67 matches found
IBM Sterling Partner Engagement Manager 安全漏洞
An information disclosure vulnerability exists in IBM Sterling Partner Engagement Manager version 2.0, an automated management tool from International Business Machines Corporation IBM. The vulnerability stems from inadequate protection of sensitive information and encrypted storage of locally...
Identifying cyberthreats quickly with proactive security testing
The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Matthew Hickey,...
Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei, a Chinese company that provides a microkernel-based, fully distributed operating system. Huawei HarmonyOS is vulnerable to an information disclosure vulnerability caused by insufficient protection of sensitive information in the interface of th...
U.S. Dept Of Defense: Authentication bypass leads to Information Disclosure at U.S Air Force "https://███"
Hi Hackerone Triage team, I'm new in this program, what i understood that every Web Owned/Operated by DoD is in scope , so i did some google searches , exactly in wikipedia and i've find this PNG that confirms that U.S Air Force is in scope :...
PT-2022-4272 · Microsoft · Windows Defender +1
Name of the Vulnerable Software and Affected Versions: Windows Defender affected versions not specified Description: The issue is related to a lack of protection for sensitive data in Windows Defender, which could allow an attacker to obtain unauthorized access to protected information. This coul...
PT-2022-4273 · Microsoft · Windows Defender +1
Name of the Vulnerable Software and Affected Versions: Windows Defender affected versions not specified Description: The issue is related to a lack of protection for sensitive data in Windows Defender, which could allow an attacker to obtain unauthorized access to protected information. This may...
The Benefits of Including Static Data Masking in Your Security Arsenal
Static data masking SDM is defined as, “The act of permanently replacing sensitive data at rest with a realistic fictional equivalent for the purpose of protecting data from unwanted disclosure.” Industry analysts characterize SDM as a must-have data protection layer capable of protecting large...
MGASA-2022-0239 Updated 389-ds-base packages fix security vulnerability
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows...
New research reveals that one third of all log-in attempts on eCommerce sites are malicious
What do humans and bots have in common? A love for visiting online shopping sites: more than half 57% of all attacks on retail websites in 2021 were carried out by bots, compared to 33% for all other industries. It gets worse: a third of all log-in attempts on retail eCommerce websites are accoun...
PT-2021-6961 · Microsoft · Accessibility Insights For Android
Name of the Vulnerable Software and Affected Versions: Microsoft Accessibility Insights for Android affected versions not specified Description: The issue is related to a lack of protection for sensitive data. Exploitation of this issue may allow an attacker to gain unauthorized access to protect...
SUSE: Security Advisory (SUSE-SU-2017:0899-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Can Nanotech Secure IoT Devices From the Inside-Out?
Another day, another incident of internet-of-things IoT gadgets falling flat on their faces and spilling users’ privacy, if not getting hooked into a botnet, used for cryptomining or opening a network backdoor that allows intruders to move laterally through a network. It’s only Wednesday, but...
The vulnerability of the SeaMonkey web browser software lies in the lack of protection for sensitive data, which allows attackers to gain unauthorized access to protected information.
The vulnerability of the SeaMonkey web browser lies in the lack of protection for sensitive data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
OPENSUSE-SU-2020:1678-1 Security update for crmsh
This update for crmsh fixes the following issues: - Fixed startdelay with start-delaybsc1176569 - fix onfail should be on-failbsc1176569 - config: Try to handle configparser.MissingSectionHeaderError while reading config file - uiconfigure: Obscure sensitive data by defaultbsc1163581 This update...
Zero Trust: From security option to business imperative overnight
Not long ago when I spoke with customers about Zero Trust, our conversations focused on discussing the principles, defining scope, or sharing our own IT organization’s journey. Zero Trust was something interesting to learn about, and most organizations were very much in the exploratory phase. As...
CVE-2019-17644
CVE-2019-17644 affects Centreon versions before 2.8-30, 18.10-8, 19.04-5, and 19.10-2. An unauthenticated direct request to include/configuration/configObject/host/refreshMacroAjax.php permits disclosure of sensitive information. Root cause is improper access control on the host macro refresh end...
Google Advises Android Developers to Encrypt App Data On Device
Google today published a blog post recommending mobile app developers to encrypt data that their apps generate on the users' devices, especially when they use unprotected external storage that's prone to hijacking. Moreover, considering that there are not many reference frameworks available for t...
Why all organizations must better protect sensitive data
About two weeks ago, National Cybersecurity Awareness Month NCSAM kicked off with a new message stressing personal responsibility for users keeping themselves safe online: “Own IT. Secure IT. Protect IT.” NCSAM asked users to consider best practices for both securing their own devices and...
SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0899-1)
This update for php7 fixes the following issues: Security issue fixed : - CVE-2015-8994: code permission/sensitive data protection vulnerability bsc1027210. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...
Jelastic 5.4 - host SQL Injection
Jelastic 5.4 - host SQL Injection Exploit Title: Jelastic 5.4 - 'host' SQL injection Google Dork: N/A Date: date Exploit Author: Procode701 Vendor Homepage: https://jelastic.com/ Software Link: https://jelastic.com/ Version: 5.4 Tested on: Kali Linux CVE : N/A POC: The application...