ForgeCert - "Golden" Certificates

ForgeCert uses the BouncyCastle C API and a stolen Certificate Authority CA certificate + private key to forge certificates for arbitrary users capable of authentication to Active Directory. This attack is codified as DPERSIST1 in our "Certified Pre-Owned" whitepaper. This code base was released ...

The Ultimate SaaS Security Posture Management (SSPM) Checklist

Cloud security is the umbrella that holds within it: IaaS, PaaS and SaaS. Gartner created the SaaS Security Posture Management SSPM category for solutions that continuously assess security risk and manage the SaaS applications' security posture. With enterprises having 1,000 or more employees...

The vulnerability of the iOS operating system’s kernel, which allows a hacker to obtain confidential information

The vulnerability of the iOS operating system’s kernel is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to obtain confidential information through a specially created application...

Veeam Verified: Primary Storage for Continuous Data Protection (CDP) with VMware VVOL

Purpose This article lists storage systems that Veeam has tested for use with VMware VVOL and Veeam's Continuous Data Protection CDP Replication. Tested Alliance Vendor Product Lines Cisco FlashStack based on Pure Storage FlashArray Cisco FlexPod based on NetApp ONTAP Cisco SmarStack based on HPE...

Security Bulletin: IBM MQ Appliance is affected by a sensitive information disclosure vulnerability (CVE-2020-5008)

Summary IBM MQ Appliance has resolved a sensitive information disclosure vulnerability initially reported by the IBM DataPower Gateway. Vulnerability Details CVEID: CVE-2020-5008 DESCRIPTION: IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018.4.1.14 store sensitive...

Windows 11 is out. Is it any good for security?

Windows 11, the latest operating system OS from Microsoft, launches today, and organizations have begun asking themselves when and if they should upgrade from Windows 10 or older versions. The requirements and considerations of each organization will be different, and many things will inform the...

Kodex - A Privacy And Security Engineering Toolkit: Discover, Understand, Pseudonymize, Anonymize, Encrypt And Securely Share Sensitive And Personal Data: Privacy And Security As Code

Kodex Community Edition - CE is an open-source toolkit for privacy and security engineering. It helps you to automate data security and data protection measures in your data engineering workflows. It offers the following functionality: Read data items from a variety of sources such as files,...

The vulnerability of the Network Time Protocol NTP, related to insufficient protection of service data, allows attackers to trigger a service failure.

The vulnerability of the Network Time Protocol NTP is related to insufficient protection of service data during port randomization. Exploiting this vulnerability can allow a malicious actor to cause service failures by connecting through port 123...

The vulnerability of the Framework component in Android operating systems allows a hacker to trigger a service failure.

The vulnerability of the Framework component in Android operating systems is related to insufficient protection of service data. Exploiting this vulnerability can allow a malicious actor to cause service failures through a specially created file...

A simpler, more integrated approach to data governance

It’s no secret that the volume of data created by organizations and people multiplies daily. And, in the digital—and hybrid work—world we live in, that data is spread across more tools, platforms, devices, and clouds than ever before, creating regulatory challenges and security risks. Organizatio...

Release Information for Veeam Backup & Replication 11a

More Recent Version Available Please find the latest version of Veeam Backup & Replication here: Veeam Downloads - Latest Version Requirements Please confirm that you are running version 9.5 Update 4b build 9.5.4.2866 or later before upgrading. You can check this under Help | About in Veeam Backu...

IBM Security Guardium Hardcoded Credential Vulnerability

IBM Security Guardium is a suite of platforms from IBM USA that provides data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium version 11.3 contains a hard-coded credential vulnerability. An...

IBM Security Guardium Information Disclosure Vulnerability (CNVD-2021-87023)

IBM Security Guardium is a comprehensive data protection solution that provides full data security capabilities from compliance support to dynamic data masking. an information disclosure vulnerability exists in IBM Security Guardium version 11.3. An attacker could exploit the vulnerability to...

Internet safety tips for kids and teens: A comprehensive guide for the modern parent

When it comes to picking a new device for your child, its often difficult to know where to start. Whether youre looking for a smartphone, a laptop, a gaming device or something else, or even just signing up for an account online, you want to make sure your kids are protected. Its important to get...

Rapid7 Statement on the New Standard Contractual Clauses for International Transfers of Personal Data

Context: On June 4, 2021, the European Commission published new standard contractual clauses “New SCCs". Under the General Data Protection Regulation “GDPR", transfers of personal data to countries outside of the European Economic Area EEA must meet certain conditions. The New SCCs are an approve...

IBM Security Guardium 信任管理问题漏洞

IBM Security Guardium is a suite of platforms from IBM USA that provides data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium version 11.3 contains a hard-coded credential vulnerability. An...

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from insufficient protection of registration data, allowing attackers to access confidential information.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to insufficient protection of registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to confidential information...

IBM Security Guardium Information Disclosure Vulnerability (CNVD-2021-87027)

IBM Security Guardium is a suite of platforms from IBM USA that provides data protection capabilities. The platform includes features such as customizable UI, report management and streamlined audit process building.IBM Security Guardium has a security vulnerability that could be exploited by a...

The vulnerability of the SonicOS operating system, related to insufficient protection of operational data, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the SonicOS operating system is related to insufficient protection of operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information through a specially created HTTP request...

When data privacy and protection are rights, don’t get it wrong

Twenty-one years ago, Latanya Sweeney showed that it’s possible to uniquely identify 87% of Americans with just three pieces of personal data: gender, ZIP code and full date of birth. Long before anyone had heard the words ‘data lake’, ‘cloud storage’ or ‘big data’, nevermind ‘social media’, it w...