2.3B Files Exposed in a Year: A New Record for Misconfigs

The last 12 months has seen the exposure of a record 2.3 billion files across cloud databases and online shares, according to an analysis released on Thursday. A report from Digital Shadows’ Photon Research Team, Too Much Information: The Sequel, assessed the scale of inadvertent global data...

This Week in Security News: Tax Scams and Spam Emails

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how criminals can use tax deadlines for social engineering schemes and redirection URLs in spam emails to sidestep spam filters. Read...

Security update for sqlite3 (moderate)

openSUSE Security Update: Security update for sqlite3 Announcement ID: openSUSE-SU-2019:1426-1 Rating: moderate References: 1085790 1132045 Cross-References: CVE-2017-10989 CVE-2018-8740 Affected Products: openSUSE Leap 42.3 An update that fixes two vulnerabilities is now available. Description:...

SUSE SLED12 / SLES12 Security Update : sqlite3 (SUSE-SU-2019:1208-1)

This update for sqlite3 fixes the following issues : Security issue fixed : CVE-2018-8740: Fixed a NULL pointer dereference related to corrupted databases schemas bsc1085790. CVE-2017-10989: Fixed a heap-based buffer over-read in getNodeSize bsc1132045. Note that Tenable Network Security has...

Mitsubishi QJ71MES96N Communications Adapter Detection

Binary data 752161.prm...

Moderate: python36:3.6 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. SQLAlchemy is an...

python36:3.6 security update

An update is available for python-docutils, python-pygments, python-PyMySQL, python-docs, python36, python-nose. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...

python27:2.7 security update

An update is available for python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet, python-markupsafe, python-pluggy,...

Fedora Update for hesiod FEDORA-2018-792ff3cafa

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Ladders, SkyMed Leak Employment, Medical Data for Millions

Cloud storage misconfigurations continue to plague the data-privacy space, as evidenced by the new discovery of employment and health information for millions exposed on the web, wide open to any internet passerby. Two misconfigured cloud databases inadvertently leaked personally identifiable...

Beagle - An Incident Response And Digital Forensics Tool Which Transforms Security Logs And Data Into Graphs

Beagle is an incident response and digital forensics tool which transforms data sources and logs into graphs. Supported data sources include FireEye HX Triages, Windows EVTX files, SysMon logs and Raw Windows memory images. The resulting Graphs can be sent to graph databases such as Neo4J or...

Supported Databases for Virtual Apps and Desktops AND Citrix Provisioning (PVS)

Citrix is committed to ensuring that our products function with the latest Microsoft SQLdatabases.Citrix supplies reasonable efforts to ensure compatibility with upcoming database releases. New versions of supported databases released after our products have been released, must work. However,...

Thousands of Unprotected Kibana Instances Exposing Elasticsearch Databases

In today's world, data plays a crucial role in the success of any organization, but if left unprotected, it could be a cybercriminal's dream come true. Poorly protected MongoDB, CouchDB, and Elasticsearch databases recently got a lot more attention from cybersecurity firms and media lately. More...

Thousands of Unprotected Kibana Instances Exposing Elasticsearch Databases

In today's world, data plays a crucial role in the success of any organization, but if left unprotected, it could be a cybercriminal's dream come true. Poorly protected MongoDB, CouchDB, and Elasticsearch databases recently got a lot more attention from cybersecurity firms and media lately. More...

Apache CouchDB 2.3.1 - Cross-Site Request Forgery Cross-Site Scripting

Apache CouchDB 2.3.1 - Cross-Site Request Forgery Cross-Site Scripting Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download...

CVE-2019-9213

creationtimestamp| type| source ---|---|--- 2019-03-06 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46502 2020-01-22 13:18:14+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/rdsatomicfreeopnullpointerderefprivesc.rb 2020-01-23...

Data Leakage from Encrypted Databases

Matthew Green has a super-interesting blog post about information leakage from encrypted databases. It describes the recent work by Paul Grubbs, Marie-Sarah Lacharité, Brice Minaud, and Kenneth G. Paterson. Even the summary is too much to summarize, so read it...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2019:0251-1 Rating: important References: 1119105 1122983 1125330 Cross-References: CVE-2016-5824 CVE-2018-12405 CVE-2018-17466 CVE-2018-18335 CVE-2018-18356 CVE-2018-18492 CVE-2018-18493 CVE-2018-18494...

[SECURITY] Fedora 29 Update: moby-engine-18.06.0-2.ce.git0ffa825.fc29

Docker is an open source project to build, ship and run any application as a lightweight container. Docker containers are both hardware-agnostic and platform-agnostic. This me ans they can run anywhere, from your laptop to the largest EC2 compute instance and everything in between - and they don'...

Over 92 Million New Accounts Up for Sale from More Unreported Breaches

All these numbers…. "More than 5 billion records from 6,500 data breaches were exposed in 2018" — a report from Risk Based Security says. "More than 59,000 data breaches have been reported across the European since the GDPR came into force in 2018" — a report from DLA Piper says. …came from data...