A week in security (January 1 – January 7)

Last week on Malwarebytes Labs: Police investigate sexual assault on an avatar How AI hallucinations are making bug hunting harder Explained: SMTP smuggling Facebook introduces another way to track you – Link History 23andMe blames "negligent" breach victims, says it’s their own fault Microsoft...

CVE-2024-0201

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savesettings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions ...

MC4WP < 4.9.10 - Unauthenticated Unpublished Form Preview

Description The plugin is vulnerable to unauthorized access of data due to a missing capability check on the 'listen' function, allowing unauthenticated attackers to preview unpublished forms...

Upgraded Q -> 2 from #37 [1703589922038]

Judge has assessed an item in Issue 37 as 2 risk. The relevant finding follows: L-02 openPosition maybe underflow in openPosition - Base.swap function openPosition DataStruct.OpenPositionParams calldata params public override nonReentrant returns uint96 lienId, uint256 collateralTo...

Top Data Security Issues of Remote Work

By Waqas Work from home or WFH is a blessing for employees, but it can be a disguise when it comes to data security. Protecting yourself and your work infrastructure at home from cyberattacks is crucial. This is a post from HackRead.com Read the original post: Top Data Security Issues of Remote W...

US pharmacy Rite Aid banned from operating facial recognition systems

Pharmacy chain Rite Aid has been denied the right to run facial recognition systems in its stores for five years, by a Federal Trade Commission FTC ruling. The regulator found so many flaws in the retailers surveillance program that it concluded Rite Aid had failed to implement reasonable...

IBM Spectrum Scale Encryption Problem Vulnerability (CNVD-2023-10112315)

IBM Spectrum Scale is a suite of scalable data and file management solutions from International Business Machines IBM based on IBM GPFS, an enterprise file management system optimized for petabyte-scale storage management. The product supports helping customers reduce storage costs while improvin...

Biggest Data Security Threats for Businesses: Strategies to Strengthen Your Defense

By Waqas With cybercriminals continuously evolving their strategies to target sensitive data with sophisticated attacks, data security has become a… This is a post from HackRead.com Read the original post: Biggest Data Security Threats for Businesses: Strategies to Strengthen Your Defense...

We Asked ChatGPT for 2024 Cybersecurity Predictions but You Should Make These Resolutions Instead

By Caitlin Condon, Senior Manager, Vulnerability Research at Rapid7, and Christiaan Beek, Senior Director, Threat Analytics at Rapid7 It’s that time of year again — time for the annual tradition of cybersecurity predictions. Here at Rapid7 we’ve seen a whole lot of threats and exploited...

Top 7 Trends Shaping SaaS Security in 2024

Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in...

China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents

China's Ministry of Industry and Information Technology MIIT on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The effort is designed to "improve the comprehensive response capacity for data security incidents, to ensu...

CVE-2023-49347

CVE-2023-49347 concerns Budgie Extras Windows Previews where temporary data passed between components can be viewed or manipulated. The data is stored in a location accessible to any user with local access, enabling reading of private information, presenting false information to users, or denying...

New Microsoft Purview features use AI to help secure and govern all your data

In the past few years, we have witnessed how digital and cloud transformation has accelerated the growth of data. With more and more customers moving to the cloud, and with the rise of hybrid work, data usage has moved beyond the traditional borders of business. Data is now stored in multiple clo...

New Microsoft Purview features use AI to help secure and govern all your data

In the past few years, we have witnessed how digital and cloud transformation has accelerated the growth of data. With more and more customers moving to the cloud, and with the rise of hybrid work, data usage has moved beyond the traditional borders of business. Data is now stored in multiple clo...

CVE-2023-5711

CVE-2023-5711 affects the WordPress System Dashboard plugin, where a missing capability check in the sd_php_info() AJAX endpoint allowed authenticated users with subscriber-level access or higher to access sensitive PHP info. Affected versions: all up to 2.8.7. The issue has been tracked across m...

Design/Logic Flaw

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contain...

Microsoft Security Copilot drives new product integrations at Microsoft Ignite to empower security and IT teams

First announced in March 2023, Microsoft Security Copilot—Microsofts first generative AI security product—has sparked major interest. The widespread enthusiasm was on full display after announcing our Early Access Program in October 2023 and sharing our incredible Security Copilot innovations at...

Microsoft Security Copilot drives new product integrations at Microsoft Ignite to empower security and IT teams

First announced in March 2023, Microsoft Security Copilot—Microsofts first generative AI security product—has sparked major interest. The widespread enthusiasm was on full display after announcing our Early Access Program in October 2023 and sharing our incredible Security Copilot innovations at...

PT-2023-8861 · Curl +11 · Curl +11

Name of the Vulnerable Software and Affected Versions: cURL affected versions not specified Description: This flaw allows a malicious HTTP server to set "super cookies" in cURL that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies...

Imperva & Thales: Pioneering a New Era in Cybersecurity

Imperva has been a beacon of excellence for over twenty years in the digital protection landscape, where innovation is paramount. Renowned for its groundbreaking products, Imperva has not just secured applications, APIs, and data for the worlds leading organizations but has done so with incredibl...