Windows NTFS Privileged File Access Enumeration Vulnerability

NTFS is a proprietary journaling file system developed by Microsoft. Windows NTFS suffers from a privileged file access enumeration vulnerability that could be exploited by an attacker with user rights to gather intelligence or personal data...

Data Leak Impacts Millions of Yves Rocher Cosmetics Company Customers

UPDATE Cosmetics giant Yves Rocher is warning that a giant data leak exposed the personal data of millions of its customers and reams of sensitive internal company information to the public. The data exposure stems from a database left unprotected by a third-party consultant to the firm...

ntp:fuzz_ntpd_receive: Use-of-uninitialized-value in receive

Detailed Report: https://oss-fuzz.com/testcase?key=5684730627883008 Project: ntp Fuzzing Engine: libFuzzer Fuzz Target: fuzzntpdreceive Job Type: libfuzzermsanntp Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Crash State: receive fuzzntpdreceive.c fuzzntpdreceive.c...

Hostinger Data Breach: 14M Customer Passwords, Personal Data at Risk

Web hosting company Hostinger is warning that a breach of one of its servers potentially gave bad actors access to the hashed passwords and personal data of more than 14 million customers. Hostinger, a popular web, cloud and virtual private server hosting provider and domain registrar with 29...

Hostinger Suffers Data Breach – Resets Password For 14 Million Users

Popular web hosting provider Hostinger has been hit by a massive data breach, as a result of which the company has reset passwords for all customers as a precautionary measure. In a blog post published on Sunday, Hostinger revealed that "an unauthorized third party" breached one of its servers an...

CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

Design/Logic Flaw

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

CVE-2019-14932

The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to access all candidates' information on the website via a modified selApp variable to personalData/resumeDetail.cfm. This includes personal information and other sensitive data...

Information Leakage

craftcms/cms is vulnerable to information leakage. The leakage is possible because it does not adopt the config settings in preserveExifData on image upload, revealing personal/geolocation data to the public...

CVE-2019-14280

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public...

Code injection

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public...

Equifax to Pay up to $700 Million in 2017 Data Breach Settlement

Equifax, one of the three largest credit-reporting firms in the United States, has to pay up to $700 million in fines to settle a series of state and federal investigations into the massive 2017 data breach that exposed the personal and financial data of nearly 150 million Americans—that's almost...

Hacker Stole Data of Over 70% Bulgarian Citizens from Tax Agency Servers

Eastern European country Bulgaria has suffered the biggest data breach in its history that compromised personal and financial information of 5 million adult citizens out of its total population of 7 million people. According to multiple sources in local Bulgarian media, an unknown hacker earlier...

Privacy Experts: Facebook's $5B Fine Unlikely to Do Much

The $5 billion fine that the Federal Trade Commission has slapped on Facebook for privacy violations may be the largest ever levied by the agency, but it’s being derided as “chump change” and ineffective by lawmakers and privacy analysts. The settlement, reported Friday evening, stems from...

Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach

After fining British Airways with a record fine of £183 million earlier this week, the UK's data privacy regulator is now planning to slap world's biggest hotel chain Marriott International with a £99 million $123 million fine under GDPR over 2014 data breach. This is the second major penalty...

Marriott Faces $123 Million GDPR Fine Over Starwood Data Breach

After fining British Airways with a record fine of £183 million earlier this week, the UK's data privacy regulator is now planning to slap world's biggest hotel chain Marriott International with a £99 million $123 million fine under GDPR over 2014 data breach. This is the second major penalty...

Marriott Hit With $123M Fine For Massive 2018 Data Breach

The U.K.’s privacy watchdog is hitting Marriott International with a $123 million £99 million penalty stemming from its 2018 data breach of more than 383 million guest records. The Tuesday fine is issued by the Information Commissioner’s Office ICO and comes only a day after the organization...

Ubuntu-Maker Canonical's GitHub Account Gets Hacked

An unknown hacker yesterday successfully managed to hack into the official GitHub account of Canonical, the company behind the Ubuntu Linux project and created 11 new empty repositories. It appears that the cyberattack was, fortunately, just a "loud" defacement attempt rather than a "silent"...