyC2Go in its attacks on the telecommunications sector in Egypt, Sudan, and Tanzania. The Symantec Threat Hunter Team, part of Broadcom, is tracking the activity under th...
The vulnerability of the protection mechanism for detecting and responding to security threats at FortiEDR endpoints stems from inadequate access control. This allows attackers to prevent the data collection service from being launched upon system rehydration.
The vulnerability of the security protection mechanism for detecting and responding to security threats at FortiEDR endpoints is related to lack of access control. Exploiting this vulnerability could allow an attacker to prevent the data collection service from running during the next system rebo...
CVE-2023-6151
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105...
CVE-2023-6150
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105...
CVE-2023-6151
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105...
CVE-2023-6150
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105...
CVE-2023-6151
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105...
Privilege escalation
Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105...
Privilege escalation
Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105...
CVE-2023-6151 Information Disclosure in Eskom E-municipality
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105...
CVE-2023-6150
The CVE-2023-6150 issue affects the Eskom Computer e-municipality module (versions prior to 105). The root cause is improper privilege management via the use of Privileged APIs, enabling collection of data provided by users and leading to potential information disclosure. Affected behavior is tha...