Unauthorized Access Vulnerability in the University Version of the Psychological Assessment System of Shanghai Huicheng Consulting Co.

Psychological Assessment System University Edition is a comprehensive software integrating psychological assessment, crisis warning, psychological profile and other functions, supporting both PC assessment and mobile assessment. An unauthorized access vulnerability exists in the University Editio...

GLPI SQL Injection Vulnerability (CNVD-2020-67239)

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

Fitbit Spyware Steals Personal Data via Watch Face

A wide-open app-building API would allow an attacker to build a malicious application that could access Fitbit user data, and send it to any server. Kev Breen, director of cyber threat research for Immersive Labs, created a proof-of-concept for just that scenario, after realizing that Fitbit...

PT-2020-4300 · Teclib +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.2 Description: The issue is related to the incorrect neutralization of special elements used in SQL commands, which can allow a remote attacker to execute arbitrary SQL queries to the database in the target system b...

Voter Registration ‘Error’ Phish Hits During U.S. Election Frenzy

Cybercriminals this week are tapping into this week’s political frenzy with a new phishing lure that warns U.S. targets that their voter registration data needs extra details. The emails purport to come from the U.S. Election Assistance Commission, an independent agency of the United States...

U.S. Dept Of Defense: Insufficient Session Expiration on Adobe Connect | https://█████████

Description: Due to lack of password protection and Insufficient Session Expiration I am able to brute force Adobe Connect meeting rooms. Many of the meeting rooms have chat history and files uploaded. Some of the chat history and files contains personal identifiable information. Walkthrough...

QR Codes: A Sneaky Security Threat

If it seems like QR codes have popped up everywhere these days, you’re right. Ever since they were first used by the Japanese auto industry to streamline manufacturing processes, companies everywhere have capitalized on the benefits of QR codes. They’re cheap to deploy and can be applied to almos...

Las Vegas Students' Personal Data Leaked, Post-Ransomware Attack

Personal information for students in the Clark County School District, which includes Las Vegas, has reportedly turned up on an underground forum, following a ransomware attack that researchers say was carried out by the Maze gang. In early September, the Associated Press reported that the distri...

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but the...

British Hacker Sentenced to 5 Years for Blackmailing U.S. Companies

A UK man who threatened to publicly release stolen confidential information unless the victims agreed to fulfill his digital extortion demands has finally pleaded guilty on Monday at U.S. federal district court in St. Louis, Missouri. Nathan Francis Wyatt , 39, who is a key member of the infamous...

JobMonster < 4.6.6.1 - Directory Listing in Upload Folder

The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people's resumes. Although Directory Listing can be prevented by securely configuring the we...

Can VPN really prevent the breach of personal data?

By Owais Sultan Do you use a VPN? It's great for protecting your online privacy but can it protect your data from exposure to malicious elements? This is a post from HackRead.com Read the original post: Can VPN really prevent the breach of personal data?...

Govt.-Backed Contact-Tracing Apps Raise Privacy Hackles

The Electronic Frontier Foundation is echoing lawmaker concerns that California is not taking privacy seriously enough, as state legislators mull launching a COVID-19 exposure-notification app based on Apple and Google’s smartphone technology. The U.S. nonprofit, which is aimed at protecting...

Top Security and Data Privacy Regulations for Financial Services

Regulatory compliance has become an increasingly more important part of the financial services industry in recent years. And it’s a trend that’s likely to continue due to the upsurge in cloud computing, the use of mobile applications, and a shift to IoT devices, all of which are driving exponenti...

Amazon Fixes Alexa Glitch That Could Have Divulged Personal Data

UPDATE Vulnerabilities in Amazon’s Alexa virtual assistant platform could allow attackers to access users’ personal information, like home addresses – simply by persuading them to click on a malicious link. Researchers with Check Point found several web application flaws on Amazon Alexa subdomain...

Why & Where You Should Plant Your Flag

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags. As KrebsOnSecurit...

New Guide: How Akamai Helps You Protect Privacy Data

Laws and regulations related to personally identifiable information PII are continuously being enacted around the world as data breaches and abuses persist. According to the February 2020 United Nations Conference on Trade and Development, 132 out of 194 countries had legislation put in place to...

Researchers Reveal New Security Flaw Affecting China's DJI Drones

Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations DJI that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal...

keycloak: problem with privacy after user logout

A flaw was found in Keycloak. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section...

Debotnet - A Tiny Portable Tool For Controlling Windows 10's Many Privacy-Related Settings And Keep Your Personal Data Private

A free and portable tool for controlling Windows 10's many privacy-related settings and keep your personal data private. Your preparation for the Net! The Windows 10 default privacy settings leave a lot to be desired when it comes to protecting you and your private information. Whenever I set up ...