A week in security (July 4 – July 10)

Last week on Malwarebytes Labs: My Body, My Data Act would lock down reproductive and sexual health data "Free UK visa" offers on WhatsApp are fakes HackerOne insider fired for trying to claim other people’s bounties Update now! Chrome patches ANOTHER zero-day vulnerability Cloud-based malware is...

4 ways businesses can save money on cyber insurance

So, your business has just suffered a data breach and it’s time to dig deep in your pockets to pay all the resulting expenses. Without cyber insurance, you can expect to pay a dizzying amount of cash. In 2022 alone, the average cost of a data breach for businesses under 1,000 employees was close ...

vertexinsurance.com Cross Site Scripting vulnerability OBB-2683282

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ukcreditinsurance.com Cross Site Scripting vulnerability OBB-2683020

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

clearblueinsurancegroup.com Cross Site Scripting vulnerability OBB-2667957

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Can Business Cybersecurity Protection Outlay Offset Cybercrime Insurance?

What is cybercrime insurance? Business cybersecurity protection cybercrime insurance safeguards organizations from any financial losses relating to damage to or loss of information from, networks and IT systems. This may include reputation loss, the cost of business interruption, infringement of...

MAL-2022-6578 Malicious code in tinkoff-insurance-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4543f1f8fbdaa3b807b9203d7960293f14874c41610189b62d2b6f672bb033c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in tinkoff-insurance-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4543f1f8fbdaa3b807b9203d7960293f14874c41610189b62d2b6f672bb033c6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Do You Have Ransomware Insurance? Look at the Fine Print

Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the...

Heap overflow

NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without...

CVE-2021-45918

CVE-2021-45918 affects NHI’s health insurance web service component, where insufficient validation of input string length can cause a heap-based buffer overflow. The vulnerability is exploitable remotely over a network with no authentication and low attack complexity, potentially flooding the pro...

CVE-2021-45918 NHI’s health insurance web service component – Heap-based Buffer Overflow

NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without...

CVE-2021-45918

NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without...

PT-2022-12468 · Unknown · Nhi'S Health Insurance Web Service

Name of the Vulnerable Software and Affected Versions: NHI's health insurance web service component affected versions not specified Description: The issue is related to insufficient validation for input string length in the health insurance web service component, which can lead to a heap-based...

National Health Insurance 缓冲区错误漏洞

National Health Insurance NHI is a health insurance program health insurance card in Taiwan, China. National Health Insurance has a security vulnerability that originates from insufficient validation of input string length. A remote attacker could exploit the vulnerability to flood memory space...

Cyber Risk Retainers: Not Another Insurance Policy

The one-two punch of a cyberattack can be devastating. There is the breach and then the related mitigation costs. Implementing a comprehensive Incident Response IR gameplan into a worst-case-scenario should not be a post-breach scramble. And when that IR strategy includes insurance, it also must...

insurance.ks.gov Cross Site Scripting vulnerability OBB-2623083

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Insurance Management System SQL Injection Vulnerability (CNVD-2022-85117)

Insurance Management System is an insurance management system from the personal developer Angel Jude Reyes Suarez. Insurance Management System 1.0 is vulnerable to SQL injection, which could be exploited by attackers to obtain information about data in the target system...

Insurance Management System SQL Injection Vulnerability (CNVD-2022-85116)

Insurance Management System is an insurance management system from the personal developer Angel Jude Reyes Suarez. Insurance Management System 1.0 is vulnerable to SQL injection, which could be exploited by attackers to obtain information about data in the target system...

Insurance Management System SQL Injection Vulnerability (CNVD-2022-85119)

Insurance Management System is an insurance management system from the personal developer Angel Jude Reyes Suarez. Insurance Management System 1.0 is vulnerable to SQL injection, which could be exploited by attackers to obtain information about data in the target system...