EUVD-2016-6963

Malware in sbrugna...

EUVD-2014-4574

Malware in sbrugna...

EUVD-2018-18822

Malware in sbrugna...

BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability

In what's an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability i...

CVE-2024-50186

In the Linux kernel, the following vulnerability has been resolved: net: explicitly clear the sk pointer, when pf-create fails We have recently noticed the exact same KASAN splat as in commit 6cd4a78d962b "net: do not leave a dangling sk pointer, when socket creation fails". The problem is that...

Former Uber CISO Appealing His Conviction

Joe Sullivan, Ubers CEO during their 2016 data breach, is appealing his conviction. Prosecutors charged Sullivan, whom Uber hired as CISO after the 2014 breach, of withholding information about the 2016 incident from the FTC even as its investigators were scrutinizing the companys data security a...

CVE-2022-46329

Protection mechanism failure for some IntelR PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access...

SUSE CVE-2018-6829

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional...

SUSE CVE-2018-14644

An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers fo...

Experian Glitch Exposing Credit Files Lasted 47 Days

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumers full credit report -- armed with nothing more than a persons name, address, date of birth, and Social Security...

VPN Exposes Data for 1M Users, Leading to Researcher Questioning

Free virtual private network VPN service Quickfox, which provides access to Chinese websites from outside the country, exposed the personally identifiable information PII of more than a million users in just the latest high-profile VPN security failure. The incident has some security practitioner...

CVE-2021-34802

A failure in resetting the security context in some transaction actions in Neo4j Graph Database 4.2 and 4.3 could allow authenticated users to execute commands with elevated privileges...

Bank Card "Master Key" Stolen

South Africa's Postbank experienced a catastrophic security failure. The bank's master PIN key was stolen, forcing it to cancel and replace 12 million bank cards. The breach resulted from the printing of the bank's encrypted master key in plain, unencrypted digital language at the Postbank's old...

Brazil’s cosmetic giant Natura leaked 192 million records with payment data

By Waqas It's a massive security failure by The Natura & Co Group. This is a post from HackRead.com Read the original post: Brazil's cosmetic giant Natura leaked 192 million records with payment data...

The Unhappiest Subscribers on Earth? Disney+ Accounts Hacked & Hijacked

The highly anticipated Disney+ streaming service launched last week – and was promptly targeted by hackers looking to compromise users’ accounts. Around 4,000 customer account credentials have shown up for sale on hacking forums for around $3 each, according to reports. An investigation by ZDNet...

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

Hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees -- in some cases going back to 2012, KrebsOnSecurity has learned. Facebook says an ongoing investigation has so far found no indication that employees have...

Moderate severity vulnerability that affects OPCFoundation.NetStandard.Opc.Ua

Failure to validate certificates in OPC Foundation UA Client Applications communicating without security allows attackers with control over a piece of network infrastructure to decrypt passwords...

The Facebook Hack Is an Internet-Wide Failure

Major sites using Facebook's Single Sign-On don't implement basic security features, potentially making the fallout of last week's hack much worse...

PYSEC-2018-97

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data i.e., it does not have semantic security in face of a ciphertext-only attack. The Decisional Diffie-Hellman DDH...

Information disclosure

IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IB...