PT-2022-27406 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions 3.1.2 and prior Description: The issue concerns the telephony component in the communication subsystem of OpenHarmony, which sends public events containing personal data without proper permission settings. This allows...

Don’t Sell Your Laptop Without Following These Steps

By Owais Sultan Before selling or trading in your laptop, it is important to prepare the device for its new owner as this will help ensure all of your personal data remains safe. This is a post from HackRead.com Read the original post: Dont Sell Your Laptop Without Following These Steps...

Main phishing and scamming trends and techniques

There are two main types of online fraud aimed at stealing user data and money: phishing and scams. Phishers primarily seek to extract confidential information from victims, such as credentials or bank card details, while scammers deploy social engineering to persuade targets to transfer money on...

Watch out for this triple threat PayPal phish

ZDNet reports an interesting form of PayPal scam sent to one of their own writers. The scam is a so-called "triple threat" phish, in that it gives the scammer three different ways to potentially collect some ill gotten gains from potential victims. The idea is that if one of the three tactics...

Computer Repair Technicians Are Stealing Your Data

Laptop technicians routinely violate the privacy of the people whose computers they repair: Researchers at University of Guelph in Ontario, Canada, recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The logs showed that technicians from six of the locations ha...

Disclosed European Personal Data Number

A European Personal Data Number EPDN is a personally identifiable number that is issued to a citizen of one of the members or ex-members of the European Union. A stolen or leaked EPDN can lead to a compromise, and/or the theft of the affected individuals identity. WAS has discovered an EPDN locat...

Indian Government Publishes Draft of Digital Personal Data Protection Bill 2022

The Indian government on Friday released a draft version of the much-awaited data protection regulation, making it the fourth such effort since it was first proposed in July 2018. The Digital Personal Data Protection Bill, 2022, as it's called, aims to secure personal data, while also seeking...

Researchers Discover Hundreds of Amazon RDS Instances Leaking Users' Personal Data

Hundreds of databases on Amazon Relational Database Service Amazon RDS are exposing personal identifiable information PII, new findings from Mitiga, a cloud incident response company, show. "Leaking PII in this manner provides a potential treasure trove for threat actors – either during the...

What are Dating Apps Doing to Protect Their Users?

A very public affair When asked about the pitfalls and problems behind using dating apps, users cite data security as one of the most worrying elements of online dating. Since the Ashley Madison breach in July 2015, online dating sites have repeatedly been under media scrutiny for the poor...

Google to Pay $391 Million Privacy Fine for Secretly Tracking Users' Location

Internet giant Google has agreed to pay a record $391.5 million to settle with 40 states in the U.S. over charges the company misled users about the collection of personal location data. "Google misled its users into thinking they had turned off location tracking in their account settings, when, ...

VPN vs. DNS Security

When you are trying to get another layer of cyber protection that would not require a lot of resources, you are most likely choosing between a VPN service & a DNS Security solution. Let's discuss both. VPN Explained VPN stands for Virtual Private Networks and basically hides your IP and provides ...

PT-2022-25735 · Sap · Sap Netweaver Abap Server +1

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver ABAP Server and ABAP Platform affected versions not specified Description: The issue allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being...

HCL Technologies HCL Domino 安全漏洞

HCL Technologies HCL Domino is an application software from HCL Technologies, Inc. It provides a platform for application development. HCL Technologies HCL Domino has a security vulnerability that originates from the presence of an information disclosure that can be exploited by an authenticated...

Medibank customers' personal data compromised by cyber attack

Australian health care insurance company Medibank confirmed that the threat actor behind a cyberattack on the company had access to the data of at least 4 million customers. Although Medibank at first said that there was "no evidence that customer data has been accessed," a week later their...

Australia Increases Fines for Massive Data Breaches

After suffering two large, and embarrassing, data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million to a minimum of $50 million. Thats $50 million AUD, or $32 million USD. This is a welcome change. The problem is one of incentives,...

Moto E20 Readback Vulnerability

09/11/2022 Update: CVE ID CVE-2022-3917 has been reserved, with Lenovo to publish the Advisory Summary. TL;DR The Motorola E20 is an entry-level smartphone that uses a Unisoc system-on-chip. Motorola holds around 10% of the US smartphone market, though the sales of the E20 as a subset of that are...

Zammad Access Control Error Vulnerability (CNVD-2022-66765)

Zammad is a suite of ticket management software from the German company Zammad. An access control error vulnerability exists in Zammad version 5.2.1. The vulnerability stems from faulty access control in the program, where Zammad's asset handling mechanism has logic that ensures that client users...

CVE-2022-40816

Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. An access control error vulnerability exists in Zammad version 5.2.1. The vulnerability stems from faulty access control in the program, where Zammad's asset handling mechanism has logic that ensures that client users...

PT-2022-25553 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad version 5.2.1 Description: The issue concerns Incorrect Access Control in Zammad's asset handling mechanism. This mechanism is designed to prevent customer users from accessing personal information of other users. However, the logic wa...