The vulnerability in the Skype for Business app for the Microsoft Edge browser allows a malicious actor to gain unauthorized access to protected information.

The vulnerability in the Skype for Business app for the Microsoft Edge browser is related to the lack of protection for business-related data. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information by clicking on a specially created link...

The vulnerability of the Skype for Business application in Internet Explorer allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Skype for Business app in Internet Explorer is related to the lack of protection for service data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information by clicking on a specially created link within the app...

PT-2020-3584 · Apple · Macos Catalina +2

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 Description: An issue existed in the handling of environment variables, which has been addressed with improved validation. This issue may allow ...

Guiding principles of our identity strategy: staying ahead of evolving customer needs

Last June, when I shared the 5 principles driving a customer-obsessed identity strategy at Microsoft, many of you had embraced the idea of a boundaryless environment, but relatively few had implemented it in practice. A global pandemic made remote access essential and forced many of you to...

9 Tips to Keep Your Cloud Storage Safe and Secure

Make sure that your Dropbox, Google Drive, and Microsoft OneDrive data is protected—while still being easy for you to access...

The vulnerability of the Windows Imaging Component (WIC) framework in Windows operating systems allows attackers to disclose protected information.

The vulnerability of the Windows Imaging Component WIC framework in Windows operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose protected information through a specially created web page or document...

GHSA-WVH7-5P38-2QFC Storing Password in Local Storage

The setPassword method http://parseplatform.org/Parse-SDK-JS/api/2.9.1/Parse.User.htmlsetPassword stores the user's password in localStorage as raw text making it vulnerable to anyone with access to your localStorage. We believe this is the only time that password is stored at all. In the...

The vulnerability of Moxa EDR-G902 and EDR-G903 microcontroller-based software, related to buffer overflow in the stack, allows attackers to compromise the confidentiality, integrity, or accessibility of the protected information.

The vulnerability of the microprogramming software of Moxa EDR-G902 and EDR-G903 is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, or accessibility of the protected information...

The vulnerability of the Windows operating system’s kernel, which allows a hacker to disclose protected information

The vulnerability of the Windows operating system’s kernel is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information through a specially created application...

EMC Data Protection Advisor 6.4 / 6.5 / 18.1 OS Command Injection (DSA-2020-081)

The version of EMC Protection Advisor installed on the remote host is 6.4, 6.5 or 18.1. It is, therefore, affected by an OS command injection vulnerability. An authenticated, remote attacker can exploit this to execute arbitrary commands on the affected system. C Tenable Network Security, Inc...

Enterprise Data Security: It’s Time to Flip the Established Approach

There’s an old saying when it comes to big undertakings: Don’t boil the ocean. Well, there’s hardly any bigger project in information security than trying to protect corporate data. But the reality is that too many organizations today are, in fact, “boiling the ocean” when it comes to their...

Security Bulletin: IBM Java Runtime Vulnerability affects the IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2020-2654)

Summary A denial of service vulnerability in IBM® Runtime Environment Java™ was disclosed as part of the IBM Java SDK updates in January 2020. IBM® Runtime Environment Java™ is used by the IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum...

Security Bulletin: Vulnerabilities in Dojo affect IBM Spectrum Protect for Virtual Environments (CVE-2020-5259, CVE-2020-5258)

Summary Dojo could allow a remote attacker to inject arbitrary code on the system which affects IBM Spectrum Protect for Virtual Environments. Vulnerability Details CVEID: CVE-2020-5259 DESCRIPTION: Dojo dojox could allow a remote attacker to inject arbitrary code on the system, caused by a...

CVE-2020-14704

CVE-2020-14704 affects Oracle VM VirtualBox (Core). Vulnerable in: VirtualBox 5.2.x before 5.2.44, 6.0.x before 6.0.24, and 6.1.x before 6.1.12. The issue allows a high-privilege attacker with logon to compromise VirtualBox and potentially access all data within VirtualBox-usable data; attacks ma...

The vulnerability of the VM-Series network interface cards is related to insufficient protection of registration data, which allows attackers to disclose sensitive information and cause service failures.

The vulnerability of the VM-Series network firewalls is related to insufficient protection of registration data. Exploiting this vulnerability can allow attackers to disclose protected information and cause service failures...

The vulnerability of the /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var component of the cockpit-ovirt plugin, a software tool for managing virtualization of servers and workstations on Red Hat Virtualization, allows a attacker to expose the credentials of a privileged user.

The vulnerability of the /var/lib/ovirt-hosted-engine-setup/cockpit/ansibleVarFileXXXXXX.var component of the cockpit-ovirt plugin, a software tool for managing virtualization of servers and workstations in Red Hat Virtualization, is related to insufficient protection of registration data...

Debotnet - A Tiny Portable Tool For Controlling Windows 10's Many Privacy-Related Settings And Keep Your Personal Data Private

A free and portable tool for controlling Windows 10's many privacy-related settings and keep your personal data private. Your preparation for the Net! The Windows 10 default privacy settings leave a lot to be desired when it comes to protecting you and your private information. Whenever I set up ...

The vulnerability of the PuTTY cryptographic protection mechanism, related to the execution of operations beyond the buffer boundaries in memory, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the PuTTY encryption protection mechanism lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

Introducing Kernel Data Protection, a new platform security technology for preventing data corruption

Attackers, confronted by security technologies that prevent memory corruption, like Code Integrity CI and Control Flow Guard CFG, are expectedly shifting their techniques towards data corruption. Attackers use data corruption techniques to target system security policy, escalate privileges, tampe...

Dell EMC Data Protection Advisor Operating System Command Injection Vulnerability

Dell EMC Data Protection Advisor is a data protection management solution from Dell Dell. The product supports data backup, data recovery and data replication management. An operating system command injection vulnerability exists in Dell EMC Data Protection Advisor versions 6.4, 6.5, and 18.1. A...