87 matches found
MAL-2025-33353 Malicious code in sjtu-sesansijiu-data-mining (npm)
The package sjtu-sesansijiu-data-mining was found to contain malicious code...
Vulnerabilities fixed in Oracle Database products
Oracle has fixed vulnerabilities in several database products and subsystems, including the Core Database, Grail, Application Express, GoldenGate and REST data. The vulnerabilities are in several components of the Oracle Database, including the Data Mining component and the Java VM. These...
Russian Hacker Vladimir Dunaev Pleads Guilty for Creating TrickBot Malware
A Russian national has been found guilty in connection with his role in developing and deploying a malware known as TrickBot, the U.S. Department of Justice DoJ announced. Vladimir Dunaev, 40, was arrested in South Korea in September 2021 and extradited to the U.S. a month later. "Dunaev develope...
The Family That Mined the Pentagon's Data for Profit
The Freedom of Information Act helps Americans learn what the government is up to. The Poseys exploited it—and became unlikely defenders of transparency...
Natural Language Processing and “Mindful” AI Drive More Sophisticated Bad Bot Attacks
The evolution from human to bot attacks Over the last several years of my career in cyber security, I have been fortunate to work with professionals who researched and developed new cyber security detection and prevention solutions that block high-end cyber attacks. Initially, these attacks were...
Insurance Management System SQL Injection Vulnerability (CNVD-2022-85117)
Insurance Management System is an insurance management system from the personal developer Angel Jude Reyes Suarez. Insurance Management System 1.0 is vulnerable to SQL injection, which could be exploited by attackers to obtain information about data in the target system...
SharpML - Machine Learning Network Share Password Hunting Toolkit
SharpML is a proof of concept file share data mining tool using Machine Learning in Python and C. The tool is discussed in more detail on our blog here, but is summarised below also: SharpML is C and Python based tool that performs a number of operations with a view to mining file shares, queryin...
Anhui Jingqi Network Technology Co., Ltd. website building system has SQL injection vulnerabilities
Anhui Jingqi Network Technology Co., Ltd. was founded in 2006, the company is based on the informatization in the field of civil affairs and health, around the "prevention, treatment and maintenance" to provide the service users in the big health industry chain with intelligent medical care,...
IBM SPSS Modeler Subscription Installer Arbitrary File Write Vulnerability
IBM SPSS Modeler Subscription Installer is a software application from the American company Universal Business Machines IBM. Used for a set of data mining, the tools allow the adoption of business techniques to quickly build predictive models and apply them to business activities, thus improving...
When Destiny is Knocking on Your Door Again - Data Mining CDN Logs to Refine and Optimize Web Attack Detection
A few years ago, I wrote a blog post trying to explain, with humor, why choosing application security as a career path is destiny derived by my parents calling me "Or", and why a personal name that is a conditional word can sometimes be challenging in daily routines, since some attack payloads...
The many ways you can be scammed on Facebook, part I
Scams can be found anywhere, and Facebook is no exception. And, with the holiday season just around the corner, and the world still weathering a pandemic, it pays to know what Facebook scams you, those close to you, and those you have professional relationships with could potentially encounter...
Evine - Interactive CLI Web Crawler
Evine is a simple, fast, and interactive web crawler and web scraper written in Golang. Evine is useful for a wide range of purposes such as metadata and data extraction, data mining, reconnaissance and testing. Follow the project on Twitter. Install From Binary Pre-build binary releases are also...
Imperva Cloud WAF Customers Can Easily Integrate Advanced Bot Protection for Increased Security
Almost 25% of web traffic is bad bots, and only growing both in volume and sophistication. This information and more is available in Imperva’s annual Bad Bot Report 2020. What are bad bots? They are not benign. Bad bots plague websites, mobile applications, and APIs with the goal of high-speed an...
How social media platforms mine personal data for profit
It’s almost impossible not to rely on social networks in some way, whether for personal reasons or business. Sites such as LinkedIn continue to blur the line, increasing the amount of social function over time with features and services resembling less formal sites, such as Facebook. Can anyone...
Zoom Removes Data-Mining LinkedIn Feature
Zoom has nixed a feature that came under fire for “undisclosed data mining” of users’ names and email addresses, used to match them with their LinkedIn profiles. The feature, the LinkedIn Sales Navigator, is a LinkedIn service used for sales prospecting. When users enter a web conference meeting,...
Pockint - A Portable OSINT Swiss Army Knife For DFIR/OSINT Professionals
POCKINT a.k.a. Pocket Intelligence is the OSINT swiss army knife for DFIR/OSINT professionals. Designed to be a lightweight and portable GUI program to be carried within USBs or investigation VMs, it provides users with essential OSINT capabilities in a compact form factor: POCKINT's input box...
News Wrap: Infosecurity Europe Highlights and BlueKeep Anxiety
This week, the focus was on Infosecurity Europe, which took place in London and showcased a myriad of sessions, threat research and trends in the cybersecurity space. During the Threatpost news wrap for the week ended June 7, the team breaks down the top news from the show, as well as other...
Lenovo Watch app has multiple vulnerabilities
Shenzhen Personal Data Management Service Co., Ltd. is for analyzing and mining the value behind personal habits, preferences, and health, and becoming a scene service and content operator based on personal data. The Lenovo Watch app has multiple vulnerabilities that can be exploited by attackers...
Maltego CE - An Interactive Data Mining Tool That Renders Directed Graphs For Link Analysis
Maltego CE is the community version of Maltego that is available for free after a quick online registration. Maltego CE includes most of the same functionality as the commercial version however it has some limitations. The main limitation with the community version is that the application cannot ...
Defending Elections from Foreign Adversaries: Election Buster
Election Buster is an open source tool created in 2014 to identify malicious domains masquerading as candidate webpages and voter registration systems. During 2016, fake domains were used to compromise credentials of a Democratic National Committee DNC IT services company, and foreign adversaries...