Flexense DupScout 10.7 Cross Site Scripting

Description: URL: localhost/ Affected Component: /?n0ipr0csalert'XSS'n0ipr0cs=1 Vulnerability Type: Cross Site Scripting https://cwe.mitre.org/data/definitions/79.html Vendor of Product: Flexense DupScout Version: from v10.0.18 to v10.7. Attack Type: Remote Impact: This attack allows an attacker...

Flexense SyncBreeze 10.7 Cross Site Scripting

Description: URL: l ocalhost/ Affected Component: /?n0ipr0csalert'XSS'n0ipr0cs=1 Vulnerability Type: Cross Site Scripting https://cwe.mitre.org/data/definitions/79.html Vendor of Product: Flexense- SyncBreeze Version: from v10.1 to v10.7 Attack Type: Remote Impact: This attack allows an attacker...

PROTECTING YOUR PRIVACY – Part 1: The Privacy Risks of Social Networks and Online Browsing

Most Americans today spend many of their waking hours online. In fact, we’re up to spending an average of five hours per day just on our mobiles. Much of this time is spent browsing the web or checking in, updating and sharing via our favorite social networks. There’s just one problem: unless you...

Critical Actions to Finalize Your GDPR Compliance Program

Starting May 25, 2018, enforcement begins for the new EU General Data Protection Regulation GDPR and its heightened principles and requirements regarding data privacy, data processing, and data security. The newly revised regulation applies to organizations doing business in the European Union or...

Podcast: How Millions of Apps Leak Private Data

SAN FRANCISCO – Threatpost’s Tom Spring talked to Roman Unuchek, senior malware analyst at Kaspersky Lab, about new research on leaky apps made public this week. Unuchek released his research at the RSA conference this week, revealing that millions of apps leak personal identifiable information –...

Localblox exposes personal data of millions of Facebook & LinkedIn users

By Waqas Facebook has been at the receiving end of backlash and This is a post from HackRead.com Read the original post: Localblox exposes personal data of millions of Facebook & LinkedIn users...

Indication of Compromise: Another Key Practice for GDPR Compliance

In this ongoing blog series on preparing for complying with the EU’s General Data Protection Regulation GDPR, we’ve explained the importance of having solid, foundational security practices like asset management and threat prioritization. Today, we’ll discuss how another such practice can help...

Facebook Bolsters Privacy Measures With New Data Access Restrictions

Facebook on Wednesday listed a number of new data access restrictions as the social media company looks to reassure end users that their personal information will remain private. The new measures, detailed in a post by Facebook CTO Mike Schroepfer, limit the personal data that apps can collect...

Tax Guidance as Deadline Approaches

As this year's April 17 tax deadline approaches, NCCIC/US-CERT offers taxpayers guidance to help protect their personal, financial, and tax information. Hackers can take advantage of taxpayers by using social engineering scams to attempt to steal personally identifiable information. NCCIC...

Facebook and Cambridge Analytica

In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos, things we type and delete without posting, and things we do while not on Facebook and even when...

Facebook and Cambridge Analytica – What's Happened So Far

Top Story— Facebook has just lost over $60 billion in market value over the past two days—that's more than Tesla's entire market capitalisation and almost three times that of Snapchat. Facebook shares plunge over revelations that personal data of 50 million users was obtained and misused by Briti...

Hackers steal banking & personal data of 800,000 Orbitz customers

By Waqas Orbitz.com, a Chicago, Illinois based popular travel website owned by Expedia This is a post from HackRead.com Read the original post: Hackers steal banking & personal data of 800,000 Orbitz customers...

Experts Call Facebook’s Latest Controversy a Social Media ‘Breach Of Trust’

Privacy advocates are calling on all social media platforms to more responsibly handle and restrict improper access to data in the wake of Facebook’s latest controversy where it acknowledged users’ personal information had leaked through a third-party app. “People are shocked this happened, but I...

Who Is Afraid of More Spams and Scams?

Security researchers who rely on data included in Web site domain name records to combat spammers and scammers will likely lose access to that information for at least six months starting at the end of May 2018, under a new proposal that seeks to bring the system in line with new European privacy...

IBM Application Performance Management for Monitoring&Diagnostics Information Disclosure Vulnerability

IBM Application Performance Management for Monitoring&Diagnostics is an application performance management tool for monitoring and diagnostics from IBM USA. A security vulnerability exists in IBM Application Performance Management for Monitoring&Diagnostics. An attacker could exploit the...

CVE-2018-1387

IBM Application Performance Management for Monitoring & Diagnostics IBM Monitoring 8.1.3 and 8.1.4 may release sensitive personal data to the staff who can access to the database of this product. IBM X-Force ID: 138210...

GDPR: The Stakes Are High and Time Is of the Essence

With the General Data Protection Regulation GDPR going into effect in under three months, the countdown clock is fast approaching zero for organizations worldwide that handle personal data of EU residents. GDPR is a very broad and wide-ranging regulation that requires organizations to obtain a lo...

Hackers spread Android spyware through Facebook using Fake profiles

By Waqas The Android spyware was used to steal personal data of This is a post from HackRead.com Read the original post: Hackers spread Android spyware through Facebook using Fake profiles...

CVE-2018-7216

Cross-site request forgery CSRF vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens...

CVE-2018-7216

Cross-site request forgery CSRF vulnerability in esop/toolkit/profile/regData.do in Bravo Tejari Procurement Portal allows remote authenticated users to hijack the authentication of application users for requests that modify their personal data by leveraging lack of anti-CSRF tokens...