CVE-2021-41277 GeoJSON URL validation can expose server files and environment variables to unauthorized users

Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map admin-settings-maps-custom maps-add a map support and potential local file inclusion including environment variables. URLs were not validated prior to being...

CVE-2021-41277 GeoJSON URL validation can expose server files and environment variables to unauthorized users

Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map admin-settings-maps-custom maps-add a map support and potential local file inclusion including environment variables. URLs were not validated prior to being...

CVE-2021-41277

Metabase GeoJSON API Local File Inclusion vulnerability (CVE-2021-41277) affects Metabase prior to version 0.40.5/1.40.5, via the custom GeoJSON map feature where URLs were not validated before loading, enabling local file access (including environment variables). Impact described as local file i...

How big data analytics helps enterprises improve cybersecurity

By Owais Sultan Big data analytics can be directed to several use cases, like marketing, talent management, sales forecasting, or in our case, cybersecurity. This is a post from HackRead.com Read the original post: How big data analytics helps enterprises improve cybersecurity...

Data analytics firm exposed 2m Instagram and TikTok users’ data

By Deeba Ahmed The victims of this "data leak" also include celebrities like Alicia Keys, Loren Gray, Kylie Jenner, Ariana Grande, and Kim Kardashian. This is a post from HackRead.com Read the original post: Data analytics firm exposed 2m Instagram and TikTok users data...

Four features your data-centric security strategy must provide

Each year, the number of data breaches grows by 30%, underscoring the need for organizations to make data-centric security a business priority. Following the big data movement around the beginning of the 21st century, technological innovations have enabled companies to manage, store and process...

Microsoft named a Visionary in the 2021 Gartner Magic Quadrant for SIEM for Azure Sentinel

We’re pleased to announce that in its first year of inclusion in the Gartner Magic Quadrant report, Microsoft Azure Sentinel has been named a Visionary, where we were recognized for our completeness of vision for SIEM.1 Gartner has said that “cloud SIEM will be the future of how many organization...

5G Security Vulnerabilities Fluster Mobile Operators

As 5G private networks roll out in the coming years, security may be a key issue for enterprises. A survey released at Mobile World Congress on Monday shows that major gaps persist in security capabilities among mobile operators. Some 68 percent of operators already sell private wireless networks...

Crocus has an unauthorized access vulnerability

Crocus is an energy data analytics platform. An unauthorized access vulnerability exists in Crocus. An attacker can use the vulnerability to bypass permission determination to access functional pages...

From the Data Scientist’s Desk: How to Tune a Model Using Simple Analytics on the Feature Contribution Data

My story: My model looked good. It was as accurate as I wanted it to be and I was happy with it from one experiment to another. When I decided to change the test data set a bit, everything fell apart. Accuracy dropped and I had no clue why. I had to run the test again. And again. Ten tests later,...

LIVE Webinar — The Rabbit Hole of Automation

The concept of automation has taken on a life of its own in recent years. The idea is nothing new, but the current interest in automation is a mix of both hype and innovation. On the one hand, it's much easier today to automate everything from small processes to massive-scale tasks than it's ever...

Judge-Jury-and-Executable - A File System Forensics Analysis Scanner And Threat Hunting Tool

Features: Scan a mounted filesystem for threats right away Or gather a system baseline before an incident, for extra threat hunting ability Can be used before, during or after an incident For one to many workstations Scans the MFT, bypassing file permissions, file locks or OS file...

Akamai Launch Cohort 2 of Accelerator Program for Early-Stage Innovations in Water

Akamai Technologies India Pvt. Ltd. has chosen the grantees for Cohort 2 of Accelerator Program for Early-Stage Innovations in Water. The Accelerator Program enables grantees to ideate their technology-based solutions for water conservation. This year, two grantees -- SmartTerra and Jaljeevika --...

SAP HANA Authentication Bypass Vulnerability (CNVD-2021-18021)

SAP HANA is a set of high-performance real-time data analytics platform from Germany's SAP SAP. The platform provides data query functions to support users to query real-time business data query and analysis. A security vulnerability exists in SAP HANA version 2.0, which stems from the LDAP...

Data analytics firm Polecat data breach – 30TB of data exposed

By Waqas Polecat exposed an Elasticsearch server that wasn't protected with any authentication measures or any form of encryption. This is a post from HackRead.com Read the original post: Data analytics firm Polecat data breach - 30TB of data exposed...

Smartbi Big Data Analytics Platform of Guangzhou Sematic Software Company Limited Has Logic Flaw Vulnerability

Guangzhou Sematic Software Co., Ltd. is a company dedicated to providing one-stop business intelligence solutions for enterprise customers. A logic flaw vulnerability exists in the Smartbi Big Data Analytics Platform of Guangzhou Sematic Software Limited, which can be exploited by attackers to...

Open source data analytics platform CBoard suffers from a command execution vulnerability

Open source data analytics platform CBoard is a big data analytics and visualization solution. A command execution vulnerability exists in CBoard, an open source data analytics platform. An attacker can exploit this vulnerability to gain server privileges...

CVE-2020-24704

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0,...

CVE-2020-24704

An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0,...

CVE-2020-24703

An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2....