12 matches found
EUVD-2022-25046
Malicious code in bioql PyPI...
CVE-2022-1765
The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks due to copyright violations or licensing rules...
Meta sent cease and desist letter over AI training
EU privacy advocacy group NOYB has clapped back at Meta over its plans to start training its AI model on European users' data. In a cease and desist letter to the social networking giant's Irish operation signed by founder Max Schrems, the non-profit demanded that it justify its actions or risk...
Cross site request forgery (csrf)
The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks due to copyright violations or licensing rules...
CVE-2022-1765 Hot Linked Image Cacher <= 1.16 - Image upload/cache abuse via CSRF
The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks due to copyright violations or licensing rules...
WordPress plugin Hot Linked Image Cacher 跨站请求伪造漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress plugin Hot Linked Image Cacher version 1.16 and prior versions, which stems fro...
The Legal Risks of Security Research
Sunoo Park and Kendra Albert have published "A Researcher’s Guide to Some Legal Risks of Security Research." From a summary: Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions DMCA §1201, electronic privacy law ECPA, and cryptography export...
Adversarial Machine Learning and the CFAA
I just co-authored a paper on the legal risks of doing machine learning research, given the current state of the Computer Fraud and Abuse Act: Abstract: Adversarial Machine Learning is booming with ML researchers increasingly targeting commercial ML systems such as those used in Facebook, Tesla,...
Sodinokibi ransomware gang auctions off stolen data
Is it legal to buy stolen data from criminals? In most countries the answer would be no. But will it lead to a penalty or a fine? That is a different question and I’m afraid some companies and organizations will be inclined to seriously consider the last question even when they know the answer to...
Yahoo Tells SEC Executives Failed to Act on Breach
Yahoo’s quarterly SEC filings have been the only window into the massive data breaches that have exposed more than 1.5 billion records in the past four years. This week, Yahoo’s Q4 2016 filing was made public, and the view got uglier. The company admitted to the SEC and its investors that its...
Citing Wassenaar, HP Pulls out of Mobile Pwn2Own
More evidence of the potential chilling effect the Wassenaar Arrangement could have on security research surfaced this week when it was revealed HP has decided not to take part in November’s Mobile Pwn2Own hacking contest in Japan. Dragos Ruiu, who organizes the CanSecWest and PacSecWest...
No more free bugs for software vendors
It appears that the free ride is over for software vendors. For years, software makers have benefited from the work done by the community of security researchers who spend days or weeks looking for vulnerabilities and novel ways to break the vendors’ products. This work is virtually always done p...