Instagram receives record fine of $400M for abuse of children's data

Ireland's Data Protection Commissioner DPC, the lead regulator in Europe for Meta and other tech giants, has slapped Instagram with a fine of €405M--roughly equivalent to $402M--following an investigation on how the company handled children's data. In the investigation that started in 2020, the D...

Huawei HarmonyOS 安全漏洞

Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS is vulnerable to an information disclosure vulnerability caused by insufficient protection of sensitive information in the interface of th...

U.S. Dept Of Defense: Authentication bypass leads to Information Disclosure at U.S Air Force "https://███"

Hi Hackerone Triage team, I'm new in this program, what i understood that every Web Owned/Operated by DoD is in scope , so i did some google searches , exactly in wikipedia and i've find this PNG that confirms that U.S Air Force is in scope :...

EMC Data Protection Advisor < 19.7 Build B4 XSS (DSA-2022-107)

According to its self-reported version, the application is below version 19.7 Build B4. It is, therefore, affected by a stored cross-site scripting vulnerability. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context ...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.1.0 security and bug fix update

OpenShift API for Data Protection OADP 1.1.0 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

The vulnerability of the eBPF subsystem in the Linux operating system allows a hacker to gain unauthorized access to a device.

The vulnerability of the eBPF subsystem in the Linux operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the device...

CVE-2022-33935

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data stor...

CVE-2022-33935

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data stor...

Cross site scripting

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data stor...

CVE-2022-33935

Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data stor...

CVE-2022-33935

Summary: CVE-2022-33935 affects Dell EMC Data Protection Advisor versions 19.6 and earlier and is a stored cross-site scripting (XSS) vulnerability in the web data store component. An attacker could cause the browser to execute malicious HTML/JavaScript in the context of the vulnerable web applic...

PT-2022-21923 · Dell Emc · Dell Emc Data Protection Advisor

Name of the Vulnerable Software and Affected Versions: Dell EMC Data Protection Advisor versions 19.6 and earlier Description: The issue is a Stored Cross Site Scripting, where an attacker could potentially exploit this to store malicious HTML or JavaScript codes in a trusted application data...

Opera Privacy Statement Update 2022

Privacy Opera Privacy Statement Update 2022 Share August 29th, 2022 Opera, a browser company based out of Oslo, Norway, cares deeply about user security and data protection. With that in mind, we actively work on improving our internal practices and communications with you, our users. We are maki...

Data governance: 5 tips for holistic data protection

Your data is a strategic asset. To benefit your business, data requires strict controls around structure, access, and lifecycle. However, most security leaders have doubts about data security—nearly 70 percent of chief information security officers CISOs expect to have their data compromised in a...

Multiple Vulnerabilities in Isthmus Electronic Document Security Management System

Yisetong electronic document security management system is an electronic document security protection software, the system utilizes the driver layer transparent encryption technology, through the encryption protection of electronic documents, to prevent internal employees from leaking and externa...

Threat Source newsletter (Aug. 18, 2022) — Why aren't Lockdown modes the default setting on phones?

By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. As the data privacy landscape gets increasingly murky, app developers and device manufacturers are finding new ways to sure up users’ personal information. Of course, all users have to do is go out of their way to...

The vulnerability of Microsoft Windows Defender operating system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of Microsoft Windows Defender operating system lies in the lack of protection for service data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

The vulnerability of the Windows operating system’s kernel allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Windows operating system’s kernel is related to the lack of protection for privileged data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

The vulnerability of the VMware vRealize Orchestrator platform, related to the lack of protection for operational data, allows a perpetrator to disclose protected information.

The vulnerability of the VMware vRealize Orchestrator platform for automating processes is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

Nearly 2,000 Signal users affected by Twilio phishing attack

New findings following the Twilio phishing attack revealed that Signal, one of its high-value clients and a popular encrypted messaging platform, was particularly affected. 1,900 of its users had their phone numbers and SMS registration codes exposed. However, Signal reassured users that the...