CVE-2017-15209

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user...

Equifax Breach Fallout: Your Salary History

In May, KrebsOnSecurity broke a story about lax security at a payroll division of big-three credit bureau Equifax that let identity thieves access personal and financial data on an unknown number of Americans. Incredibly, this same division makes it simple to access detailed salary and employment...

CVE-2017-9792

CVE-2017-9792 affects Apache Impala (incubating) before 2.10.0. A user with ALTER privileges on an Impala table can bypass authorization by turning a non-external Kudu table into external mode and altering the underlying mapping to point at other Kudu tables, potentially accessing data across tab...

September 18, 2017 – Morning Cyber Coffee Headlines – “Emmys” Edition

Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! September 18, 2017 - Headlines Carbon Black in the News: Worry about the spies,...

Equifax aftermath: How to protect against identity theft

Who here is scrambling around in the aftermath of the recent breach at Equifax to figure out if you've been compromised? Who here is wondering what to do about it if you are? If you're one of the 143 million Americans whose data was accessed by cybercriminals, then you probably raised your hand...

Multiple flaws found in smart syringe pump

A syringe pump is a small infusion pump that delivers liquids, either medication or nutrients, in small quantities into the patient's system. Hospitals, nursing homes, and homes with residents under acute or palliative care use them. Accurate and safe delivery of dosage from a variety of syringes...

Connected Medicine and Its Diagnosis

Medical data is slowly but surely migrating from paper mediums to the digital infrastructure of medical institutions. Today, the data is "scattered" across databases, portals, medical equipment, etc. In some cases, the security of the network infrastructure of such organizations is neglected, and...

Security Flaw in Estonian National ID Card

We have no idea how bad this really is: On 30 August, an international team of researchers informed the Estonian Information System Authority RIA of a vulnerability potentially affecting the digital use of Estonian ID cards. The possible vulnerability affects a total of almost 750,000 ID-cards...

Smart Devices Can Be Hijacked to Track Your Body Movements And Activities Remotely

If your smartphones, tablets, smart refrigerators, smart TVs and other smart devices are smart enough to make your life easier, their smart behavior could also be leveraged by hackers to steal data, invade your privacy or spy on you, if not secured properly. One such experiment has recently been...

Hacking a Gene Sequencer by Encoding Malware in a DNA Strand

One of the common ways to hack a computer is to mess with its input data. That is, if you can feed the computer data that it interprets -- or misinterprets -- in a particular way, you can trick the computer into doing things that it wasn't intended to do. This is basically what a buffer overflow...

Amazon Macie and Deep Security

Amazon S3 stores trillions of objects and regularly peaks at millions of requests per second. By any metric, it’s massive. With unparalleled durability and availability, it’s the backbone of AWS’ data services. This morning at the AWS Summit in New York City, AWS launched a new service: Amazon...

Design/Logic Flaw

Vulnerability in the Hospitality Suite8 component of Oracle Hospitality Applications subcomponent: WebConnect. The supported version that is affected is 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Hospitality Suite8 executes to...

CVE-2017-10176

CVE-2017-10176 affects Oracle Java SE/SE Embedded/JRockit (OpenJDK/OpenJDK components) with affected releases including Java SE 7u141 and 8u131, SE Embedded 8u131, JRockit R28.3.14. The vulnerability enables an unauthenticated network attacker to access or take data via multiple protocols and can...

Oracle Hospitality Cruise Fleet Management Remote Vulnerability

Oracle Hospitality Applications is a suite of business applications, servers, and storage solutions for hospitality management from Oracle Corporation. Oracle Hospitality Cruise Fleet Management is one of the fleet management components of Oracle Hospitality Cruise Fleet Management, which provide...

Advantech SUSIAccess <= 3.0 - RecoveryMgmt File Upload Exploit

Exploit for jsp platform in category web applications ! /usr/bin/env ruby =begin Exploit Title: Advantech SUSIAccess RecoveryMgmt File Upload Date: 07/31/17 Exploit Author: james fitts Vendor Homepage: http://www.advantech.com/ Version: Advantech SUSIAccess = 3.0 Tested on: Windows 7 SP1 Relavant...

Hardcoded credentials

MEDHOST Document Management System contains hard-coded credentials that are used for Apache Solr access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with Apache Solr may be able to obtain or modify sensitive patient and financial information. T...

RBB SPEED TEST App fails to verify SSL server certificates

IID RBB SPEED TEST App for Android and IID RBB SPEED TEST App for iOS are both products of IID Japan.IID RBB SPEED TEST App for Android is a data traffic measurement application based on Android platform. The program is able to measure the average throughput of data exchanges with a server within...

Common Sense Clarity on GDPR

Having recently returned from the first phase of Carbon Black’s official General Data Protection Regulation GDPR Data Security and Privacy tour, where I participated in the data privacy and security enablement of numerous European global businesses, I’ve collected many valuable insights on the...

InsightVM now available in Japan

InsightVM customers can now choose to store their InsightVM data in Japan. At Rapid7, we enable customers to comply with policies and preferences by selecting the region where their data is transmitted, processed, and stored. We're excited to announce that Japan joins our existing data centers in...

Third Party Exposes 14 Million Verizon Customer Records

As many as 14 million U.S.-based Verizon customers have had their data exposed by a partner of the telecommunications giant, which misconfigured a repository storing the personal information it had access to. UpGuard director of cyber risk research Chris Vickery, who has made a living of finding...