Boys Town Healthcare Data Breach Exposed Personal Details of Patients

Another day, Another data breach! This time-sensitive and personal data of hundreds of thousands of people at Boys Town National Research Hospital have been exposed in what appears to be the largest ever reported breach by a pediatric care provider or children's hospital. According to the U.S...

CVE-2018-14608

Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. Specifically, it stores customer data in unique directories...

CVE-2018-14608

Thomson Reuters UltraTax CS 2017 for Windows is affected by CVE-2018-14608. The vulnerability stems from storing customer data in plaintext in unique directories under %install_path%\WinCSI\UT17DATA\client_ID\file_name.XX17, which can be bypassed without authentication by inspecting the strings i...

CVE-2018-14607

CVE-2018-14607/14608 apply to Thomson Reuters UltraTax CS 2017 for Windows in a client/server setup. The issue is that customer records and bank account numbers are transferred in cleartext over SMBv2, enabling network sniffing and potential MITM attacks; the disclosed data includes full names, S...

Unspecified Vulnerability in Oracle Sun Systems Products Suite Sun ZFS Storage Appliance Kit Component (CNVD-2019-36185)

Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation.Sun ZFS Storage Appliance Kit AK is one of the ZFS storage appliance kits. A security vulnerability exists in the API frameworks subcomponent of the Sun ZFS Storage AK prior to version 8.7.18 component of...

CVE-2018-3048

Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications subcomponent: Core module. Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network...

Design/Logic Flaw

Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite subcomponent: Core. The supported version that is affected is 16.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera Unifier. Successf...

CVE-2018-3003

Vulnerability in the Oracle Hospitality Cruise Fleet Management System component of Oracle Hospitality Applications subcomponent: Fleet Management System Suite. The supported version that is affected is 9.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the...

CVE-2018-3025

CVE-2018-3025 is a vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (Payments Core). Affected versions are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. The flaw is exploitable by a low-privilege attacker over HTTP with network access, leading to poten...

CVE-2018-3050

CVE-2018-3050 affects the Oracle Financial Services Applications’ Banking Corporate Lending component (subcomponent: Core module). Affected versions are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. The vulnerability enables a low-privilege attacker with network access via HTTP to compromise Oracle ...

CVE-2018-3066

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Options. Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocol...

Unspecified Vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management (CNVD-2018-24116)

Oracle Construction and Engineering Suite is a suite of portfolio management solutions for construction projects from Oracle Corporation.Primavera P6 Enterprise Project Portfolio Management P6 is one of the components for planning, managing and executing projects. Primavera P6 Enterprise Project...

800K Patient Records At Issue in ProCare Health Snafu

Four healthcare IT companies are warning that one of New Zealand’s largest networks of family doctors, nurses and general practice teams has been storing hundreds of thousands of patient records containing personally identifiable information PII – without the knowledge or consent of the data...

data.dlf.org.uk XSS vulnerability

Open Bug Bounty ID: OBB-648438 Description| Value ---|--- Affected Website:| data.dlf.org.uk Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

What’s The Deal with Application Control?

Enterprise use of application control, on at least some PCs, will increase from 30% in 2017 to over 50% by 2022. It’s no secret that application control is one of the most effective ways to ensure the privacy and security of data. By allowing only preapproved files to run, application control has...

Can we trust our online project management tools?

How would you feel about sharing confidential information about your company on Twitter or Facebook? That doesn’t sound right, does it? So, in a corporate life where we keep our work calendars online, and where we work together on projects using online flow-planners and online project management...

Back to Basics: Let’s Forget About the GDPR… For A Moment

At this point it’s fairly safe to assume that most everyone in the business of “data” has heard of the European Union EU-wide General Data Protection Regulation GDPR that was signed into law in late April 2016; with the compliance deadline having come into effect on May 25, 2018. Clearly, this ne...

Casper: Mixed content issues on the site https://casper.com

Hello. While browsing the site https://casper.com found a mixed content error on the site with HTTPS. This error is located at https://casper.com/faqs/resources/the-best-positions-for-sleeping/. 8 images are uploaded to the site via HTTP. What warns the browser Google Chrome. F314123 Impact If th...

Major data breaches at Adidas, Ticketmaster pummel web users

There's been a number of data breaches and accidental data exposures coming to light in the last few days, and no matter where in the world you happen to be located, you'll want to do some due diligence and see if you've been affected. These aren't small fishes being preyed upon by black hats;...

CVE-2017-18342

In PyYAML before 5.1, the yaml.load API could execute arbitrary code if used with untrusted data. The load function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function...