160 matches found
“Simply staggering” surveillance conducted by social media and streaming services, FTC finds
The US Federal Trade Commission FTC released a report that examines the data collection and use practices of major social media and video streaming services, finding that—and this will not come as a surprise to our regular readers—the companies engaged in vast surveillance of consumers in order t...
CVE-2024-43406
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...
PYSEC-2024-72
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...
CVE-2024-43406 LF Edge eKuiper has a SQL Injection in sqlKvStore
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...
CVE-2024-43406 LF Edge eKuiper has a SQL Injection in sqlKvStore
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...
CVE-2024-43406 LF Edge eKuiper has a SQL Injection in sqlKvStore
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A user could utilize and exploit SQL Injection to allow the execution of malicious SQL query via Get method in sqlKvStore. This vulnerability is fixed in 1.14.2...
Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App
A fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling...
The vulnerability of the SQL engine of the Dell Data Analytics Engine (DDAE) in the Dell Data Lakehouse data storage platform allows a hacker to disclose protected information.
The vulnerability of the SQL engine of the Dell Data Analytics Engine DDAE in the Dell Data Lakehouse data storage platform is related to the lack of data encryption measures. Exploiting this vulnerability could allow a malicious actor to disclose protected information...
Command Execution Vulnerability in Multiple Products of FanSoft Software Co.
Fansoft Software Ltd. is a professional big data BI and analytics platform provider in China. A command execution vulnerability exists in multiple products of SailSoft Software Limited, which can be exploited by attackers to gain control of a server...
The Importance of Bot Management in Your Marketing Strategy
Marketing teams need a comprehensive bot management solution to address the challenges posed by bot traffic and protect marketing analytics. Bot management is designed to protect marketing efforts from bot-generated invalid traffic by accurately and efficiently classifying traffic and stopping...
Qualys Launches MSSP Portal to Empower Managed Security Service Providers
In the words of Sun Tzu, In the midst of chaos, there is also opportunity. This aptly captures the essence of todays cybersecurity landscape. Managed Security Service Providers MSSPs stand at the forefront, turning chaos into opportunity by securing digital assets across the entire infrastructure...
Arbitrary File Download Vulnerability in Yonghong Z-Suite of Beijing Yonghong Business Intelligence Technology Co.
Yonghong Z-Suite is a one-stop big data analytics platform. Yonghong Z-Suite has an arbitrary file download vulnerability that can be exploited by attackers to obtain sensitive information...
2023 Ransomware Stats: A Look Back To Plan Ahead
Last year was not a year for the faint of heart. Organizations of every size found themselves faced with ransomware attacks at varying levels of sophistication, yet every one of them was damaging. And as we step into 2024, the first victims of ransomware attacks are already being reported. What c...
Exploit for CVE-2023-38646
CVE-2023-38646 PoC Description This is a Proof of Concept...
The vulnerability of the Azure HDInsights data analytics service, related to insufficient access control, allows attackers to escalate their privileges.
The vulnerability of the Azure HDInsight data analytics service is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges through a specially crafted request...
The rise of AI-powered criminals: Identifying threats and opportunities
AIs influence is growing across the security space, bringing with it major implications for cybercriminals and defenders. The recent adoption of AI has raised significant concerns for cybersecurity due to the many ways that criminals can use AI for disruption and profit. Defenders and law...
Smartbi Logic Vulnerability
Smartbi is a one-stop big data analytics platform. Smartbi suffers from a logic vulnerability that can be exploited by an attacker to gain server privileges...
Gergana Karadzhova-Dangela wants to send the ladder back down to the next generation of incident responders
Gergana Karadzhova-Dangela is used to being with users during some of their toughest moments. Today, she spends much of her time responding to active cybersecurity incidents with Cisco Talos Incident Response, helping customers work through active attacks, many of which put personal data or...
CVE-2023-1967
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid...
Design/Logic Flaw
Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid...