SUSE-SU-2021:3651-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to Extended Support Release 91.3.0 ESR Fixed: Various stability, functionality, and security fixes MFSA 2021-49 bsc1192250 CVE-2021-38503: iframe sandbox rules did not apply to XSLT stylesheets CVE-2021-38504:...

PT-2021-4808 · Postgresql +10 · Postgresql Libpq +11

Name of the Vulnerable Software and Affected Versions: PostgreSQL libpq affected versions not specified Description: A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption. The vulnerability in the...

PT-2021-5051 · Microsoft · Azure Sphere

Name of the Vulnerable Software and Affected Versions: Azure Sphere affected versions not specified Description: The issue is related to a lack of protection for service data in the Azure Sphere operating system. Exploitation of this issue may allow an attacker to gain unauthorized access to...

PT-2021-5125 · Microsoft · Azure Rtos

Name of the Vulnerable Software and Affected Versions: Azure RTOS affected versions not specified Description: The issue is related to insufficient protection of sensitive data in Azure RTOS, which can allow an attacker to gain unauthorized access to protected information. Recommendations: At the...

PT-2021-4793 · Microsoft · Windows Remote Desktop Protocol +1

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Protocol affected versions not specified Description: The issue is related to a lack of protection for service data in the Windows Remote Desktop Protocol, which can allow an attacker to gain unauthorized access to a...

PT-2021-5016 · Microsoft · Windows Remote Desktop Protocol Client +1

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Protocol Client affected versions not specified Description: The vulnerability is related to a lack of protection for service data in the Windows operating system's Remote Desktop Protocol Client. It may allow a remote...

PT-2021-5006 · Microsoft · Azure Sphere

Name of the Vulnerable Software and Affected Versions: Azure Sphere affected versions not specified Description: The issue is related to a lack of protection for service data in the Azure Sphere operating system. Exploitation of this issue may allow an attacker to gain unauthorized access to...

PT-2021-5319 · Microsoft · Azure Sphere

Name of the Vulnerable Software and Affected Versions: Azure Sphere affected versions not specified Description: The issue is related to a lack of protection for service data in the Azure Sphere operating system. Exploitation of this issue may allow an attacker to gain unauthorized access to the...

PT-2021-5318 · Fslogix · Fslogix

Name of the Vulnerable Software and Affected Versions: FSLogix affected versions not specified Description: The issue is related to a lack of protection for service data, which can allow an attacker to gain unauthorized access to a device. Recommendations: At the moment, there is no information...

1.8 TB of Police Helicopter Surveillance Footage Leaks Online

DDoSecrets published the trove Friday afternoon. Privacy advocates say it shows how pervasive law enforcement's eye has become, and how lax its data protection can be...

Discover what’s new and gain technical expertise from MISA at Ignite

It’s hard to believe we’re so close to the end of another year, and what a year it’s been. For too brief a time in some places, our masks were tossed away, only to find us digging them out of drawers again not long after. But masked up or not, it’s been good to see local restaurants buzzing with...

Securing SaaS Apps — CASB vs. SSPM

There is often confusion between Cloud Access Security Brokers CASB and SaaS Security Posture Management SSPM solutions, as both are designed to address security issues within SaaS applications. CASBs protect sensitive data by implementing multiple security policy enforcements to safeguard critic...

Zales.com Leaked Customer Data, Just Like Sister Firms Jared, Kay Jewelers Did in 2018

In December 2018, bling vendor Signet Jewelers fixed a weakness in their Kay Jewelers and Jared websites that exposed the order information for all of their online customers. This week, Signet subsidiary Zales.com updated its website to remediate a nearly identical customer data exposure. Last...

The vulnerability of the Telnet service of the D-Link DIR-868L router’s microprogramming system lies in the insufficient protection of registration data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Telnet service provided by the D-Link DIR-868L router’s microprogramming software is related to insufficient protection for registration data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

The vulnerability of the Network Address Translation (NAT) technology implemented in the Cisco IOS XE operating system allows attackers to bypass ALG and establish unauthorized connections.

The vulnerability of the Network Address Translation NAT technology implemented in the Cisco IOS XE operating system is related to a violation of data protection mechanisms. Exploiting this vulnerability allows an attacker to bypass the Address Resolution Protocol ALG and establish unauthorized...

The vulnerability of the Telnet service of the D-Link DIR-880L router’s microprogramming system lies in the insufficient protection of registration data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Telnet service provided by the D-Link DIR-880L router’s microprogramming software is related to insufficient protection for registration data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

OPENSUSE-SU-2021:3488-1 Security update for go1.17

This update for go1.17 fixes the following issues: Update to go1.17.2 - CVE-2021-38297: misc/wasm, cmd/link: do not let command line args overwrite global data bsc1191468...

Forrester report suggests Imperva Data Protection delivers high value and rapid ROI

In mid-2021, Imperva commissioned Forrester Research to interview five current Imperva enterprise customers - two in the financial services industry and three in the insurance industry. The goal of the exercise was to gain insight into the economic impact of deploying the Imperva data security...

Time to Build Accountability Back into Cybersecurity

In the age of remote work — where hybrid teams work out of offices, houses and coffee shops using a multitude of devices — presents challenges in terms of understanding who’s responsible for ensuring proper cyber-hygiene across the perimeter-less footprint. Suffice it to say that cybersecurity ha...

PT-2021-7855 · Google · Android

Name of the Vulnerable Software and Affected Versions: Kernel affected versions not specified Description: The issue is related to information disclosure in the Kernel due to indirect branch misprediction. This vulnerability is associated with insufficient protection of service data during...