CVE-2019-12410

CVE-2019-12410 affects Apache Arrow 0.12.0–0.14.1, where memory for Arrow Arrays could be left uninitialized when reading RLE null data from Parquet. This impacts C++, Python, Ruby, and R implementations and could lead to leaking uninitialized memory if data is transmitted (e.g., Flight) or persi...

Tips to Accelerating PCI Data Security Standard Projects with Deep Security as a Service

Does your organization need to meet PCI DSS requirements? Are you struggling with multiple security tools? Or stretching your already overstretched team to prepare for an audit? Time to hit the accelerator with Trend Micro! If your applications deal with credit or payment card data, you need to g...

ownCloud 10.3.0 stable - Cross-Site Request Forgery Vulnerability

Exploit for linux platform in category web applications Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud...

ownCloud 10.3.0 stable - Cross-Site Request Forgery

Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Date: 2019-10-31 Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud collaboration platform With over 50 million...

IBM Security Guardium Big Data Intelligence Information Disclosure Vulnerability (CNVD-2019-38279)

IBM Security Guardium Big Data Intelligence SonarG is a suite of big data security intelligence solutions from IBM, USA. The solution features interactive data exploration, automated connectivity analysis, and user activity analysis. A security vulnerability exists in IBM Security Guardium Big Da...

Raccoon Malware Scavenges 100,000+ Devices to Steal Data

A new information stealer, dubbed Raccoon, is rapidly gaining popularity with cybercriminals. In just a few months, researchers say the malware has already infected hundreds of thousands of devices across the world to rove through victims’ credit card data, email credentials and more. The malware...

Perimeter Breaches: The attack front you’re losing

Everything is data. Defining your perimeter is nearly impossible, which makes securing it even more tricky. Old strategies are obsolete. How do we navigate and protect our boundaries in an increasingly digital world? The post Perimeter Breaches: The attack front you're losing appeared first on...

Adopting a Risk-Based Approach to Cybersecurity in the Financial Services Industry

Today’s financial organizations face many different risks in volatile and uncertain business environments, but the ever-present threat of cyberattacks and data breaches is now impossible to ignore. For this reason, managing these cyber-risks now has to simply be considered one of the many costs o...

Podcast: Insider Attacks May Soon Cost Less Than Malware-based Equivalent

As it becomes more difficult and expensive to infiltrate environments via malware, cybercriminals may start turning in the future to a more viable and less costly alternative: Insider threats. This podcast is brought to you by Code42. Threatpost talks to Tim Brown, vice president of security at...

Unspecified Vulnerability in Oracle VM VirtualBox (CNVD-2019-37933)

Oracle VM VirtualBox is cross-platform virtualization software for x86 systems. An unspecified vulnerability exists in the Core component of Oracle VM VirtualBox versions prior to 5.2.34 and 6.0.14. An attacker could exploit this vulnerability to compromise confidentiality, integrity, and...

Data in the dark: Data protection

Hyperconnectivity is on the rise and, as a result, corporations' capacity to protect their own and their customers' data becomes more and more limited. Connection takes place over a network, so, as connection increases, that network increases in size...

Twitter Uses Phone Numbers, Emails to Sell Ads

Twitter has acknowledged that user phone numbers and email addresses gathered for security purposes, as part of its two-factor authentication policy, may have been used to sell ads. It calls the move an accident. The revelation is being widely criticized for its obvious breach of user privacy,...

CVE-2011-4076

OpenStack Nova before 2012.1 allows someone with access to an EC2ACCESSKEY equivalent to a username to obtain the EC2SECRETKEY equivalent to a password. Exposing the EC2ACCESSKEY via http or tools that allow man-in-the-middle over https could allow an attacker to easily obtain the EC2SECRETKEY. A...

A week in security (September 23 – 29)

Last week on Labs, we highlighted an Emotet campaign using Snowden’s new book as a lure, discussed how 15,000 webcams are vulnerable to attack, how insurance data security laws skirt political turmoil, and how the new iOS exploit checkm8 allows permanent compromise of iPhones. Other cybersecurity...

phpIPAM 1.4 - SQL Injection

!/usr/bin/env python3 Exploit Title: phpIPAM Custom Field Filter SQL Injection Exploit Announcement Date: September 16, 2019 5:18 AM Exploit Creation Date: September 27, 2019 Exploit Author: Kevin Kirsche Vendor Homepage: https://phpipam.net Software Link:...

Outlook for Web Bans 38 More File Extensions in Email Attachments

Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them. Therefore, to protect its users from malicious scripts and executable,...

Insurance data security laws skirt political turmoil

Across the United States, a unique approach to lawmaking has proved radically successful in making data security stronger for one industry—insurance providers. The singular approach has entirely sidestepped the prolonged, political arguments that have become commonplace when trying to pass federa...

puerto-de-santa-maria-el-1.listado-empresas.es Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-979623 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

How To Keep Your Data Safe When Traveling With A Laptop

By Owais Sultan When we travel, it’s rare we go without some form of electronic device, whether that be our smartphones, tablets or even laptops. This is a post from HackRead.com Read the original post: How To Keep Your Data Safe When Traveling With A Laptop...

Google Calendar Settings Gaffes Exposes Users' Meetings, Company Details

Google has come under fire for a configuration setting tied to its Google Calendar service, which has left hundreds of calendars inadvertently open to the public – and could potentially expose billions more. It’s important to note that no actual vulnerability exists in the settings of Google...