Top insights and best practices from the new Microsoft Data Security Index report

A whopping 74 percent of organizations recently surveyed experienced at least one data security incident with their business data exposed in the previous year. That’s just one of our interesting insights from Microsoft’s new Data Security Index: Trends, insights, and strategies to secure data...

GHSA-R2HW-74XV-4GQP Nautobot vulnerable to exposure of hashed user passwords via REST API

Impact In Nautobot 2.0.x, certain REST API endpoints, in combination with the ?depth= query parameter, can expose hashed user passwords as stored in the database to any authenticated user with access to these endpoints. The passwords are not exposed in plaintext. Nautobot 1.x is not affected by...

Contractor Database Leak Exposes 500K Irish Police Vehicle Seizure Records

By Waqas This marks the fourth data security incident to affect a UK police department in 2023. This is a post from HackRead.com Read the original post: Contractor Database Leak Exposes 500K Irish Police Vehicle Seizure Records...

Who's Experimenting with AI Tools in Your Organization?

With the record-setting growth of consumer-focused AI productivity tools like ChatGPT, artificial intelligence—formerly the realm of data science and engineering teams—has become a resource available to every employee. From a productivity perspective, that's fantastic. Unfortunately for IT and...

The vulnerability of the fill_kobj_path() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the fillkobjpath function in the Linux operating system’s kernel is related to memory writing beyond the bounds of the allocated buffer in the lib/kobject.c module. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

CVE-2023-45803 Request body not stripped after redirect in urllib3

urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a request body like POST to GET as is required by HT...

data.canadensys.net Cross Site Scripting vulnerability OBB-3736332

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

New OS Tool Tells You Who Has Access to What Data

Ensuring sensitive data remains confidential, protected from unauthorized access, and compliant with data privacy regulations is paramount. Data breaches result in financial and reputational damage but also lead to legal consequences. Therefore, robust data access security measures are essential ...

Design/Logic Flaw

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to re...

New Survey Uncovers How Companies Are Confronting Data Security Challenges Head-On

Data security is in the headlines often, and it's almost never for a positive reason. Major breaches, new ways to hack into an organization's supposedly secure data, and other threats make the news because well, it's scary — and expensive. Data breaches, ransomware and malware attacks, and other...

PT-2023-5618 · F5 · Big-Ip Apm

Name of the Vulnerable Software and Affected Versions: BIG-IP APM clients affected versions not specified Description: The issue is related to BIG-IP Access Policy Manager Clients APM Clients sending data in plain text, which can be exploited by a remote attacker to control the DNS server and...

CVE-2023-41070

CVE-2023-41070 is an Apple vulnerability: a logic issue in the sharing flow could allow an app to access sensitive data logged when a user shares a link. Affected products include macOS (Ventura 13.6 and Sonoma 14), iOS (16.7 and 17), iPadOS (16.7 and 17), and watchOS (10). The issue is fixed in ...

CVE-2023-41293

Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality...

CVE-2023-41293

Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality...

Security feature bypass

Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality...

CVE-2023-41293

Huawei HarmonyOS DDMP 모듈에서 데이터 보안 분류 계층의 취약점이 보고되었습니다. CVE-2023-41293은 DDMP 모듈의 접근 제어 부재로 인해 원격에서 악용될 수 있으며, 확인된 영향은 기밀성의 손상입니다. NVD 메트릭에 따르면 이 취약점의 공격 벡터는 네트워크이며, 공격의 복잡도는 낮고, 필요 권한은 없음, 사용자 상호작용도 필요하지 않습니다. 기밀성에 높은 영향이 확인되지만, 문서에 제시된 구체적 악용 코드나 실전 공격 정보는 제공되지 않습니다. 패치 버전이나 구체적 수정안은 명시적으로 제시되어 있...

CVE-2023-41293

Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality...

The software for managing medical organizations like OpenEMR is vulnerable due to insufficient verification of input data, allowing attackers to compromise data privacy and integrity.

The software for managing medical organizations called OpenEMR is vulnerable due to insufficient verification of input data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the confidentiality and integrity of data...

PT-2023-28132 · Poll Maker Team · Poll Maker Plugin

Name of the Vulnerable Software and Affected Versions: Poll Maker Team Poll Maker plugin versions = 4.7.0 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website, potentially allowing them to...

Deleted account still has the right to create, delete other accounts (delete surveys)

Description An account that has been deleted still has the right to create, delete surveys other accounts Proof of Concept Video Poc https://drive.google.com/file/d/1kvNqK8tYvWDabLigI6dZsp4kpKKkrfIx/view?usp=sharing...