EUVD-2019-18860

Malware in sbrugna...

A week in security (August 25 – August 31)

Last week on Malwarebytes Labs: Microsoft wants to automatically save your Word docs to the cloud "No place in our networks": FCC hangs up on thousands of voice operators in robocall war Claude AI chatbot abused to launch "cybercrime spree" Developer verification: a promised lift for Android...

What Is Cloud Data Protection?

A Deep Dive into the Cosmic Universe of Information Safeguarding: An Exhaustive Examination of Distributed Data Security As the virtual dominions continue to propagate at a phenomenal pace, the totality of data we generate daily scales new zeniths. We see ourselves increasingly relying on 'online...

COVID-19 Results for 25% of Wyoming Accidentally Posted Online

The Wyoming Department of Health WDH said on Wednesday it accidentally posted COVID test results of state residents onto their public-facing storage buckets. The WDH said in a public advisory that an employee fumbled the health information of about 164,021 Wyoming residents and of people from oth...

CVE-2019-9486

STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject...

CVE-2019-9486

STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject...

Privilege escalation

STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject...

CVE-2019-9486

STRATO HiDrive Desktop Client 5.0.1.0 for Windows suffers from a SYSTEM privilege escalation vulnerability through the HiDriveMaintenanceService service. This service establishes a NetNamedPipe endpoint that allows applications to connect and call publicly exposed methods. An attacker can inject...

CVE-2019-9486

STRATO HiDrive Desktop Client 5.0.1.0 for Windows is affected by a SYSTEM privilege-escalation vulnerability via the HiDriveMaintenanceService, which exposes a NetNamedPipe endpoint and allows code injection through insecure interprocess communication. The issue also affects Telekom MagentaCLOUD ...

1&1 Online Storage - Exported ContentProvider, External URLs, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application 1&1 Online Storage published at the 'play' market has multiple vulnerabilities...

[SECURITY] Fedora 21 Update: s3ql-2.13-1.fc21

S3QL is a file system that stores all its data online using storage services like Google Storage, Amazon S3 or OpenStack. S3QL effectively provides a ha rd disk of dynamic, infinite capacity that can be accessed from any computer with Internet access. S3QL is a standard conforming, full featured...

[SECURITY] Fedora 22 Update: s3ql-2.13-1.fc22

S3QL is a file system that stores all its data online using storage services like Google Storage, Amazon S3 or OpenStack. S3QL effectively provides a ha rd disk of dynamic, infinite capacity that can be accessed from any computer with Internet access. S3QL is a standard conforming, full featured...

CVE-2014-5884

The 1&1 Online Storage aka de.einsundeins.smartdrive application 5.0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Information disclosure

The 1&1 Online Storage aka de.einsundeins.smartdrive application 5.0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5884

The CVE-2014-5884 entry concerns the 1&1 Online Storage (aka de.einsundeins.smartdrive) Android app version 5.0.11, which fails to verify X.509 certificates when connecting to SSL servers. This enables man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cer...

CVE-2014-5884

The 1&1 Online Storage aka de.einsundeins.smartdrive application 5.0.11 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Debian Security Advisory DSA 3013-1 (s3ql - security update)

Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code. OpenVAS Vulnerability Test $Id:...

Data Backup and Recovery with 'EaseUS Todo Backup Workstation'

Since, we are living in the era where nothing could be possible without the help of the Internet. From every unimportant to every major and important data are stored in our computers and servers, and there is a massive growth in the volume of data all around us. But, computer drives can fail, and...

DDoS Attack, Database Breach Take Down Two Bitcoin Services

As with any asset of monetary value, once said asset reaches a noteworthy level, cybercriminals’ interest is going to pique. Such is the current situation with virtual currency Bitcoin, which hit a high of $142 yesterday and the value of all Bitcoins in circulation has soared to more than $1...

Romanian POS Hackers Plead Guilty, Net $10 M from Scam

Two Romanian men pled guilty this week to charges they hacked into the point of sale systems of more than 200 restaurants, compromising the payment cards of 146,000 customers and amassing more than $10 million over the last few years. Included in those 200 stores were more than 150 Subway sandwic...