12 matches found
EUVD-2023-40427
Malicious code in bioql PyPI...
The US Is Building a One-Stop Shop for Buying Your Data
Plus: A mysterious hacking group’s secret client is exposed, Signal takes a swipe at Microsoft Recall, Russian hackers target security cameras to spy on aid to Ukraine, and more...
CVE-2023-36467
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue...
Ta-da Raises $3.5M to Build Out Its AI Data Marketplace
By Owais Sultan AI data marketplace Ta-da has announced the completion of a $3.5M funding round. A number of leading blockchain… This is a post from HackRead.com Read the original post: Ta-da Raises $3.5M to Build Out Its AI Data Marketplace...
Remote code execution
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue...
CVE-2023-36467 AWS data.all vulnerable to RCE through user injection of Python Commands
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue...
CVE-2023-36467 AWS data.all vulnerable to RCE through user injection of Python Commands
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue...
CVE-2023-36467 AWS data.all vulnerable to RCE through user injection of Python Commands
AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. data.all versions 1.2.0 through 1.5.1 do not prevent remote code execution when a user injects Python commands into the ‘Template’ field when configuring a data pipeline. The issue...
FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones
The U.S. Federal Trade Commission FTC on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "wealth of information" about users b...
Hackers Behind Cuba Ransomware Attacks Using New RAT Malware
Threat actors associated with the Cuba ransomware have been linked to previously undocumented tactics, techniques and procedures TTPs, including a new remote access trojan called ROMCOM RAT on compromised systems. The new findings come from Palo Alto Networks' Unit 42 threat intelligence team,...
A week in security (June 6 – June 12)
Last week on Malwarebytes Labs: FBI warns of scammers soliciting donations for Ukraine Microsoft autopatch is here…but can you use it? Prometheus ransomwares flaws inspired researchers to try to build a near-universal decryption tool Rotten apples banned from App store Hackers can take over...
SSNDOB stolen data marketplace shut down by global law enforcement operation
The United States Department of Justice has announced a major takedown of a criminal marketplace that traded Personally Identifiable Information PII. Not just any old marketplace; this was a major, years-long operation with several failsafes to prevent permanent takedown. It took quite the...