Information Disclosure Vulnerability in UTS Unified Threat Probe of Green Alliance Technology Group Co.

UTS Unified Threat Probe is to realize the collection and parsing work of traffic data, decoding, uploading and original traffic pcap data retention layer by layer, and support intrusion detection, virus detection and star sucking engine, etc., to provide unified threat detection capability. Gree...

Command Injection

Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Command Injection via the Data collection endpoint. An attacker can execute arbitrary commands on the underlying system by uploading a specially crafted file. Remediation...

Magento is affected by an os command injection via the Data collection endpoint

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code...

GHSA-QMQ6-JPVG-J547 Magento is affected by an os command injection via the Data collection endpoint

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code...

Elastic APM agent for Python client CGI proxy redirection flaw

When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing...

Hunting down your data with Whitney Merrill: Lock and Code S03E11

Depending on where you live, you can ask a company to hand over all the data it has collected about you and, in a matter of weeks as mandated by law, that company has to fork that information over. Whether the company will abide on time, however, is a different story. In the European Union, the...

Websites that Collect Your Data as You Type

A surprising number of websites include JavaScript keyloggers that collect everything you type as you type it, not just when you submit a form. Researchers from KU Leuven, Radboud University, and University of Lausanne crawled and analyzed the top 100,000 websites, looking at scenarios in which a...

Thousands of Top Websites See What You Type—Before You Hit Submit

A surprising number of the top 100,000 websites effectively include keyloggers that covertly snag everything you type into a form...

India to Collect User Data from VPNs, Data Centers, and Cloud Service Providers

By Deeba Ahmed The Indian government recently passed a new law that mandates all internet service providers to collect and store… This is a post from HackRead.com Read the original post: India to Collect User Data from VPNs, Data Centers, and Cloud Service Providers...

CVE-2022-29937

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but for example an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product...

CVE-2022-29937

USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but for example an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product...

Nutanix Data Collection

Collects Nutanix data using REST APIs. TRUSTED...

Why Uploading Your Personal Data on Social Media is a Bad Idea

By Owais Sultan Did you know almost every social media collects your personal data and sell it to third-party advertisers and… This is a post from HackRead.com Read the original post: Why Uploading Your Personal Data on Social Media is a Bad Idea...

How to Use Google Chrome's Enhanced Safety Mode

You get a safer, more secure browser experience, but Google gets a lot more data about you...

Secret CIA Data Collection Program

Two US senators claim that the CIA has been running an unregulated -- and almost certainly illegal -- mass surveillance program on Americans. The senators statement. Some declassified information from the CIA. No real details yet...

Iranian Hackers Using New Marlin Backdoor in 'Out to Sea' Espionage Campaign

An advanced persistent threat APT group with ties to Iran has refreshed its malware toolset to include a new backdoor dubbed Marlin as part of a long-running espionage campaign that started in April 2018. Slovak cybersecurity company ESET attributed the attacks — codenamed "Out to Sea" — to a...

FACT - A Tool To Collect, Process And Visualise Forensic Data From Clusters Of Machines Running In The Cloud Or On-Premise

FACT is a tool to collect, process and visualise forensic data from clusters of machines running in the cloud or on-premise. Deployment For a basic single-node deployment, we recommend using Docker and Docker Compose. First, read docker-compose.yaml for configuration and requirements. Then, start...

Rapid7 Insight Agent 安全漏洞

Rapid7 Insight Agent is a lightweight software from Rapid7, Inc. that collects data from IT assets. The software is capable of collecting data from IT assets.An arbitrary file reading vulnerability exists in Rapid7 Insight Agent versions prior to 3.1.3, which stems from the software's lack of...

The Facebook Pixel Hunt aims to unravel Facebook’s tracking methods. Will you join?

Browser developer Mozilla has announced a research project to provide insights into, and data about, a space that’s opaque to policymakers, researchers and users themselves. Tracking the trackers is the name of the game. Give up some of your data voluntarily to stop the involuntary collection by...

Facebook Launches 'Privacy Center' to Educate Users on Data Collection and Privacy Options

Meta Platforms, the company formerly known as Facebook, on Friday announced the launch of a centralized Privacy Center that aims to "educate people" about its approach with regards to how it collects and processes personal information across its family of social media apps. "Privacy Center provid...