11 matches found
EUVD-2025-15390
Malicious code in bioql PyPI...
BIT-TIMESCALEDB-2023-25149
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...
SolarWinds and its CISO accused of misleading investors before major cyberattack
The Securities and Exchange Commission SEC has announced charges against software company SolarWinds Corporation and its chief information security officer CISO, Timothy G. Brown, for “fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.” In 202...
Multiple vulnerabilities in Special Interest Group Network for Analysis and Liaison's API
Overview Special Interest Group Network for Analysis and Liaison's "Inter-SOC Cooperation API" provided by Japan Computer Emergency Response Team Coordination Center JPCERT/CC contains multiple vulnerabilities listed below. Improper Authorization in Information Provision function CWE-285 -...
CVE-2023-25149 TimescaleDB has incorrect access control
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...
Sharing Netflix, Disney+, other passwords is illegal, according to new guidance
The Intellectual Property Office IPO, the UK government body overseeing intellectual property rights in the UK, has quietly released new guidance on piracy and online counterfeit goods. This campaign is a joint effort between IPO and Meta, Facebooks parent company. The general issue on piracy is...
Clarifying the Computer Fraud and Abuse Act
A federal court has ruled that violating a website's terms of service is not "hacking" under the Computer Fraud and Abuse Act. The plaintiffs wanted to investigate possible racial discrimination in online job markets by creating accounts for fake employers and job seekers. Leading job sites have...
Singapore government gets into the network defense game
There is a common assumption in the infosec community that enormous breaches like those at Equifax, Anthem, and Target are the new norm. That the next mega breach is simply a matter of time. This is because large companies loathe spending money on things that are not directly profitable like secu...
Hadoop, CouchDB Next Targets in Wave of Database Attacks
Insecure Hadoop and CouchDB installations are the latest targets of cybercriminals who are hijacking and deleting data. Last week, security researchers said 28,000 MongoDB and Elasticsearch installations were hacked in a new wave of attacks against unprotected open source data management platform...
Poor Crypto Dooms Blockchain Android App
Shoddy crypto is being blamed for the loss of Bitcoin for an unnamed number of Blockchain users. Blockchain, one of the busiest Bitcoin wallets, on Thursday released a security update for its Android app correcting the situation. “In rare circumstances, certain versions of the Android operating...
Lotus Domino SMTP Server Allows Anonymous Relay of Quoted Addresses
Overview Lotus Domino includes an SMTP server. Under certain configurations, an intruder may be able to relay mail to third parties through the Domino SMTP server. Description An "open" mail server is one that will send mail that is not addressed to and does not originate from a local user. Open...