PT-2023-5787 · Acronis · Acronis Cyber Protect 16 +2

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Cloud Agent Windows versions before build 35739 Acronis Cyber Protect 16 Windows versions before build 37391 Acronis Agent Windows versions before build 35739 Description: The issue is related to sensitive information...

What does a car need to know about your sex life? Lock and Code S04E20

This week on the Lock and Code podcast... When you think of the modern tools that most invade your privacy, what do you picture? There's the obvious answers, like social media platforms including Facebook and Instagram. There's email and "everything" platforms like Google that can track your...

The privacy perils of the Metaverse

A recently released report from New York University claims that the Metaverse, an all-in-one virtual online space, poses a potentially major risk to user privacy. This is because headsets and other similar devices can collect an incredible amount of personal, physical and biometric information. T...

CVE-2023-4972

Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users. This issue affects Digital Yepas: before 1.0.1...

Privilege escalation

Improper Privilege Management vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects...

CVE-2023-4972

CVE-2023-4972 pertains to Digital Yepas where Incorrect Use of Privileged APIs allows collecting data supplied by users. The vulnerability affects Digital Yepas up to version 1.0.0 (fixed in 1.0.1). The root cause is improper privilege management in privileged API usage, enabling data collection ...

Yepas Digital Yepas Security Breach

Yepas Digital Yepas is an online trading portal from Yepas Digital. A security vulnerability exists in Yepas Digital Yepas that stems from a mismanagement of privileges that allows an attacker to collect user-supplied data...

VMware vCenter Legacy Data Collection

Binary data vmwarevcentercollectlegacy.nbin...

CVE-2023-41745

Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent Linux, macOS, Windows before build 30991, Acronis Cyber Protect 15 Linux, macOS, Windows before build 35979...

Acronis Agent和Acronis Cyber Protect 安全漏洞

Acronis Agent and Acronis Cyber Protect are both products of Acronis Singapore.Acronis Agent is an agent software.Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise. Combining backup, anti-malware, network security and endpoint management capabilities suc...

PT-2023-5316 · Acronis · Acronis Agent +2

Name of the Vulnerable Software and Affected Versions: Acronis Agent versions prior to build 32047 Acronis Cyber Protect 15 versions prior to build 35979 Description: The issue is related to the excessive collection of system information, which may lead to the disclosure of sensitive information...

The vulnerability of the CE_A protocol implementation in the data collection and transmission device CE805M allows a hacker to modify the equipment settings.

The vulnerability of the CEA protocol implementation in the data collection and transmission device CE805M is related to an undocumented user account called SUPERVISOR. Exploiting this vulnerability could allow a malicious actor to remotely alter the equipment’s settings...

Google’s “browse privately” is nothing more than a word play, lawyers say

Google will have to appear in court after a judge denied their request for summary judgment in a lawsuit filed by users alleging the company illegally invaded the privacy of millions of people. Lawsuits against big tech over privacy issues are not much of a surprise these days, unfortunate as tha...

A week in security (July 31 - August 6)

Last week on Malwarebytes Labs: The end looms for Meta's behavioural advertising in Europe Microsoft Teams used in phishing campaign to bypass multi-factor authentication Film companies lose battle to unmask Reddit users FAQ: How does Malwarebytes ransomware rollback work? How to protect your...

Meta subsidiaries must pay $14m over misleading data collection disclosure

Meta has run into yet another bout of court related issues--two subsidiaries have been ordered to pay $14 million regarding undisclosed data collection. The Australian case, which has rumbled on for the best part of two and a half years, has focused on claims related to a now discontinued Virtual...

Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also...

Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection. "This will help ensure that apps only use these API...

CVE-2023-2959

Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2...

CVE-2023-2959

Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users. This issue affects Oliva Expertise EKS: before 1.2...

CVE-2023-2959 Authentication Bypass by Primary Weakness in Oliva Expertise

Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users. This issue affects Oliva Expertise EKS: before 1.2...