61 matches found
Buy It Now, Track Me Later: Attacking User Privacy Via Wi-Fi AP Online Auctions
Static and hard-coded layer-two network identifiers are well known to present security vulnerabilities and endanger user privacy. In this work, we introduce a new privacy attack against Wi-Fi access points listed on secondhand marketplaces. Specifically, we demonstrate the ability to remotely...
CVE-2024-20431
A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this...
Google to pay $1.38 billion over privacy violations
The state of Texas reached a mammoth financial agreement with Google last week, securing $1.375 billion in payments to settle two three year-old lawsuits. The Office of Texas Attorney General Ken Paxton originally filed the first lawsuit against Google in January 2022, complaining that the tech...
Cisco Firepower Threat Defense Code Issue Vulnerability (CNVD-2024-44487)
Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. Cisco Firepower Threat Defense has a code issue vulnerability that stems from improper allocation of geolocation data. An attacker could exploit the...
Cisco Firepower Threat Defense 安全漏洞
Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. Cisco Firepower Threat Defense has a code issue vulnerability that stems from improper allocation of geolocation data. An attacker could exploit the...
President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations
U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans' sensitive data," the White House sai...
FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring
The U.S. Federal Trade Commission FTC has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras. This comprises a $25 million penalty for breaching children's privacy laws by retaining their Alexa voice recordings for...
New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware
A previously unknown advanced persistent threat APT is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root...
Slims9 Bulian 安全漏洞
Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g., books, journals, digital files, and other library materials and administration. A security vulnerability exists in Slims9 Bulian version v9.5.2. An attacker...
Answer vulnerable to Insertion of Sensitive Information Into Sent Data
answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc...
PT-2023-17383 · Unknown · Answerdev/Answer
Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.8 Description: The issue concerns the insertion of sensitive information into sent data. Specifically, answerdev/answer, an open-source knowledge-based community software, does not strip EXIF geolocation...
Report Claims Coinbase Selling User Geolocation Data to ICE
By Deeba Ahmed Tech Inquiry’s Jack Paulson has shared startling details about a 3-year contract between the US Department of Homeland… This is a post from HackRead.com Read the original post: Report Claims Coinbase Selling User Geolocation Data to ICE...
Insecure Storage of Sensitive Information
Vulnerability name: EXIF Geolocation Data Not Stripped From Uploaded Images vulnerability Description:- When the user uploads his profile picture, the uploaded image’s EXIF Geolocation Data does not get stripped. As a result, anyone can get sensitive information of microweber users like their...
CVE-2020-26220
toucbase.ai before version 2.0 leaks information by not stripping exif data from images. Anyone with access to the uploaded image of other users could obtain its geolocation, device, and software version data etc if present. The issue is fixed in version 2.0...
Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location
A back-end server associated with Microsoft Bing exposed sensitive data of the search engine's mobile application users, including search queries, device details, and GPS coordinates, among others. The logging database, however, doesn't include any personal details such as names or addresses. The...
IRCCloud: IDOR with Geolocation data not stripped from images
Vulnerable URL :- https://usercontent.irccloud-cdn.com/file/0wXMTrPu/hgjbk Vulnerability Discription: When an image is taken using a smartphone or camera certain metadata fields are often attached to it. These fields could include the model of the camera, the time it was taken, whether the flash...
Sherloq - An Open-Source Digital Image Forensic Toolset
An open source image forensic toolset Introduction "Forensic ImageAnalysis is the application of image science and domain expertise to interpret the content of an image and/or the image itself in legal matters. Major subdisciplines of Forensic Image Analysis with law enforcement applications...
UBUNTU-CVE-2019-15740
An issue was discovered in GitLab Community and Enterprise Edition 7.9 through 12.2.1. EXIF Geolocation data was not being removed from certain image uploads...
Craft CMS 2.7.9/3.2.5 - Information Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title : CraftCms Users information disclosure From uploaded File Author Discovered By : Mohammed Abdul Raheem Author's Company Name : TrekShield IT Solution Vendor Homepage:https://craftcms.com/ Software Information Link:...
Craft CMS 2.7.9/3.2.5 - Information Disclosure
Exploit Title : CraftCms Users information disclosure From uploaded File Author Discovered By : Mohammed Abdul Raheem Author's Company Name : TrekShield IT Solution Author Exploit-db : https://www.exploit-db.com/?author=9783 Found Vulnerability On : 20-07-2019 Vendor Homepage:https://craftcms.com...