184 matches found
T-Mobile Hacked — 2 Million Customers' Personal Data Stolen
T-Mobile today confirmed that the telecom giant suffered a security breach on its US servers on August 20 that may have resulted in the leak of "some" personal information of up to 2 million T-Mobile customers. The leaked information includes customers' name, billing zip code, phone number, email...
Plant Your Flag, Mark Your Territory
Many people, particularly older folks, proudly declare they avoid using the Web to manage various accounts tied to their personal and financial data -- including everything from utilities and mobile phones to retirement benefits and online banking services. The reasoning behind this strategy is a...
Hackers demand $1m ransom after stealing data from 2 Canadian banks
By Uzair Amir Hackers have stolen financial data of thousands of customers - This is a post from HackRead.com Read the original post: Hackers demand $1m ransom after stealing data from 2 Canadian banks...
GDPR Phishing Scam Targets Apple Accounts, Financial Data
A phishing campaign targeting Apple users is attempting to trick victims into updating their profiles under the guise it’s a part of proactive security hardening prepping for the introduction of General Data Protection Regulation GDPR policies set to go into effect on May 25. The phishing...
Calamp.com Incorrect Privilege Assignment
There is also a full write up on https://medium.com/@evstykas/remote-smart-car-hacking-with-just-a-phone-2fe7ca682162 Vulnerability Security Advisory ======================================================================= title: Incorrect Privilege Assignment product: lenderoutlook on...
Cacti cross-site scripting vulnerability (CNVD-2017-32248)
Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the...
LibOFX Tag Parsing Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability...
LibOFX Tag Parsing Code Execution Vulnerability
Summary An exploitable buffer overflow vulnerability exists in the tag parsing functionality of LibOFX 0.9.11. A specially crafted OFX file can cause a write out of bounds resulting in a buffer overflow on the stack. An attacker can construct a malicious OFX file to trigger this vulnerability...
MEDHOST Document Management Information Disclosure Vulnerability
MEDHOST Document Management System is a document management system from the American company MEDHOST. The system manages documents such as user access and audit logs by defining different roles and permissions. A security vulnerability exists in MEDHOST Document Management System, which originate...
MEDHOST Document Management Hardcoded Certificate Disclosure Vulnerability
MEDHOST Document Management System is a document management system from the American company MEDHOST. The system manages documents such as user access and audit logs by defining different roles and permissions. A security vulnerability exists in MEDHOST Document Management System due to a...
MEDHOST Document Management Information Disclosure Vulnerability (CNVD-2017-27413)
MEDHOST Document Management System is a document management system from the American company MEDHOST. The system manages documents such as user access and audit logs by defining different roles and permissions. A security vulnerability exists in MEDHOST Document Management System, which originate...
Hardcoded credentials
MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial...
CVE-2017-11614
MEDHOST Connex contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modify sensitive patient and financial information. Connex utilize...
CVE-2017-11614
CVE-2017-11614 involves MEDHOST Connex hard-coded IBM i DB2 user credentials (HMSCXPDN). The vulnerability arises because the password is embedded in multiple locations in the Connex application and cannot be changed by customers, and the account has elevated DB2 roles enabling access to all obje...
MEDHOST Connex Hard-Coded Credentials
Overview ------------ MEDHOST Connex for all versions contains hard-coded credentials that are used for customer database access. This is a new vulnerability not related to CVE-2016-4328. Description ------------ MEDHOST Connex contains hard-coded credentials that are used for customer database...
IRS Releases Tax-Time Guide
The Internal Revenue Service IRS has released tax-time advice intended to help the public protect their personal and financial data and computers. Recommendations include using strong passwords, backing up files, and using robust security software to help block malware and viruses. Users and...
FBI Most Wanted Fugitive JPMorgan Hacker Arrested in New York
One of the FBI's most wanted hackers who was behind the largest theft of financial data has finally been arrested at the JFK airport in New York. Joshua Samuel Aaron is accused of being part of a hacking group that attacked several major financial institutions, including JPMorgan Chase, and...
Operation Ghoul Targeting Middle Eastern Industrial, Engineering Organizations
Researchers today identified a series of ongoing targeted attacks primarily designed to steal sensitive corporate financial data from industrial and engineering organizations in the Middle East. The group behind the campaign, nicknamed Operation Ghoul by researchers at Kaspersky Lab’s Global...
Seeking Alpha Mobile Financial App Forgoes Encryption
A popular mobile application that provides financial market research material operates without a measure of encryption, putting user information, including credentials and strategic financial interests at risk. The Seeking Alpha mobile app for Android and iOS also leaks everything from HTTP cooki...
Letter of financial built Station System info. php and other file parameters class SQL injection vulnerability
No description provided by source...