CVE-2023-51663

Hail authentication issue (CVE-2023-51663) affects Hail with Hail Batch accounts. Root cause: relying on OIDC email addresses to verify user domain; users can change their emails, enabling creation of Hail Batch accounts in domains they shouldn’t access. Impact stated: attacker cannot access priv...

Apache Doris Authorization Issues Vulnerability

Apache Doris is a modern MPP analytic database product of the U.S. Apache Apache Foundation. Can provide sub-second queries and efficient real-time data analysis. Apache Doris suffers from an authorization issue vulnerability that stems from api /api/snapshot and /api/getlogfile allowing...

The vulnerability of the application programming interface of the interactive data analysis, visualization, and Jupyter Server document creation software allows a perpetrator to gain access to confidential information.

The vulnerability of the application programming interface of the interactive data analysis, visualization, and Jupyter Server document creation software is related to deficiencies in the error reporting mechanism. Exploiting this vulnerability can allow a malicious actor, operating remotely, to...

Using Generative AI for Surveillance

Generative AI is going to be a powerful tool for data analysis and summarization. Heres an example of it being used for sentiment analysis. My guess is that it isnt very good yet, but that it will get better...

CVE-2023-46134

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Prior to version 3.7.0, users hosting D-Tale publicly can be vulnerable to remote code execution, allowing attackers to run malicious code on the server. This issue has been patched in...

Why Cool Dashboards Don’t Equal Effective Security Analytics

Mark Twain once said, “Data is like garbage. You’d better know what you are going to do with it before you collect it.” This statement rings true in todays cybersecurity landscape. Security professionals are inundated with a flood of data, and often, they dont know how to make sense of it. To add...

CVE-2023-42812

Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a...

CVE-2023-42812 Galaxy vulnerable to Server Side Request Forgery during data imports

Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a...

CVE-2023-42812

CVE-2023-42812 affects Galaxy prior to version 22.05, exposing a server-side request forgery (SSRF) where the application server can issue arbitrary HTTP/HTTPS requests to internal hosts and read responses. Public documents consistently describe the vulnerability as a pre-22.05 issue, with 22.05 ...

CVE-2023-42812 Galaxy vulnerable to Server Side Request Forgery during data imports

Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a...

How to Predict Customer Churn Using SQL Pattern Detection

Introduction to SQLs MATCHRECOGNIZE Clause SQL is a great way to perform analysis on your data. It is very common and supported by many database engines including big data solutions. SQL is used in many cases to analyze data in our data lake. However, when it comes to pattern detection, SQL...

Applying AI to License Plate Surveillance

License plate scanners arent new. Neither is using them for bulk surveillance. Whats new is that AI is being used on the data, identifying "suspicious" vehicle behavior: Typically, Automatic License Plate Recognition ALPR technology is used to search for plates linked to specific crimes. But in...

The rise of AI-powered criminals: Identifying threats and opportunities

AIs influence is growing across the security space, bringing with it major implications for cybercriminals and defenders. The recent adoption of AI has raised significant concerns for cybersecurity due to the many ways that criminals can use AI for disruption and profit. Defenders and law...

Updated Researcher Portal Submission Form: Discover the New Fields in the Submission Form

Summary: We are excited to announce the release of the updated Researcher Portal submission form. These new fields allow Security Researchers to provide additional context for the reported security issue, providing product teams with more data for analysis, gain insights and identify trends acros...

Q2-2023 API ThreatStats™ Report: API Exploits Are Everywhere: from NVIDIA to Reddit and more!

Our Q2-2023 API ThreatStats™ report is out. It provides API builders, defenders, breakers, and decision-makers with a comprehensive look at the API security vulnerabilities, threats and exploits reported this past quarter. This report provides everyone involved in API development, security and...

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...

CVE-2023-28387

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app and to obtain API key for an external service...

CVE-2023-28387

The CVE-2023-28387 entry concerns the NewsPicks mobile apps for Android (versions 10.4.5 and earlier) and iOS (versions 10.4.2 and earlier) that hard‑code credentials, enabling a local attacker to access app data and potentially obtain an API key for an external service. Affected components are t...

CVE-2023-35164

CVE-2023-35164 (DataEase) involves a missing authorization check in DataEase prior to version 1.18.8, allowing unauthorized users to manipulate dashboards created by an administrator. The issue affects versions before 1.18.8; the vulnerability is fixed in 1.18.8. In-scope impact is partial on int...

CVE-2023-25946

Authentication bypass vulnerability in Qrio Lock Q-SL2 firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary operation under certain conditions...