[HackerNews] Critical Flaws Uncovered in Pentaho Business Analytics Software

Multiple vulnerabilities have been disclosed in Hitachi Vantara’s Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application.
The security weaknesses were reported by researchers Alberto Favero from German cybersecurity firm Hawsec and Altion Malka from Census Labs

Source: Read More (The Hacker News)

You might be interested in …

[ThreatPost] Critical VMware Carbon Black Bug Allows Authentication Bypass

All posts, ThreatPost

The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems. Source: Read More (Threatpost)

Read More

[SecurityWeek] Hacker Who Sold UPMC Employee Information Pleads Guilty

All posts, Security Week

A Michigan man has pleaded guilty to hacking a University of Pittsburgh Medical Center employee database, stealing the personal information of more than 65,000 people and then selling the information online. Justin Johnson, 30, is being held at Butler County Prison and will be sentenced in four months, the Tribune-Review reported. read more Source: Read […]

Read More

[TheRecord] SynAck ransomware gang releases decryption keys for old victims

EXLCUSIVE – The El_Cometa ransomware gang, formerly known as SynAck, has released today master decryption keys for the victims they infected between July 2017 and early 2021. The leaked keys were provided to The Record earlier today by an individual who identified themselves as a member of the former SynAck group. Image: The Record The keys have […]

Read More