71 matches found
Red Hat JBoss Enterprise Application Platform 7.x < 7.2.5 Multiple Vulnerabilities
The version of Red Hat JBoss Enterprise Application Platform EAP installed on the remote host is 7.x prior to 7.2.5. It is therefore, affected my multiple vulnerabilities as referenced in the RHSA-2019:4021 advisory: - undertow: HTTP/2: large amount of data requests leads to denial of service...
CVE-2018-20981
The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...
Telcos Singled Out for Prioritizing Government Requests for Data Over Privacy
Telecommunications giants don’t seem to have any interest in shaking their legacy of complicity with government requests for user data. The Electronic Frontier Foundation’s latest Who Has Your Back report singles out AT&T, Verizon, T-Mobile and Comcast as its lowest performers, saying that the...
Google Handles Record Number of Government Requests for Data
Google fielded a record number of government requests for user data during the first half of 2016, according to its updated Transparency Report. It was also able to report that it received at least one National Security Letter during the six months between July and December 2015. “Pursuant to the...
Snapchat: Bypassing "You've requested your data the maximum number of times today." + "Please Verify an email address with snapchat to continue"
Hello Again , I found an 2 issues in accounts.snapchat.com/accounts/downloadmydata - The first one : Bypassing The maximum number of Data Requests per day and download the Account Data any time the Attacker wants. - The Second : Download The Account Data without any Email verification. Requiremen...
Microsoft Sues US Govt Over Unconstitutional Secret Data Requests
Microsoft is suing the Department of Justice DoJ to protest the gag order that prevents technology companies from telling their customers when their cloud data is handed over to authorities. In layman's terms, the Electronic Communications Privacy Act ECPA allows the government to issue gag order...
Requests for Yahoo User Data Spiked After Paris Terror Attacks
Yahoo’s latest transparency report, published today, reflects a spike in government and law enforcement requests for user data following the Paris terrorist attacks of Nov. 13. The attacks resulted in the deaths of 130 people and injuries to more than 350 others; the situation remains fluid with...
National Security Letter Attachment Details
While the Snowden documents have demystified the intelligence community’s hacking abilities, few specifics are known about National Security Letters, law enforcement’s most powerful tool to compel telecommunications and Internet service providers to turn over a broad scope of user data, and which...
Latest Microsoft Transparency Report Details Content Removal Requests
Microsoft launched a new transparency website this week that bundles reports detailing requests for data the company has received, including those from law enforcement, the government, and elsewhere. The page, which Microsoft is calling its Transparency Hub, is somewhat similar to what Apple did...
Yahoo Transparency Report Shows Requests for Data Up
Yahoo this week published its transparency report for the first six months of the year and the numbers indicate that government requests for data on its users are up slightly after sharp dropoff for the report covering the last six months of 2014. Yahoo said that it received 5,221 government data...
Amazon Transparency Report Shows Few Requests For User Data
Amazon has released its first transparency report, and for a company as large as Amazon, there is surprisingly little in the way of detail or explanation in the report. The company reported that it received 813 subpoenas, 25 search warrants, and 0-249 national security requests. Of the 813...
Linux kernel OZWPAN driver denial of service vulnerability (CNVD-2015-03716)
Linux kernel is an open source operating system.OZWPAN is one of the drivers for receiving, parsing and forwarding network packets. A security vulnerability in the 'ozusbhandleepdata' function in the file drivers/staging/ozwpan/ozusbsvc1.c of the Linux kernel OZWPAN driver allows remote attackers...
Snapchat Publishes First Transparency Report
Snapchat has released its first transparency report, covering a four-month period from November through February, and the data shows that the company didn’t receive any National Security Letters and got fewer than 400 total requests for data from the United States government. Snapchat, a Californ...
JSONP Callback Attack
Overview Affected versions of this package are vulnerable to JSONP Callback Attack. JSONP JSON with padding is a method used to request data from a server residing in a different domain than the client. Any url could perform JSONP requests, allowing full access to the browser and the JavaScript...
September 2014 Yahoo Transparency Report
There was less clamor from governments and law enforcement around the world for data collected and stored by Yahoo, but nonetheless, the technology giant still fielded more than 18,000 data requests over the first six months of the year. Yahoo yesterday released its third Transparency Report, and...
Microsoft Calls for NSA Surveillance Reforms
On the anniversary of the first news reports on NSA surveillance, Microsoft general counsel Brad Smith seized the opportunity to draw a line in the sand with the U.S. government. Smith challenged the government curtail surveillance because it’s hurting business and impaling privacy and civil...
After a Turbulent Year, Still Some Optimism in the Security World
SAN FRANCISCO–Despite all of the revelations and accusations and recriminations in the security industry in the last year, Microsoft’s Scott Charney said he is still optimistic about the industry’s ability to defend users. However, that optimism is tempered by concern about the threats those user...
Verizon Releases First Transparency Report, Says Government Requests INcreasing
After months of public calls from privacy advocates and security experts, Verizon on Wednesday released its first transparency report, revealing that it received more than 164,000 subpoenas and between 1,000 and 2,000 National Security Letters in 2013. The report, which covers Verizon’s landline,...
AT&T, Verizon Announce Transparency Reports in 2014
One by one, the telecommunications giants at the heart of the NSA surveillance scandal are relenting to shareholder pressure and public demands for them to publish reports on government requests for user data. On Friday Verizon and AT&T announced their intent to begin producing transparency repor...
kernel: ansi_cprng: off by one error in non-block size request
Off-by-one error in the getprngbytes function in crypto/ansicprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the...