Uber: ability to retrieve a user's phone-number/email for a given inviteCode

The www.uber.com/a/join?invitecode=inviteCode endpoint returned email and/or phone number for the user with the invite code inviteCode. Since protecting our users data is our top priority, we were very interested in this report. It was also a pleasure to work with @kushal89shah and we look forwar...

The vulnerability of the Flash Player software allows attackers to obtain confidential information or circumvent existing access restrictions.

The vulnerability of the Flash Player software is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to bypass existing access restrictions or obtain confidential information using uncertain vectors...

Congressional Leaders Demand Answers on Yahoo Breach

Vermont Senator Patrick Leahy, along with a number of his Democratic congressional colleagues, has demanded answers from Yahoo CEO Marissa Mayer about what is now the biggest data breach in history. Leahy called the two years between the intrusion of Yahoo’s network and the discovery and disclosu...

Germany Orders Facebook to Stop Collecting Data on WhatsApp Users

A German privacy regulator issued an order this week prohibiting Facebook from collecting user data on German WhatsApp users, calling the company’s actions misleading and in violation of the nation’s data protection law. The move comes a few weeks after a recent WhatsApp policy change that said t...

Germany Bans Facebook From Collecting WhatsApp Data

Just last month, the most popular messaging app WhatsApp updated its privacy policy and T&Cs to start sharing its user data with its parent company, and now both the companies are in trouble, at least in Germany and India. Both Facebook, as well as WhatsApp, have been told to immediately stop...

Vulnerability of browsers Internet Explorer and Microsoft Edge, allowing intruders to obtain confidential information

The vulnerability of Internet Explorer and Microsoft Edge is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information through a specially crafted web page...

The vulnerabilities in operating systems such as Mac OS X and iOS allow attackers to replace the signal that indicates the end of transmission, or gain access to protected audio information.

The vulnerability of the FaceTime component in Mac OS X and iOS operating systems is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to replace the signal that indicates the end of transmission, or gain access to protected audio informati...

The vulnerability of the Mac OS X operating system allows a perpetrator to trigger a service failure or gain access to protected information.

The vulnerability of the Audio component of the Mac OS X operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating locally, to gain access to protected information in the kernel memory or cause a service failure reading...

PT-2016-2775 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: The issue is related to a lack of protection for internal data in the Flash Player platform. It can be exploited by a remote attacker to bypass existing access restrictions or...

PT-2016-2774 · Adobe +3 · Flash Player +3

Name of the Vulnerable Software and Affected Versions: Adobe Flash Player affected versions not specified Description: The issue is related to the lack of protection for internal data in the Flash Player platform. It can be exploited by a remote attacker to bypass existing access restrictions or...

FTC Panel Encourages Basic Security Hygiene to Counter Ransomware

When asked to describe what it’s like to deal with the constantly looming threat of ransomware, Chad Wilson, the Director of Information Security at Children’s National Medical Center in Washington D.C., didn’t beat around the bush. “I’ll sum it up in one word: It’s scary,” Wilson said at a Feder...

BlackHat issues resolved: Windows programs digital signature verification“vulnerability”-vulnerability warning-the black bar safety net

In this year's black hat conference, foreign a security researcher shows how by the Windows digital signature bypass for malicious code detection. Download the General Assembly of the presentation of the ppt probably looked at it, the report is divided into two parts, the first part shows the...

Multiple vulnerabilities in the Kaspersky Total Security antivirus protection system allow attackers to obtain confidential information.

The multiple vulnerabilities of the KLDISK driver in the Kaspersky Total Security antivirus protection software are related to the lack of protection for operational data. Exploiting these vulnerabilities could allow an intruder, operating locally, to gain access to confidential information—such ...

FTC Releases Alert on Securing Personal Information When Using Rental Vehicles

The Federal Trade Commission FTC has released recommendations for consumers to protect their personal data when using rental vehicles. Rental vehicles may contain infotainment systems that can connect with personal devices to stream music, allow hands-free calls and texts, or guide navigation...

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the SurfaceFlinger service in the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to obtain confidential information through a specially created application associated with the default...

The vulnerability of the Android operating system allows a perpetrator to obtain confidential information or circumvent existing access restrictions.

The vulnerability of the Camera API application of the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to circumvent existing access restrictions or obtain confidential information about buffer addresses using ...

Vulnerability of browsers Internet Explorer and Microsoft Edge, allowing intruders to obtain confidential information

The vulnerability of Internet Explorer and Microsoft Edge is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information through a specially crafted web page...

The vulnerability of the Microsoft OneNote note-taking software allows a perpetrator to obtain confidential information.

The vulnerability of the Microsoft OneNote note-taking software lies in the lack of protection for sensitive data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain confidential information through a specially created OneNote file...

Vulnerability of the Windows operating system, allowing a perpetrator to compromise accounts

The vulnerability of the ActiveSyncProvider library in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to gain access to accounts by exploiting a flaw in Universal Outlook to establish a secure connection...

The vulnerability of the Android operating system, which allows a perpetrator to obtain confidential information

The vulnerability of the MediaTek driver for the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential information through a specially created application...