CVE-2022-2628

The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

UBUNTU-CVE-2022-2628

The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

TikTok faces $28m fine for failing to protect children's privacy

TikTok is no stranger to controversy where data usage is concerned. Back in 2021, the social media dance extravaganza platform agreed to pay $92m to settle dozens of lawsuits alleging harvesting of personal data. There has also been concern with regard to whether or not settings were enough to ke...

Security Bulletin: Possibility for Accidental Disclosure of Microsoft Exchange Mailboxes to Unauthorized Users (CVE-2013-3976)

Abstract Due to a problem in the Data Protection for Exchange and FlashCopy Manager for Exchange components, once a mailbox is restored into a .PST file, each individual .PST file will be created as expected, but the contents of that .PST file may not be the contents associated with that mailbox...

Morgan Stanley's years-long "extensive failure" to protect customer data ends in huge fine

On Tuesday, the Securities and Exchange Commission SEC charged financial company Morgan Stanley a $35M fine for "the firm's extensive failures, over five years, to protect the personal identifying information, or PII, of approximately 15 million customers. The company agreed to settle the penalty...

PT-2022-6280 · Dell · Dell Geodrive

Name of the Vulnerable Software and Affected Versions: Dell GeoDrive versions 2.1 through 2.2 Description: The issue is related to the lack of protection for service data in the graphical interface of the local file system. This could allow an attacker to disclose protected information. An...

Kiwi Farms breached, user data potentially exposed

The operators of a site known to most observers for being in a recent state of flux have announced a forum breach. Kiwi Farms, which gained a reputation for sophisticated trolling and doxxing, was recently dropped by Cloudflare after a sustained campaign to have the DDoS mitigation and cloud...

The Deep Roots of Nigeria’s Cybersecurity Problem

Despite having one of the strongest data-protection policies in Africa, the country’s enforcement and disclosure practices remain dangerously broken...

The Shaky Future of a Post-Roe Federal Privacy Law

The American Data Privacy and Protection Act could protect people across the country. But first, it has to get past Nancy Pelosi...

CVE-2022-34723

Windows DPAPI Data Protection Application Programming Interface Information Disclosure Vulnerability...

CVE-2022-34723

Windows DPAPI Data Protection Application Programming Interface Information Disclosure Vulnerability...

Windows DPAPI (Data Protection Application Programming Interface) Information Disclosure Vulnerability

...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.0.4 security and bug fix update

OpenShift API for Data Protection OADP 1.0.4 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

KLA19245 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote cod...

Microsoft Windows DPAPI 安全漏洞

Microsoft Windows is a suite of operating systems for personal devices from the U.S.-based Microsoft Corporation. A security vulnerability exists in Microsoft Windows DPAPI Data Protection Application Programming Interface. The following products and versions are affected: Windows 11 for x64-base...

PT-2022-5619 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a lack of protection for service data in the Remote Access Connection Manager service of the Windows operating system. This can allow an attacker to gain unauthorize...

PT-2022-5615 · Microsoft · Windows Dpapi +1

Name of the Vulnerable Software and Affected Versions: Windows DPAPI affected versions not specified Description: The issue is related to a lack of protection for sensitive data in the Windows DPAPI component, allowing an attacker to disclose protected information. This can enable attackers to...

Why Vulnerability Scanning is Critical for SOC 2

SOC 2 may be a voluntary standard, but for today's security-conscious business, it's a minimal requirement when considering a SaaS provider. Compliance can be a long and complicated process, but a scanner like Intruder makes it easy to tick the vulnerability management box. Security is critical f...

Sitting in cars with hackers

Are organizations doing enough to protect customer data? The auto industry can teach us a lot about vulnerability management...

The vulnerability of the Crow web service framework relates to the lack of protection for service-related data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Crow web service creation framework is related to the lack of protection for service-related data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...