PT-2023-1202 · Oracle · Peoplesoft Enterprise Peopletools

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise PeopleTools versions 8.59 through 8.60 Description: The issue is related to insufficient input validation in the Elastic Search component of the PeopleSoft Enterprise PeopleTools product. This can allow a remote attacker...

TikTok Fined $5.4 Million by French Regulator for Violating Cookie Laws

Popular short-form video hosting service TikTok has been fined €5 million about $5.4 million by the French data protection watchdog for breaking cookie consent rules, making it the latest platform to face similar penalties after Amazon, Google, Meta, and Microsoft since 2020. "Users of 'tiktok.co...

The vulnerability of Mozilla Firefox, Firefox ESR, and the Mozilla Thunderbird email client relates to insufficient protection of sensitive data. This allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the Mozilla Thunderbird email client are related to insufficient protection of sensitive data. Exploiting these vulnerabilities allows a malicious actor to bypass security restrictions and gain unauthorized access to protected information b...

PT-2023-1092 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient protection of service data in the Microsoft Cryptographic Services. It allows an attacker to elevate their privileges. Recommendations: At the moment,...

PT-2023-1232 · Microsoft · Windows Point-To-Point Protocol +1

Name of the Vulnerable Software and Affected Versions: Windows Point-to-Point Protocol PPP affected versions not specified Description: The issue is related to insufficient protection of service data in the implementation of the Point-to-Point Protocol PPP in Windows operating systems. This can...

PT-2023-1162 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient protection of service data in the Windows Event Tracing service, which can allow an attacker to gain unauthorized access to protected information. This...

PT-2023-1097 · Microsoft · Exchange Server

Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to a lack of protection for service data in Microsoft Exchange Server, which can be exploited to disclose protected information. This can allow an...

Why Do User Permissions Matter for SaaS Security?

Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts and exported audience data from 102 of them. The breach was preceded by a successful phishing attempt and led to malicious attacks against Mailchimp'...

Slack GitHub Account Hacked via Stolen Employee API Token

On December 29, 2022, Slack was alerted to suspicious activity on their GitHub account. Upon investigation, the company discovered that a limited number of employee tokens had been stolen and misused to gain access to an externally hosted repository. The threat actor had also downloaded private...

Irish Regulators Fine Facebook $414 Million for Forcing Users to Accept Targeted Ads

The Irish Data Protection Commission DPC has fined Meta Platforms €390 million roughly $414 million over its handling of user data for serving personalized ads in what could be a major blow to its ad-fueled business model. To that end, the privacy regulator has ordered Meta Ireland to pay two fin...

PT-2023-1617 · Qualcomm · Qualcomm Embedded Platform

Name of the Vulnerable Software and Affected Versions: Powerline Communication Firmware affected versions not specified Qualcomm embedded platform software affected versions not specified Description: The issue is related to memory corruption due to information exposure in Powerline Communication...

The vulnerability of the Linux operating system’s kernel allows a attacker to obtain the basic address of the Kernel ASLR and gain access to the kernel’s memory.

The vulnerability of the Linux operating system’s kernel is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to obtain the basic Kernel ASLR address and gain access to the kernel’s memory...

The vulnerability of the AVEVA Edge SCADA system, related to insufficient protection of operational data, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the AVEVA Edge SCADA system is related to insufficient protection for operational data. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information...

France Fines Microsoft €60 Million for Using Advertising Cookies Without User Consent

France's privacy watchdog has imposed a €60 million $63.88 million fine against Microsoft's Ireland subsidiary for dropping advertising cookies in users' computers without their explicit consent in violation of data protection laws in the European Union. The Commission nationale de l'informatique...

Millions of Gemini cryptocurrency exchange user details leaked

If youre a user of the Gemini cryptocurrency exchange, its time to be on your guard against phishing attacks. Gemini says its own systems have not been compromised, but an unnamed third party has become the focal point for a breach. On December 13 or some point before, rogues gained access to jus...

CVE-2022-42843

This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information...

Information disclosure

This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information...

Uber data stolen via third-party vendor

Uber is facing a new cybersecurity incident after threat actors stole some of its data from Teqtivity, a third-party vendor that provides asset management and tracking services. "We are aware of customer data that was compromised due to unauthorized access to our systems by a malicious third...

CVE-2022-42843

This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information...

CVE-2022-42843

This issue was addressed with improved data protection. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, tvOS 16.2, watchOS 9.2. A user may be able to view sensitive user information...