X accused of unlawfully using personal data of 60 million+ users to train its AI

In what may come as a surprise to nobody at all, theres been yet another complaint about using social media data to train Artificial Intelligence AI. This time the complaint is against X formerly Twitter and Grok, the conversational AI chatbot developed by Elon Musks company xAI. Grok is a large...

CVE-2024-33003

Some OCC API endpoints in SAP Commerce Cloud allows Personally Identifiable Information PII data, such as passwords, email addresses, mobile numbers, coupon codes, and voucher codes, to be included in the request URL as query or path parameters. On successful exploitation, this could lead to a Hi...

PT-2024-6173 · Sap · Sap Commerce Cloud

Name of the Vulnerable Software and Affected Versions: SAP Commerce Cloud affected versions not specified Description: The issue is related to errors in processing information in the OCC API Endpoint component of SAP Commerce Cloud. This could allow a remote attacker to gain unauthorized access t...

SAP Commerce Cloud 信息泄露漏洞

SAP Commerce Cloud is a cloud-based e-commerce platform from Germany's SAP. It supports sales management, marketing management, order management, and operations management. An information disclosure vulnerability exists in SAP Commerce Cloud that stems from certain OCC API endpoints that allow...

Inside the Dark World of Doxing for Profit

From tricking companies into handing over victims’ personal data to offering violence as a service, the online doxing ecosystem is not just still a problem—it’s getting more extreme...

Sensitive Illinois Voter Data Exposed by Contractor’s Unsecured Databases

Social Security numbers, death certificates, voter applications, and other personal data were accessible on the open internet, highlighting the ongoing challenges in election security...

PT-2024-38317 · WordPress · Forminator

Name of the Vulnerable Software and Affected Versions: Forminator plugin for WordPress versions up to, and including, 1.29.1 Description: The issue allows unauthenticated attackers to extract the HubSpot integration developer API key, making unauthorized changes to the plugin's HubSpot integratio...

Meta Halts AI Use in Brazil Following Data Protection Authority's Ban

Meta has suspended the use of generative artificial intelligence GenAI in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the...

Brazil Halts Meta's AI Data Processing Amid Privacy Concerns

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados ANPD, has temporarily banned Meta from processing users' personal data to train the company's artificial intelligence AI algorithms. The ANPD said it found "evidence of processing of personal data based on inadequate leg...

Meta's 'Pay or Consent' Approach Faces E.U. Competition Rules Scrutiny

Meta's decision to offer an ad-free subscription in the European Union E.U. has faced a new setback after regulators accused the social media behemoth of breaching the bloc's competition rules by forcing users to choose between seeing ads or paying to avoid them. The European Commission said the...

PT-2024-27813 · Unknown · Myfinances

Name of the Vulnerable Software and Affected Versions: MyFinances versions prior to 0.4.6 Description: The issue allows an actor to access personally identifiable information PII and financial information from another account while signed in as a user. This is due to a method in the application...

23andMe data breach under joint investigation in two countries

The British and Canadian privacy authorities have announced they will undertake a joint investigation into the data breach at global genetic testing company 23andMe that was discovered in October 2023. On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that cybercriminal...

When things go wrong: A digital sharing warning for couples

“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month, romant...

A European Summer of Sports is Upon Us – What Does it Mean for Security?

The recent Champions League final in London congratulations, Real Madrid! marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors a...

Fedora: Security Advisory for keepassxc (FEDORA-2024-2e27372d4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-2624 Path Traversal and Arbitrary File Upload Vulnerability in parisneo/lollms-webui

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the @router.get"/switchpersonalpath" endpoint in ./lollms-webui/lollmscore/lollms/server/endpoints/lollmsuser.py. The vulnerability arises due to insufficient sanitization...

CVE-2024-2624 Path Traversal and Arbitrary File Upload Vulnerability in parisneo/lollms-webui

A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the @router.get"/switchpersonalpath" endpoint in ./lollms-webui/lollmscore/lollms/server/endpoints/lollmsuser.py. The vulnerability arises due to insufficient sanitization...

PT-2024-21311 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui versions prior to 9.4 Description: A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the /switch personal path endpoint in ./lollms-webui/lollms...

[SECURITY] Fedora 40 Update: keepassxc-2.7.8-2.fc40

KeePassXC is a community fork of KeePassX KeePassXC is an application for people with extremely high demands on secure personal data management. KeePassXC saves many different information e.g. user names, passwords, urls, attachemts and comments in one single database. For a better management...

Hackers Claim Ticketmaster Data Breach: 560M Users’ Info for Sale at $500K

By Waqas ShinyHunters hacking group has claimed to have breached Ticketmaster, stealing the personal data of 560 million users. The… This is a post from HackRead.com Read the original post: Hackers Claim Ticketmaster Data Breach: 560M Users Info for Sale at $500K...