ROS-20250214-05

Intel Xeon processors vulnerability is related to a data protection mechanism violation. Exploitation of the vulnerability could allow an attacker to escalate privileges Vulnerability in SMI transfer monitor STM hypervisor of Intel processors firmware is related to to an improper workflow...

PCI DSS v4.0 Evidence and documentation requirements checklist

TL;DR PCI DSS is complex and challenging Review the 12 top level controls Arm yourself with this checklist to help you navigate it Introduction PCI DSS v4.0 is challenging for a number of reasons: increased complexity, future-dated requirements, high costs and resource demands, vendor management...

ROS-20250212-17

A vulnerability in the Mark-of-the-Web protection mechanism of the 7-Zip archiver is related to a breach of the data protection mechanism. data protection mechanism. Exploitation of the vulnerability could allow an attacker to execute arbitrary code in the context of the current user...

The vulnerability of the Find My component in MacOS operating systems allows a perpetrator to disclose protected information.

The vulnerability of the Find My component in MacOS operating systems is related to insufficient protection of service data. Exploiting this vulnerability can allow attackers to disclose protected information...

Dell PowerProtect DD Stack Buffer Overflow Vulnerability

PowerProtect DD is a data protection and backup solution from Dell designed to provide efficient storage and data recovery. A stack buffer overflow vulnerability exists in Dell PowerProtect DD versions 7.13.1.10 and earlier and 7.10.1.40 and earlier, which stems from a failure to properly handle ...

Gambling firms are secretly sharing your data with Facebook

While you might think you’re hitting the jackpot, whether you’ve consented to it or not, online gambling sites are playing with your data. Users’ data, including details of webpages they visited and buttons they clicked, are being shared with Meta, Facebook’s parent company. The Observer reports...

The vulnerability of MacOS operating systems, related to the lack of protection for service data, allows attackers to gain unauthorized access to protected information.

The vulnerability of MacOS operating systems is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the get_imix_entries() function in the net/core/pktgen.c module of the Linux kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the getimixentries function in the net/core/pktgen.c module of the Linux kernel is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

Apple ordered to grant access to users’ encrypted data

Last week, an article in the Washington Post revealed the UK had secretly ordered Apple to provide blanket access to protected cloud backups around the world. Since then, privacy focused groups have uttered their objections. The UK government has demanded to be able to access encrypted data store...

Protecting Your Software Supply Chain: Assessing the Risks Before Deployment

Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before...

UK Is Ordering Apple to Break Its Own Encryption

The Washington Post is reporting that the UK government has served Apple with a "technical capability notice" as defined by the 2016 Investigatory Powers Act, requiring it to break the Advanced Data Protection encryption in iCloud for the benefit of law enforcement. This is a big deal, and...

Top 3 Ransomware Threats Active in 2025

You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything." And the worst part is that even after paying, there's no guarantee you'll ge...

The vulnerability of the CMSimple content management system’s link validation function allows attackers to perform SSRF attacks.

The vulnerability of the CMSimple content management system’s link validation function is related to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor to carry out an SSRF attack remotely...

The vulnerability of the Core server component of the Oracle HTTP Server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Core server component of Oracle HTTP Server is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information using the HTTP network protocol...

Small business owners, secure your web shop

An online shop is more than just another way to sell your products. It comes with a responsibility to keep the web shop secure. Cybercriminals are looking to steal your customers’ credit card details, their personal data, and even your revenue. And it’s not as if using a platform that is used by...

CVE-2024-38329

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...

CVE-2024-2098

The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. This makes it possible for unauthenticated attackers to download password-protected fil...

The vulnerability of the FactoryTalk AssetCentre software, a centralized asset management system, lies in the insufficient protection of registration data, which allows attackers to disclose sensitive information.

The vulnerability of the FactoryTalk AssetCentre software for centralized asset management lies in the insufficient protection of registration data. Exploiting this vulnerability could allow attackers to disclose sensitive information that is protected by security measures...

The vulnerability of the EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages of the FactoryTalk AssetCentre software solution allows a perpetrator to disclose protected information.

The vulnerability of the EventLogAttachmentExtractor, ArchiveExtractor, LogCleanUp, or ArchiveLogCleanUp packages of the FactoryTalk AssetCentre centralized asset management software is related to insufficient protection of registration data. Exploiting this vulnerability could allow an attacker ...

Dell Avamar 安全漏洞

Dell Avamar is a data backup and recovery solution from Dell that focuses on providing organizations with efficient and flexible data protection services that support physical, virtual and cloud environments. Dell Avamar suffers from an access token reuse vulnerability that stems from the inclusi...