A2 Optimized WP < 3.0.5 - Data Collection Toggle via CSRF

The plugin does not have CSRF check in place when toggling its data Collection settings, which could allow attackers to make a logged in admin enabled/disable it via a CSRF attack...

ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store

By Waqas Several fake ChatGPT clone apps have surfaced on the official iOS and Play Stores, collecting user data and sending it to remote servers. This is a post from HackRead.com Read the original post: ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store...

A private moment, caught by a Roomba, ended up on Facebook. Eileen Guo explains how: Lock and Code S04E03

In 2020, a photo of a woman sitting on a toilet--her shorts pulled half-way down her thighs--was shared on Facebook, and it was shared by someone whose job it was to look at that photo and, by labeling the objects in it, help train an artificial intelligence system for a vacuum. Bizarre? Yes...

VMware vRealize Log Insight 信息泄露漏洞

VMware vRealize Log Insight is a centralized log management solution from VMware. The product supports features such as log organization and log analysis. A security vulnerability exists in VMware vRealize Log Insight. An unauthenticated attacker could remotely collect sensitive session and...

CVE-2022-31711

VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication...

All the Data Apple Collects About You—and How to Limit It

Cupertino puts privacy first in a lot of its products. But the company still gathers a bunch of your information...

Citrix Customer Experience Improvement Program (CEIP) for Citrix Workspace app

Provide instructions to disable the CEIP data collection for Workspace app...

Aftermath - A Free macOS IR Framework

Aftermath is a Swift-based, open-source incident response framework. Aftermath can be leveraged by defenders in order to collect and subsequently analyze the data from the compromised host. Aftermath can be deployed from an MDM ideally, but it can also run independently from the infected user's...

Data Collection Costs Epic Games Half a Billion USD

By Deeba Ahmed The FTC has announced to charge Epic Games with a $520 million settlement concerning the alleged violation of the Children’s Online Privacy Protection Act COPPA. This is a post from HackRead.com Read the original post: Data Collection Costs Epic Games Half a Billion USD...

AzureHound - Azure Data Exporter For BloodHound

The BloodHound data collector for Microsoft Azure Get AzureHound Release Binaries Download the appropriate binary for your platform from one of our Releases. Rolling Release The rolling release contains pre-built binaries that are automatically kept up-to-date with the main branch and can be...

PT-2022-6830 · Ce805M · Ce805M

Name of the Vulnerable Software and Affected Versions: CE805M affected versions not specified Description: The issue is related to an undocumented user account named SUPERVISOR in the CE A protocol implementation of the CE805M data collection and transmission device. Exploitation of this issue ma...

Snapchat gives Californians more power over their personal data

There's a new toggle switch in Snapchat that, once enabled, limits the use of sensitive personal information. TechCrunch reports that the switch is a new privacy feature Snapchat will be rolling out to comply with the California Privacy Rights Act CPRA, also known as Proposition 24. The act, whic...

Who tracked internet users in 2021–2022

Every time you go online, someone is watching over you. The services you use, the websites you visit, the apps on your phone, smart TVs, gaming consoles, and any networked devices collect data on you with the help of trackers installed on web pages or in software. The websites and services send...

Apple’s Device Analytics Can Identify iCloud Users

Researchers claim that supposedly anonymous device analytics information can identify users: On Twitter, security researchers Tommy Mysk and Talal Haj Bakry have found that Apples device analytics data includes an iCloud account and can be linked directly to a specific user, including their name,...

Zoho ManageEngine SQL Injection (CVE-2021-40493)

A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the getDataCollectionFailureReason method...

Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location

Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data. "Google misled its users into thinking they had turned off location tracking in their account settings, when, ...

Security Bulletin: Vulnerability from Apache Kafka affect IBM Operations Analytics - Log Analysis (CVE-2021-38153)

Summary Apache Kafka is vulnerable to timing attacks that could allow remote attacker to obtain sensitive information Vulnerability Details CVEID:CVE-2021-38153 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to the use o...

Inside Raccoon Stealer V2

Raccoon Stealer is back on the news again. US officials arrested Mark Sokolovsky, one of the malware actors behind this program. In July 2022, after several months of the shutdown, a Raccoon Stealer V2 went viral. Last week, the Department of Justice's press release stated that the malware...

Interview with Signal’s New President

Long and interesting interview with Signals new president, Meredith Whittaker: WhatsApp uses the Signal encryption protocol to provide encryption for its messages. That was absolutely a visionary choice that Brian and his team led back in the day ­- and big props to them for doing that. But you...

How web data is leading US cybersecurity to unreached possibilities

By Owais Sultan Businesses across the United States are using web scraping, or web data collection, infrastructure as a first line… This is a post from HackRead.com Read the original post: How web data is leading US cybersecurity to unreached possibilities...