Critical Actions to Finalize Your GDPR Compliance Program

Starting May 25, 2018, enforcement begins for the new EU General Data Protection Regulation GDPR and its heightened principles and requirements regarding data privacy, data processing, and data security. The newly revised regulation applies to organizations doing business in the European Union or...

Cobub Razor 0.8.0 - SQL injection

Exploit Title: Cobub Razor 0.8.0 SQL injection Vulnerability Date: 2018-04-16 Exploit Author: Kyhvedn（[email protected]、[email protected]） Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8057 The string of the 'channelname'...

SQL Injection Vulnerability in Website Construction System of Anhui Keyai Network Technology Co.

Ltd. is a state-recognized "double-soft" and "double-high" enterprise specializing in software product development, smart card integration and application, and IDC data center service. The website construction system of Anhui Keyai Network Technology Co., Ltd. suffers from SQL injection...

Hacker Can Steal Data from Air-Gapped Computers through Power Lines

Do you think it is possible to extract data from a computer using its power cables? If no, then you should definitely read about this technique. Researchers from Israel's Ben Gurion University of the Negev—who majorly focus on finding clever ways to exfiltrate data from an isolated or air-gapped...

NIST Cybersecurity Framework Series Part 5: Recover

The best way to stop a cyber attack is to prevent it from taking place in the first place. While this is certainly true, the level of sophistication and persistence seen among today's hackers can often negate this strategy. A proactive approach to data security is an absolute must, but chief...

CVE-2018-2409

Improper session management when using SAP Cloud Platform 2.0 Connectivity Service and Cloud Connector. Under certain conditions, data of some other user may be shown or modified when using an application built on top of SAP Cloud Platform...

Ongoing Threat of Ransomware

NCCIC has observed an increase in ransomware attacks across the world. Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected...

CVE-2017-14466

CVE-2017-14466 affects Rockwell Automation Allen-Bradley Micrologix 1400 Series B FRN 21.2 and earlier. The root cause is improper access control in data, program, and function file permissions, enabling unauthenticated packets to write to filetype 0x03 and overwrite the Master Password, potentia...

CVE-2017-14462

CVE-2017-14462 affects Allen-Bradley MicroLogix 1400 Series B FRN 21.2 and earlier. The issue is an improper access-control in data, program, and function file permissions that lets unauthenticated, remote attackers send crafted packets to read/write files, disclose sensitive information, modify ...

CVE-2017-14468

CVE-2017-14468 is an improper access control vulnerability affecting the Allen-Bradley MicroLogix 1400 Series B FRN 21.2 and earlier. The flaw resides in the data, program, and function file permissions, allowing unauthenticated packets to trigger reads/writes that disclose sensitive information,...

CVE-2017-14464

The CVE-2017-14464 entry concerns an unauthenticated access-control vulnerability in Allen-Bradley MicroLogix 1400 Series B FRN 21.2 and earlier. The data, program, and function file permissions allow a specially crafted packet to trigger read/write operations that disclose sensitive information,...

Panerabread.com breach could have impacted millions

Customers who signed up for a Panerabread.com account in order to order fast-casual baked goods may want to guard their dough. Security researcher Brian Krebs reported yesterday that the website for the bakery chain leaked millions of customer records, including names, emails, physical addresses,...

The data breach epidemic: no info is safe

By now it’s obvious that data security technology and protocols haven’t kept pace with the needs of consumers. Even as more people trust their most sensitive personal information to online apps and services, databases are routinely exposed. In 2017 alone, we learned about massive data breaches fr...

imperva-data-security.com XSS vulnerability

Open Bug Bounty ID: OBB-588720 Description| Value ---|--- Affected Website:| imperva-data-security.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-16242

CVE-2017-16242 affects MECO USB Memory Stick with Fingerprint MECOZiolsamDE601. A hardware-based vulnerability allows bypass of fingerprint authentication: an attacker with physical access can send a static packet over a PCB serial port to unlock the key and access data without the fingerprint. S...

Facebook CEO Vows to ‘Step Up’ After Cambridge Analytica ‘Mistakes’

Facebook CEO Mark Zuckerberg on Wednesday broke his silence on the Cambridge Analytica debacle that has unfolded over the past week, admitting “we made mistakes”. He vowed to step up to the plate when it comes to delivering better data security to Facebook users. “We have a responsibility to...

Walmart Jewelry Partner Exposes Personal Data Of 1.3M Customers

A misconfigured Amazon S3 Simple Storage Service bucket, managed by a Walmart jewelry partner, left personal details and contact information of 1.3 million customers exposed to the public internet. The S3 repository containing a MSSQL database backup belongs to MBM Company, a Chicago, Ill.-based...

Warning – 3 Popular VPN Services Are Leaking Your IP Address

Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data. VPN, or Virtual Private Network, is a great way to protect your daily online activities that work by encrypting your data and boosting security, as well as...

GrayKey iPhone unlocker poses serious security concerns

Ever since the case of the San Bernadino shooter pitted Apple against the FBI over the unlocking of an iPhone, opinions have been split on providing backdoor access to the iPhone for law enforcement. Some felt that Apple was aiding and abetting a felony by refusing to create a special version of...

datacentrumgids.nl XSS vulnerability

Open Bug Bounty ID: OBB-580025 Description| Value ---|--- Affected Website:| datacentrumgids.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...