Jail for consultant who scraped colossal trove of Alibaba customer data

A billion data points, including the usernames and mobile phone numbers of customers have been siphoned off Alibaba websites by a web crawler. The information has reached us about a week after a court ruling in the case. The court ruling A central Chinese court has ruled that an employee of a...

Hackers Can Exploit Samsung Pre-Installed Apps to Spy On Users

Multiple critical security flaws have been disclosed in Samsung's pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users' consent and take control of the devices. "The impact of these bugs could have allowed an attacker t...

TikTok Quietly Updated Its Privacy Policy to Collect Users' Biometric Data

Popular short-form video-sharing service TikTok quietly revised its privacy policy in the U.S., allowing it to automatically collect biometric information such as faceprints and voiceprints from the content its users post on the platform. The policy change, first spotted by TechCrunch, went into...

How user experience is shaping verifiable credentials and identity

Since 2017, Microsoft has been working with the identity community on two groundbreaking technologies designed from the ground up to make digital privacy convenient and practical: decentralized identifiers and verifiable credentials. We believe verifiable credentials will revolutionize the way we...

A week in security (May 17 – May 23)

Last week on Malwarebytes Labs, we looked at a banking trojan full of nasty tricks, explained some tips and pointers for using VirusTotal, and dug into how an authentication vulnerability was patched by Pega Infinity. We also explored how a Royal Mail phish deploys evasion tricks to avoid analysi...

How to Tell a Job Offer from an ID Theft Trap

One of the oldest scams around -- the fake job interview that seeks only to harvest your personal and financial data -- is on the rise, the FBI warns. Heres the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job...

100M Android Users Hit By Rampant Cloud Leaks

More than 100 million Android users are at risk after 23 different mobile apps were found to leak personal data in the wake of rampant cloud misconfigurations. That’s according to Check Point Research, whose researchers found that emails, chat messages, location data, passwords, photos, personal...

23 Android Apps Expose Over 100,000,000 Users' Personal Data

Misconfigurations in multiple Android apps leaked sensitive data of more than 100 million users, potentially making them a lucrative target for malicious actors. "By not following best-practices when configuring and integrating third-party cloud-services into applications, millions of users'...

“Have I been pwnd?”– What is it and what to do when you *are* pwned

Adobe. Yahoo!. The US Department of Energy DoE. The New York Times. What these names have in common is that they have all experienced at least one breach in 2013—the year when threat actors started targeting organizations across industries to either steal data for profit or leak them to "teach...

ILIAS < 5.3.19, 5.4.x < 5.4.10 LFI Vulnerability

ILIAS is prone to a local file inclusion LFI vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ilias:ilias"; if...

Ilias Local File Inclusion Vulnerability

Ilias is an open source learning management system for developing and implementing web-based e-learning. A local file inclusion vulnerability exists in Ilias versions prior to 5.3.19, 5.4.10, and 6.0. An attacker can exploit this vulnerability to execute arbitrary code by importing personal data...

CVE-2020-23996

A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data...

CVE-2020-23996

A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data...

Remote file inclusion

A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data...

CVE-2020-23996

A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data...

CVE-2020-23996

CVE-2020-23996 affects the open‑source LMS ILIAS . Affected versions are before 5.3.19, 5.4.10, and 6.0, where a local file inclusion (LFI) vulnerability exists in the import of personal data. The issue can allow remote authenticated attackers to execute arbitrary code via the personal data impor...

ILIAS 安全漏洞

Ilias is an open source learning management system for developing and implementing web-based e-learning. A local file inclusion vulnerability exists in Ilias versions prior to 5.3.19, 5.4.10, and 6.0. An attacker can exploit this vulnerability to execute arbitrary code by importing personal data...

Teaching Cybersecurity to Children

A new draft of an Australian educational curriculum proposes teaching children as young as five cybersecurity: The proposed curriculum aims to teach five-year-old children -- an age at which Australian kids first attend school -- not to share information such as date of birth or full names with...

CVE-2021-24249

The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from a Cross-Site Request Forgery issue, allowing an attacker to make a logged in administrator export files, which could then be downloaded by the attacker to get access to PII, such as...

Tour de Peloton: Exposed user data

An unauthenticated user could view sensitive information for all users, and snoop on live class statistics and its attendees, despite having a private mode. TL;DR Information disclosed included: - User IDs - Instructor IDs - Group Membership - Location - Workout stats - Gender and age - If they a...