CVE-2021-36024

CVE-2021-36024 affects Magento Commerce 2.4.2 and earlier, 2.4.2-p1 and earlier, and 2.3.7 and earlier. The root cause is Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint, enabling an attacker with admin privileges to upload a crafted file to achieve ...

CVE-2021-36024 Magento Commerce Improper Neutralization of Special Elements Used In A Command

Magento Commerce versions 2.4.2 and earlier, 2.4.2-p1 and earlier and 2.3.7 and earlier are affected by an Improper Neutralization of Special Elements Used In A Command via the Data collection endpoint. An attacker with admin privileges can upload a specially crafted file to achieve remote code...

The system’s vulnerability regarding data collection and automation process control in ScadaBR, related to unlimited loading of dangerous type files, allows a intruder to execute arbitrary code.

The vulnerability of the ScadaBR system for data collection and automation process control is related to the unlimited loading of dangerous type files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially crafted file named viewedit.shtm...

How data collected in gaming can be used to breach user privacy

By Sudais Asif Gaming firms collect user data to improve user experience but how that data can be used for malicious purposes? Here's what researchers say. This is a post from HackRead.com Read the original post: How data collected in gaming can be used to breach user privacy...

MacHound - An extension to audit Bloodhound collecting and ingesting of Active Directory relationships on MacOS hosts

MacHound is an extension to the Bloodhound audting tool allowing collecting and ingesting of Active Directory relationships on MacOS hosts. MacHound collects information about logged-in users, and administrative group members on Mac machines and ingest the information into the Bloodhound database...

Kids’ Apps on Google Play Rife with Privacy Violations

About 20 percent of the Top 500 kids’ mobile apps in the Google Play store are collecting data on users in a way that likely violates the Children’s Online Privacy Protection Act COPPA. These have been downloaded by a collective 492 million users, researchers said. That’s according to an analysis...

TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data

Popular short-form video-sharing service TikTok quietly revised its privacy policy in the U.S., allowing it to automatically collect biometric information such as faceprints and voiceprints from the content its users post on the platform. The policy change, first spotted by TechCrunch, went into...

What Is a Honeypot❓ Definition, Types and More

A honeypot is a computer system made to appear like a potential target of a cyber-attack. It may be used to track or redirect hacks away from a legitimate target. It could like wise be utilized to comprehend the strategies that cybercriminals employ. Honeypots have been around for quite awhile, y...

magicRecon - A Powerful Shell Script To Maximize The Recon And Data Collection Process Of An Objective And Finding Common Vulnerabilities

MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats. The new version of MagicRecon has a large number of new too...

The vulnerability in the web interface for managing application data collection and aggregation from Cisco DNA Spaces Connector controllers and access points arises from the lack of measures to neutralize special elements used in the operating system’s command set. This allows a malicious actor to enhance their privileges and execute arbitrary commands.

The vulnerability in the web interface for managing data collection and aggregation from Cisco DNA Spaces Connector controllers and access points is related to the failure to eliminate special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker...

The vulnerability in the web interface for managing application data collection and aggregation from Cisco DNA Spaces Connector controllers and access points arises from the lack of measures to neutralize special elements used in the operating system’s command set. This allows attackers to enhance their privileges and execute arbitrary commands.

The vulnerability in the web interface for managing data collection and aggregation from Cisco DNA Spaces Connector controllers and access points is related to the failure to eliminate special elements used in the operating system’s command set. Exploiting this vulnerability can allow an attacker...

The vulnerability of the data collection and aggregation application from Cisco DNA Spaces Connector’s controllers and access points relates to the implementation or modification of arguments, allowing attackers to execute arbitrary commands with root privileges.

The vulnerability of the data collection and aggregation application from Cisco DNA Spaces Connector lies in the implementation or modification of arguments. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands with root privileges...

openSUSE Security Update : netdata (openSUSE-2021-647)

This update for netdata fixes the following issues : - Update to 1.29.3 Release v1.29.3 is a patch release to improve the stability of the Netdata Agent. We discovered a bug that when proc.plugin attempts to collect the operstate parameter for a virtual network interface. If the chart is obsolete...

Red-Kube - Red Team K8S Adversary Emulation Based On Kubectl

Red Kube is a collection of kubectl commands written to evaluate the security posture of Kubernetes clusters from the attacker's perspective. The commands are either passive for data collection and information disclosure or active for performing real actions that affect the cluster. The commands...

Sifchain: Sifchain Privacy Policy Webpage Uses Wordpress Default Template. Does Not Display Correct Privacy Policy.

NOTE: This report can, must and should be treated as informational! URL: https://sifchain.finance/privacy-policy/ Summary: The sifchain.finance Wordpress page contains a privacy policy, which is using a default template. This issue may open up potential legal dispute issues of website customers...

Gig Workers Being Paid $500 for Payroll Passwords

Fintech startup Argyle, a financial-services platform aimed at gig workers, is working to replace credit scores assigned by bureaus like Equifax. But closer security analysis hints that Argyle could be just the latest incarnation of an ongoing data-collection campaign, paying people to give up...

4 Major Privacy and Security Updates From Google You Should Know About

Google has announced a number of user-facing and under-the-hood changes in an attempt to boost privacy and security, including rolling out two-factor authentication automatically to all eligible users and bringing iOS-styled privacy labels to Android app listings. "Today we ask people who have...

Judge-Jury-and-Executable - A File System Forensics Analysis Scanner And Threat Hunting Tool

Features: Scan a mounted filesystem for threats right away Or gather a system baseline before an incident, for extra threat hunting ability Can be used before, during or after an incident For one to many workstations Scans the MFT, bypassing file permissions, file locks or OS file...

Facebook blocks Signal from using ads to show Instagram data collection

By Habiba Rashid Signal attempted to use the Facebook ad program to show how much data is being collected by Instagram to push targeted ads and got banned. This is a post from HackRead.com Read the original post: Facebook blocks Signal from using ads to show Instagram data collection...

Google limits which apps can access the list of installed apps on your device

Apps on Android have been able to infer the presence of specific apps, or even collect the full list of installed apps on the device. What's more, an app can also set to be notified when a new app is installed. Apart from all the usual concerns about misuse of such a data grab, the information ca...