How to build a privacy program the right way

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with attorney Whitney Merrill, an expert on...

TCG TPM2 Software Stack: Information disclosure

Background TCG TPM2 Software Stack is a library to interface with trusted platform modules. Description TCG TPM2 Software Stack did not appropriately apply FAPI policies to protect data encrypted with the trusted platform module. Impact Data encrypted using TCG TPM2 Software Stack tpm2-tss may no...

The vulnerability of Intel microprogramming software relates to the lack of protection for system data, which allows attackers to disclose protected information.

The vulnerability of Intel microprogramming software is related to the lack of protection for system data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

Azure SQL Database Security: 9 Features You Should Know

Databases are where organizations hold their “crown jewels” – their data. If you’re running or looking to run SQL on Azure, Azure provides security for the physical, logical, and data layers of services. Basic Azure SQL database security can be enabled using a variety of native security features...

The critical role of Zero Trust in securing our world

We are operating in the most complex cybersecurity landscape that we’ve ever seen. While our current ability to detect and respond to attacks has matured incredibly quickly in recent years, bad actors haven’t been standing still. Large-scale attacks like those pursued by Nobelium1 and Hafnium,...

IBM Spectrum Protect Plus Denial of Service Vulnerability

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A security vulnerability exists in IBM...

Remote dating: How do the apps safeguard our data?

The pandemic and the restrictions that came with it have led to an increase in the popularity of dating apps. For example, the total number of swipes on Tinder increased by 11% last year, with the daily number of swipes surpassing the 3 billion mark for the first time as early as March 2020. This...

Data privacy: What's new in cross-border transfers? The Standard Contractual Clauses

The transfer of personal data between companies and countries is vital for smooth data processing operations. When transferring data out of the European Union, companies are required to comply with the General Data Protection Regulation GDPR which requires that any data that is transferred to a...

IBM Spectrum Protect Plus 安全漏洞

IBM Spectrum Protect Plus is a suite of data protection platforms from IBM USA. The platform provides organizations with a single point of control and management and supports backup and recovery for virtual, physical and cloud environments of all sizes. A security vulnerability exists in IBM...

Banning Surveillance-Based Advertising

The Norwegian Consumer Council just published a fantastic new report: "Time to Ban Surveillance-Based Advertising." From the Introduction: The challenges caused and entrenched by surveillance-based advertising include, but are not limited to: privacy and data protection infringements opaque...

The vulnerability of the IRC client Irssi for the Ubuntu operating system, related to the use after release, allows a intruder to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the IRC client Irssi for the Ubuntu operating system is related to its use after release. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerabilities of DES and Triple DES encryption algorithms lie in the lack of protection for service data, which allows attackers to gain unauthorized access to the protected information.

The vulnerability of DES and Triple DES encryption algorithms is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to the protected information...

How to Create a Simulated Phishing Attack Across Your Company

Email is one of the many weapons at the disposal of bad actors on the Internet, and your employees are in the firing line. Attackers try to hide behind a trusted entity, sometimes even masquerading as a known vendor or even as a representative of a group within your own organization, like HR or I...

The vulnerability of the Cisco Jabber software platform, related to insufficient protection of registration data, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the Cisco Jabber software platform is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information through a specially crafted XMPP message...

Strengthen Your Password Policy With GDPR Compliance

A solid password policy is the first line of defense for your corporate network. Protecting your systems from unauthorized users may sound easy on the surface, but it can actually be quite complicated. You have to balance password security with usability, while also following various regulatory...

Takeaways from the Colonial Pipeline Ransomware Attack

If you feel like you’ve read a lot about ransomware in recent months, it’s because these attacks have indeed intensified. In 2020, ransomware attacks surged by 150 percent, with the average payment size increasing by more than 170 percent. Some of the notable victims include United Health Service...

Jail for consultant who scraped colossal trove of Alibaba customer data

A billion data points, including the usernames and mobile phone numbers of customers have been siphoned off Alibaba websites by a web crawler. The information has reached us about a week after a court ruling in the case. The court ruling A central Chinese court has ruled that an employee of a...

5 Tips to Prevent and Mitigate Ransomware Attacks

Ransomware attacks cost companies over $100 billion a year. Making matters worse, the overwhelming majority of ransomware attacks now include a threat to leak stolen data if the ransom isn’t paid, a technique called “double extortion.” Cybercriminals like ransomware because the entry barrier is...

Akamai Platform Update: New Security Enhancements That Intelligently Automate Application and API Security, Mitigate Online Fraud, and Reduce Burden on Security Professionals

Today is Day 2 of Akamai's Platform Update. Yesterday, we talked about the acceleration of modern app development and how we're empowering users to shift more compute and data to the edge. From the core to the cloud to the edge, the applications and APIs that power modern web experiences must als...

VPNs and Trust

TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices: what data they keep, how they respond to court order, what country they are incorporated in, and so on. Most interesting to me is the home countries of these companies. Express VPN is incorporated i...