CVE-2020-3939

SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site ScriptingXSS, personal information may be leaked to attackers via the vulnerability...

Nanjing NanSoft Technology Co., Ltd. postgraduate management information system has a logic flaw vulnerability

Nanjing NanSoft Technology Co., Ltd. graduate management information system is a graduate students and teachers to provide appropriate services, but also students and teachers can communicate with each other software. A logic flaw exists in the Graduate Management Information System of Nanjing...

PT-2020-10396 · WordPress · Give Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Give versions prior to 2.5.5 Description: A flaw in the Give WordPress plugin allowed unauthenticated users to bypass API authentication methods, accessing personally identifiable user information PII, including names, addresses, IP addresses...

CVE-2019-12837

The Java API in accesuniversitat.gencat.cat 1.7.5 allows remote attackers to get personal information of all registered students via several API endpoints...

Podcast: What We've Learned from the Year of the Breach

This podcast is sponsored by Arctic Wolf. Large-scale data breaches hitting organizations like Capital One and Georgia Tech in 2019 show that companies continue to be targeted in malicious cyberattacks that expose customers’ personal data and valuable records. Threatpost host Cody Hackett sat dow...

LifeLabs Paid Hackers to Recover Stolen Medical Data of 15 Million Canadians

LifeLabs, the largest provider of healthcare laboratory testing services in Canada, has suffered a massive data breach that exposed the personal and medical information of nearly 15 million Canadians customers. The company announced the breach in a press release posted on its website, revealing...

EFF Talks the Corporate Surveillance of Consumers

You can’t protect your privacy if you don’t know how it’s being violated. That’s the essence of a report by the Electronic Frontier Foundation that shines a bright disinfecting light on how corporations are collecting data on consumers. Think Facebook-like data collection on steroids and you begi...

Avast and AVG Browser Extensions Spying On Chrome and Firefox Users

If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible. Avast Online Security AVG Online Security Avast SafePrice AVG SafePrice Why? Because these four widely installed...

OnePlus Suffers New Data Breach Impacting Its Online Store Customers

Chinese smartphone maker OnePlus has suffered a new data breach exposing personal and order information of an undisclosed number of its customers, likely, as a result of a vulnerability in its online store website. The breach came to light after OnePlus started informing affected customers via...

Online Phishing: How to Stay Out of the Hackers’ Nets

Despite the growing popularity of social media and messaging apps, email remains the preferred way to communicate online for millions of Americans. And the bad guys know it. Of the 28.6 billion cyber-threats Trend Micro blocked globally in the first half of 2019, over 24.3 billion were carried by...

Company Detected Years-Long Breach Only After Hacker Maxed Out Servers' Storage

What could be even worse than getting hacked? It's the "failure to detect intrusions" that always results in huge losses to the organizations. Utah-based technology companyInfoTrax Systems is the latest example of such a security blunder, as the company was breached more than 20 times from May 20...

News Wrap: Voice Assistant Laser Hack, Twitter Insider Threats, Data Breach Fine Fails

Threatpost editors break down the top news stories for the week ended Nov. 8. The hot stories of the week include: Despite trillions of dollars in data-breach fine payouts, each year the number of compromised companies and individuals with private data exposed rise – a Threatpost feature looks at...

Instagram clamps down on fake messages with anti-phishing tool

Instagram accounts will always be a popular target for scammers. You might not think it’s a big deal if someone has their account swiped, but it’s often the vanguard of many online businesses. A takeover, or a deletion, can be absolutely devastating. Smart hacking crews are always in the...

CVE-2019-14808

An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab e.g., exposure of his birthday or logs into his account i.e., exposure of credentials...

Code injection

An issue was discovered in the RENPHO application 3.0.0 for iOS. It transmits JSON data unencrypted to a server without an integrity check, if a user changes personal data in his profile tab e.g., exposure of his birthday or logs into his account i.e., exposure of credentials...

A pervert Yahoo employee hacked 6,000 accounts using internal system

By Waqas A former Yahoo engineer hacked 6,000 Yahoo Mail account to extract the personal information of victims primarily sexual images and videos. This is a post from HackRead.com Read the original post: A pervert Yahoo employee hacked 6,000 accounts using internal system...

DoorDash Data Breach Impacts Personal Data of Almost 5M Users

Food delivery service DoorDash disclosed a data breach that affects almost 5 million customers, drivers and merchants using its platform. DoorDash, an on-demand food delivery service, connects end users with local restaurants and relies on contracted drivers who use their own vehicles for deliver...

IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador's History

Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country's history. Personal records of more th...

IT Firm Manager Arrested in the Biggest Data Breach Case of Ecuador's History

Ecuador officials have arrested the general manager of IT consulting firm Novaestrat after the personal details of almost the entire population of the Republic of Ecuador left exposed online in what seems to be the most significant data breach in the country's history. Personal records of more th...

Understanding CCPA: It's Time to Action a Plan for Compliance

Notice to all procrastinators: The final countdown to the California Consumer Privacy Act CCPA has begun. On January 1, 2020, companies or organizations that do business in California will be required to comply with the state's strict new privacy legislation that establishes a legal and enforceab...