178 matches found
CVE-2019-11892
A potential improper access control vulnerability exists in the JSON-RPC interface of the Bosch Smart Home Controller SHC before 9.8.905 that may result in reading or modification of the SHC's configuration or triggering and restoring backups. In order to exploit the vulnerability, the adversary...
4 tried-and-true prevention strategies for enterprise-level security
Why is it that dentists advise people over and over to floss, yet so few do it? It only takes a minute of your time, yet if you’re running late or feeling tired, you may be tempted to skip it. That is until you remember your upcoming teeth cleaning appointment. There is nothing like the memory of...
How to Recover Lost or Deleted Files?
Have you ever lost your important files, like memories or official documents, accidentally or maliciously? Adding more... when you even do not have any backup for the same. Unfortunate, right? We've all been there. Just last week I formatted my computer and later found that I didn't have any back...
Path traversal
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing t...
How to Delete Hosting Connection configured in Citrix Studio
Deleting a connection can result in the deletion of large numbers of machines and loss of data. Ensure that user data on affected machines is backed up or no longer required. Before deleting a connection, ensure that: All users are logged off from the machines stored on the connection. No...
Security Bulletin: Privilege Escalation Vulnerability in the FlashCopy Manager for VMware GUI (CVE-2013-6714)
Summary In customer environments that utilize VMware restricted users, users of the Tivoli Storage FlashCopy Manager: FlashCopy Manager for VMware GUI can back up and restore VMs that they are not authorized to access. Vulnerability Details CVE ID: CVE-2013-6714 DESCRIPTION: In customer...
Linux server discovered bitcoin extortion event, do a good Four Points from a loss-vulnerability warning-the black bar safety net
Following the Windows encountered ransomware virus after the Linux server was bitcoin extortion cases have occurred, you think to pay a ransom just to end? Important warning Recently, Tencent cloud security team monitoring to the cloud on a Linux server began to appear bitcoin extortion event, th...
Arbitrary file download vulnerability in phpwechat version 1.1.6
phpWechat is a free and open source microsoft public platform management system. An arbitrary file download vulnerability exists in phpwechat version 1.1.6 at the data backup, which can be exploited by an attacker to download arbitrary files from the server, such as script code, service and syste...
Cybersecurity New Year’s resolutions, you say? Why not.
It's mid-January, and oh, how time flies. It wasn’t long since we bid farewell to 2017 and welcomed the new year with renewed hope and vigor. Of course, with such positivity comes a sense of an equally favorable outlook for the year ahead. However good that may sound, being faced with a tabula ra...
Microsoft offers several mechanisms to protect against ransomware
The start of a new year is the perfect time to reassess your security strategy and tactics especially when looking back at the new levels of ransomwares reach and damage in 2017. Its no secret that ransomware attacks are increasing. In fact, a business is hit with ransomware every 40 seconds. If...
Huawei Changsha 5S Information Disclosure Vulnerability
The Huawei Changshare 5S is a smartphone from the Chinese company Huawei Huawei. An information disclosure vulnerability exists in Huawei 畅享5S. Attackers have successfully exploited the vulnerability to cause information leakage by tricking users into installing a carefully constructed applicatio...
Multiple Lenovo VIBE phones elevation of privilege vulnerability
Android 6.0 Marshmallow is a Linux-based open source operating system developed by Google and the Open Handset Alliance OHA in the U.S. The Lenovo A2010-a and other smartphone products from China's Lenovo use the Android 6.0 Marshmallow operating system. The Lenovo A2010-a is a smartphone from...
CVE-2017-3750
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749...
CVE-2017-3749
On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750...
CVE-2017-3750
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749...
Web Hosting Company Pays $1 Million to Ransomware Hackers to Get Files Back
South Korean web hosting provider has agreed to pay $1 million in bitcoins to hackers after a Linux ransomware infected its 153 servers, encrypting 3,400 business websites and their data, hosted on them. According to a blog post published by NAYANA, the web hosting company, this unfortunate event...
Why you have to move beyond “We have a policy for that”
Ive never been a big fan of - or have believed in the value of - security policies. Sure, theyre necessary for setting expectations and auditors want to see them. They can also serve as a sort of insurance policy to fall back on when an unexpected security "event" occurs. But, at the end of the...
First Android-Rooting Trojan With Code Injection Ability Found On Google Play Store
A new Android-rooting malware with an ability to disable device’ security settings in an effort to perform malicious tasks in the background has been detected on the official Play Store. What's interesting? The app was smart enough to fool Google security mechanism by first pretending itself to b...
FTC Recommends Steps to Protect Against Mobile Phone Theft
The Federal Trade Commission FTC has released an alert about the theft of mobile phones and the best way to prepare for and recover from this kind of theft. Precautionary steps include regularly backing up the data on the phone, using strong passwords, and using two-factor authentication on any...
Fastspot BigTree CMS Unauthorized Operation Vulnerability
Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. An unauthorized operation vulnerability exists in Fastspot BigTree CMS version 4.2.18 and earlier, which stems from the program failing to prevent a user from deleting thei...