CVE-2019-18581

Dell EMC Data Protection Advisor (DPA) versions 6.3, 6.4, 6.5, 18.2 before patch 83, and 19.1 before patch 71 are affected by a server missing authorization in the REST API. A remote authenticated administrator could potentially modify the application’s allowed OS commands list, enabling arbitrar...

CVE-2019-18581

Dell EMC Data Protection Advisor versions 6.3, 6.4, 6.5, 18.2 versions prior to patch 83, and 19.1 versions prior to patch 71 contain a server missing authorization vulnerability in the REST API. A remote authenticated malicious user with administrative privileges may potentially exploit this...

Authorities Eye Using Mobile Phone Tracking COVID-19's Spread

Authorities in the United States and Israel are eyeing ways to use mobile-phone and other location-based data to help control the spread of the new coronavirus COVID-19, raising serious privacy concerns about the practice of using and sharing people’s personal data during the time of a global...

The vulnerability of the Windows Installer component on Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Windows Installer component in Windows operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerability of the Connected User Experiences and Telemetry Services for Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Connected User Experiences and Telemetry Services for Windows operating systems stems from the lack of protection for service-related data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created...

The vulnerability of the File Store Service, a component of the Service Fabric application, allows a perpetrator to escalate their privileges.

The vulnerability of the File Store Service of the Service Fabric application is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to enhance their privileges by modifying the configuration file and connecting to SMB or SCP ports...

The vulnerability of the win32k component of the Windows operating system, which allows a hacker to disclose protected information

The vulnerability of the win32k component in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose the protected information...

The vulnerability of the Windows operating system’s kernel, which allows a hacker to disclose protected information

The vulnerability of the Windows operating system’s kernel is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information through a specially created application...

A week in security (March 2 – 8)

Last week on Malwarebytes Labs, we fired up part 1 of our series on child identity theft, asked how well law enforcement can deal with cybercriminals, and took a trip down the memory lane of moral panic. We also looked at the positives and negatives of VPNs and examined our own progress in the...

CVE-2019-17644

CVE-2019-17644 affects Centreon versions before 2.8-30, 18.10-8, 19.04-5, and 19.10-2. An unauthenticated direct request to include/configuration/configObject/host/refreshMacroAjax.php permits disclosure of sensitive information. Root cause is improper access control on the host macro refresh end...

The vulnerability of the SAP Mobile Secure for Android security tool lies in the lack of protection for operational data, which allows attackers to disclose the protected information.

The vulnerability of the SAP Mobile Secure for Android security tool is related to the lack of protection for operational data. Exploiting this vulnerability can allow attackers to disclose the protected information...

The vulnerability of microprogramming software for Intel processors and Intel Processor Graphics lies in the lack of protection for system data, which allows attackers to disclose protected information.

The vulnerability of microprogrammed software in Intel processors and Intel Processor Graphics is related to the lack of protection for system data. Exploiting this vulnerability can allow attackers to disclose protected information...

Hybrid Cloud Changes the Game for Security

How to protect critically important data residing on server workloads across the hybrid cloud while achieving significant operational benefits...

Google Advises Android Developers to Encrypt App Data On Device

Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. Moreover, considering that there are not many reference frameworks available for t...

U.S. Dept Of Defense: Sensitive Information Leaking Through DARPA Website. [█████████]

Summary: While performing recon work on websites owned by DoD i came up with DARPA website which is leaking sensitive information. Description: The above website is leaking information such as- first name and last name, email address, phone number, house address and organization name of attendees...

RSAC 2020: Blockchain is 'Garbage In', Voting Needs Paper Ballots

SAN FRANCISCO – Cryptography is at the heart of security, especially here at this week’s RSAC 2020. And during the event’s annual Cryptographer’s Panel, industry leaders broke down their top crypto-concerns, including privacy regulations, election security and blockchain. Privacy is clearly a top...

The vulnerability of the Active Directory LDAP server component in Samba networking software allows a perpetrator to gain unauthorized access to confidential data.

The vulnerability of the Samba network communication software component of the Active Directory LDAP server is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data...

Vulnerability of the Server:Security:Encryption component of the Oracle MySQL database management system, which allows a hacker to gain unauthorized access to confidential data

The vulnerability of the Server:Security:Encryption component of the Oracle MySQL database management system is related to the lack of protection for operational data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data...

The vulnerability of the Windows Modules Installer service in Windows operating systems allows a hacker to gain unauthorized access to protected data.

The vulnerability of the Windows Modules Installer service in Windows operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected data through a specially created application...

The vulnerability of the SAP Business One resource management system, related to the lack of protection for operational data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SAP Business One resource management system is related to the lack of protection for operational data. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...