Aggregator
Breach Roundup: CISA Proposes Security for Bulk Data Sales
1 year 8 months ago
Also: Payment Card Theft Trends, Internet Archive Update
This week, bulk data transfers to China, credit card theft, the Internet Archive still recovering and the Change Healthcare tally is now 100M. Ukraine fought phishers, civil society against the UN cybercrime treaty, TA866 and virtual hard drives spread malware. Google verified Sir Isaac Newton.
This week, bulk data transfers to China, credit card theft, the Internet Archive still recovering and the Change Healthcare tally is now 100M. Ukraine fought phishers, civil society against the UN cybercrime treaty, TA866 and virtual hard drives spread malware. Google verified Sir Isaac Newton.
Hackers Probing Newly Disclosed Fortinet Zero-Day
1 year 8 months ago
Mandiant Says High-Severity Flaw Could Give Attackers Remote Unauthenticated Access
Researchers at Mandiant say a new threat cluster, first observed June 27, has been exploiting a Fortinet zero-day that the network edge device manufacturer publicly disclosed Wednesday. Researchers said they can't assess the threat actor's motivation or location.
Researchers at Mandiant say a new threat cluster, first observed June 27, has been exploiting a Fortinet zero-day that the network edge device manufacturer publicly disclosed Wednesday. Researchers said they can't assess the threat actor's motivation or location.
Socure to Fortify Identity Services With $136M Effectiv Buy
1 year 8 months ago
Effectiv's 30-Person Team to Streamline Identity Services, Help Socure Grow Revenue
Socure has acquired Effectiv, integrating its engineering team of 30 to strengthen identity verification capabilities. The $136 million deal aims to speed up customer onboarding, enhance transaction monitoring, and deliver cross-platform solutions, with the product integration expected in 45 days.
Socure has acquired Effectiv, integrating its engineering team of 30 to strengthen identity verification capabilities. The $136 million deal aims to speed up customer onboarding, enhance transaction monitoring, and deliver cross-platform solutions, with the product integration expected in 45 days.
LinkedIn Fined 310 Million Euros for Privacy Violations
1 year 8 months ago
Irish Data Protection Commission Cites Social Platform for GDPR Violations
The Irish Data Protection Commission imposed a 310 million euro fine on LinkedIn for violating a European privacy law stemming from the company's use of customer data. It ordered the social media platform to bring its data processing under compliance.
The Irish Data Protection Commission imposed a 310 million euro fine on LinkedIn for violating a European privacy law stemming from the company's use of customer data. It ordered the social media platform to bring its data processing under compliance.
AWS's Predictable Bucket Names Make Accounts Easier to Crack
1 year 8 months ago
Amazon's open source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.
Becky Bracken, Senior Editor, Dark Reading
CVE-2024-41250 | Kashipara Responsive School Management System 3.2.0 Student Details /smsa/view_students.php access control
1 year 8 months ago
A vulnerability was found in Kashipara Responsive School Management System 3.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /smsa/view_students.php of the component Student Details Handler. The manipulation leads to improper access controls.
This vulnerability was named CVE-2024-41250. The attack can be initiated remotely. There is no exploit available.
vuldb.com
CVE-2024-21127 | Oracle MySQL Server up to 8.0.37/8.4.0 DDL improper authorization (Nessus ID 209593)
1 year 8 months ago
A vulnerability was found in Oracle MySQL Server up to 8.0.37/8.4.0 and classified as critical. This issue affects some unknown processing of the component DDL. The manipulation leads to improper authorization.
The identification of this vulnerability is CVE-2024-21127. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-21198 | Oracle MySQL Server up to 8.0.39/8.4.2/9.0.1 DDL improper authorization (Nessus ID 209595)
1 year 8 months ago
A vulnerability was found in Oracle MySQL Server up to 8.0.39/8.4.2/9.0.1 and classified as critical. Affected by this issue is some unknown functionality of the component DDL. The manipulation leads to improper authorization.
This vulnerability is handled as CVE-2024-21198. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-21207 | Oracle MySQL Server up to 8.0.38/8.4.1/9.0.1 InnoDB denial of service (Nessus ID 209592)
1 year 8 months ago
A vulnerability was found in Oracle MySQL Server up to 8.0.38/8.4.1/9.0.1. It has been rated as problematic. This issue affects some unknown processing of the component InnoDB. The manipulation leads to denial of service.
The identification of this vulnerability is CVE-2024-21207. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-21241 | Oracle MySQL Server up to 8.0.39/8.4.2/9.0.1 Optimizer improper authorization (Nessus ID 209597)
1 year 8 months ago
A vulnerability was found in Oracle MySQL Server up to 8.0.39/8.4.2/9.0.1. It has been rated as critical. Affected by this issue is some unknown functionality of the component Optimizer. The manipulation leads to improper authorization.
This vulnerability is handled as CVE-2024-21241. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-21166 | Oracle MySQL Server up to 8.0.36/8.3.0 InnoDB improper authorization (Nessus ID 209601)
1 year 8 months ago
A vulnerability classified as critical has been found in Oracle MySQL Server up to 8.0.36/8.3.0. Affected is an unknown function of the component InnoDB. The manipulation leads to improper authorization.
This vulnerability is traded as CVE-2024-21166. It is possible to launch the attack remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-21236 | Oracle MySQL Server up to 8.0.39/8.4.2/9.0.1 InnoDB denial of service (Nessus ID 209598)
1 year 8 months ago
A vulnerability was found in Oracle MySQL Server up to 8.0.39/8.4.2/9.0.1 and classified as problematic. This issue affects some unknown processing of the component InnoDB. The manipulation leads to denial of service.
The identification of this vulnerability is CVE-2024-21236. The attack may be initiated remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-21135 | Oracle MySQL Server up to 8.0.36/8.3.0 Optimizer denial of service (Nessus ID 209600)
1 year 8 months ago
A vulnerability was found in Oracle MySQL Server up to 8.0.36/8.3.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Optimizer. The manipulation leads to denial of service.
This vulnerability is handled as CVE-2024-21135. The attack may be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2024-21142 | Oracle MySQL Server up to 8.0.37/8.4.0 Privileges denial of service (Nessus ID 209599)
1 year 8 months ago
A vulnerability has been found in Oracle MySQL Server up to 8.0.37/8.4.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Privileges. The manipulation leads to denial of service.
This vulnerability is known as CVE-2024-21142. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
CVE-2023-45235 | TianoCore EDK2 stable202308 DHCPv6 Proxy Advertise Message buffer overflow (GHSA-hc6x-cw6p-gj7h / Nessus ID 209634)
1 year 8 months ago
A vulnerability, which was classified as critical, has been found in TianoCore EDK2 stable202308. Affected by this issue is some unknown functionality of the component DHCPv6 Proxy Advertise Message Handler. The manipulation leads to buffer overflow.
This vulnerability is handled as CVE-2023-45235. Access to the local network is required for this attack. There is no exploit available.
vuldb.com
CVE-2024-21171 | Oracle MySQL Server up to 8.0.37/8.4.0 Optimizer denial of service (Nessus ID 209602)
1 year 8 months ago
A vulnerability classified as critical was found in Oracle MySQL Server up to 8.0.37/8.4.0. Affected by this vulnerability is an unknown functionality of the component Optimizer. The manipulation leads to denial of service.
This vulnerability is known as CVE-2024-21171. The attack can be launched remotely. There is no exploit available.
It is recommended to upgrade the affected component.
vuldb.com
Henry Schein discloses data breach a year after ransomware attack
1 year 8 months ago
Henry Schein has finally disclosed a data breach following at least two back-to-back cyberattacks in 2023 by the BlackCat Ransomware gang, revealing that over 160,000 people had their personal information stolen. [...]
Lawrence Abrams
Grip Security Releases 2025 SaaS Security Risks Report
1 year 8 months ago
Jake Williams Joins Hunter Strategy As VP of RND & Managing Director of Hunter Labs
1 year 8 months ago