CVE-2019-5923

Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

Directory traversal

Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2019-5923

CVE-2019-5923 affects the iChain Insurance Wallet App for iOS (versions 1.3.0 and earlier). The vulnerability is a directory traversal (CWE-22) that could allow a remote attacker to read arbitrary files on the device via unspecified vectors. Root cause described in connected sources points to the...

CVE-2019-5923

Directory traversal vulnerability in iChain Insurance Wallet App for iOS Version 1.3.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors...

iChain Insurance Wallet App for iOS vulnerable to directory traversal

Overview iChain Insurance Wallet App for iOS provided by iChain, Inc. uses the old version of cordova-plugin-ionic-webview, and inherits a directory traversal vulnerability CWE-22, CVE-2018-16202. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/C...

Arbitrary Password Reset Vulnerability in eCar Insurance App

eCar Insurance is a mobile internet car insurance software application platform developed by Chengdu Zhongtong Technology Co. There is an arbitrary password reset vulnerability in eCar Insurance APP, which can be exploited by an attacker to change any user's password...

eCar Insurance Coverage App Has Logic Flaw Vulnerability

eCar Insurance is a mobile Internet car insurance software application platform developed by Chengdu Zhongtong Technology Co. eCar Insurance APP has a logic flaw vulnerability, the vulnerability stems from the SMS verification code in the data return packet plaintext display, the attacker can use...

Cybersecurity Insurance Not Paying for NotPetya Losses

This will complicate things: To complicate matters, having cyber insurance might not cover everyone's losses. Zurich American Insurance Company refused to pay out a $100 million claim from Mondelez, saying that since the U.S. and other governments labeled the NotPetya attack as an action by the...

Cyberinsurance and Acts of War

I had not heard about this case before. Zurich Insurance has refused to pay Mondelez International's claim of $100 million in damages from NotPetya. It claims it is an act of war and therefor not covered. Mondelez is suing. Those turning to cyber insurance to manage their exposure presently face...

CB Customer Spotlight: Q&A with Ritter Insurance Marketing’s Dan McLellan

Dan McLellan is a Network Support Specialist at Ritter Insurance Marketing, and uses the Carbon Black community to increase his security knowledge and share information with his colleagues. Having access to insights from other security professionals has not only shortened the time he spends tryin...

Weblogic Deserialization, Override Access Vulnerability in Zhejiang Insurance Expense Reimbursement System

CR Nebula is an innovative technology company that pioneered the use of mobile internet technology and experience to "elevate" enterprise-level financial management. A weblogic deserialization, override access vulnerability exists in the Zhejiang Insurance Expense Reimbursement System, which can ...

The challenges of adopting a consistent cybersecurity framework in the insurance industry

As hacking events have increased in number and severity, we in the cybersecurity community have united around common strategies that all organizations can implement to reduce their risk. Universal best practices provide organizations with many useful tools to protect their businesses. But what...

allianzeinsurance.com XSS vulnerability

Open Bug Bounty ID: OBB-702441 Description| Value ---|--- Affected Website:| allianzeinsurance.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...

FCC Addresses Robocalling – But Questions Remain

Robocalls and text spam – often in the service of widespread fraud campaigns – continue to persist, dogging consumers despite the existence of the national Do Not Call registry and efforts like the Truth in Caller ID Act. In an effort to alleviate the situation, Federal Communications Commission...

What DNA testing kit companies are really doing with your data

Sarah hovered over the mailbox, envelope in hand. She knew as soon as she mailed off her DNA sample, there’d be no turning back. She ran through the information she looked up on 23andMe’s website one more time: the privacy policy, the research parameters, the option to learn about potential healt...

qualitylifeinsurancequote.com XSS vulnerability

Open Bug Bounty ID: OBB-689872 Description| Value ---|--- Affected Website:| qualitylifeinsurancequote.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...

Obamacare Sign-Up Channel Breach Affects 75K Consumers

A hack of the government’s Affordable Care Act-mandated healthcare exchanges has exposed the files of 75,000 individuals. According to the Centers for Medicare and Medicaid Services CMS, its staff detected “anomalous activity” in the Direct Enrollment pathway on Oct. 13 – with a breach declared...

Personal data of 75,000 individuals exposed after HealthCare.gov system hack

By Waqas Centers for Medicare and Medicaid Services CMS experienced a data breach leading to exposure of highly sensitive personal data of nearly 75,000 people. The CMS is a government system linked with healthCare.gov which assists insurance agents and brokers in helping people register for its...

greedyrates.ca XSS vulnerability

Open Bug Bounty ID: OBB-658665 Description| Value ---|--- Affected Website:| greedyrates.ca Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Boys Town Healthcare Data Breach Exposed Personal Details of Patients

Another day, Another data breach! This time-sensitive and personal data of hundreds of thousands of people at Boys Town National Research Hospital have been exposed in what appears to be the largest ever reported breach by a pediatric care provider or children's hospital. According to the U.S...