What’s new in Microsoft 365 Compliance and Risk Management

The world has dramatically changed over the past three months. As Satya shared in our recent quarterly earnings, we have seen two years’ worth of digital transformation in two months. With that significant amount of rapid change, it’s more important than ever to make sure your business-critical...

Is Your AWS Data Secure and Compliant? Cloud Database Visibility in Minutes

Internal and external attackers are after your data. Regardless of where the data resides, cloud, or on-premises, you need to protect it. In some cases that data needs to be put under compliance controls. Data protection principles hold for data hosted in the cloud database as a service DBaaS. Fo...

The vulnerability of the software for implementing the hypertext environment MediaWiki, related to the transmission of invalid headers in the API, allows a violator to gain unauthorized access to protected information.

The vulnerability of the software for implementing the hypertext environment MediaWiki is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...

The vulnerabilities of the functions BasicSocket#recv_nonblock and BasicSocket#read_nonblock in the Ruby programming language allow attackers to gain unauthorized access to protected information.

The vulnerability of the BasicSocketrecvnonblock and BasicSocketreadnonblock functions in the Ruby programming language is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected...

21 Tips to Stay Secure, Private, and Productive as You Work from Home on Your Mac

Nowadays, Macs are part of the work-from-home workforce during the COVID-19 pandemic. If you’ve brought a Mac from the office to home, it’s likely your IT department has already set it up to meet your company’s security policies. But what if you’re enlisting a Mac already at home to do duty for...

The vulnerability of the User Interface sub-component of the Oracle Financial Services Price Creation and Discovery component in the bank analytics system’s simulation model allows a perpetrator to create, delete, or modify access rights to protected information, or gain read-only access to data.

The vulnerability of the User Interface sub-component of the Oracle Financial Services Price Creation and Discovery component in the bank analytics system’s simulation model relates to the lack of protection for operational data. Exploiting this vulnerability allows an attacker to create, delete,...

The vulnerability of the User Interface sub-component of the Oracle Financial Services Liquidity Risk Measurement and Management banking analytics system’s simulation model applications allows attackers to create, delete, or modify access rights to protected information, or gain read-only access to data.

The vulnerability of the User Interface sub-component of the Oracle Financial Services Liquidity Risk Measurement and Management banking analytics system’s simulation model applications is related to the lack of protection for operational data. Exploiting this vulnerability could allow an attacke...

The vulnerability of the User Interface sub-component of the Oracle Financial Services Hedge Management and IFRS Valuations banking analytical system’s simulation model applications allows attackers to create, delete, or modify access rights to protected information, or gain read-only access to data.

The vulnerability of the User Interface sub-component of the Oracle Financial Services Hedge Management and IFRS Valuations banking analytical system’s simulation model applications is related to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor t...

The vulnerability of the Red Hat Quay container registry, related to insufficient protection of registration data, allows a violator to circumvent the container protection.

The vulnerability of the Red Hat Quay container registry relates to insufficient protection for registration data. Exploiting this vulnerability could allow a attacker to circumvent the container protection mechanisms...

The vulnerability of the Advanced UI component in Oracle WebCenter Sites, which allows a hacker to disclose protected information

The vulnerability of the Advanced UI component of the Oracle WebCenter Sites customer service application relates to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information through HTTP requests...

The vulnerability of the Adobe Experience Manager content and media data management system, related to the lack of protection for operational data, allows a perpetrator to access confidential information.

The vulnerability of the Adobe Experience Manager content and media data management system is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to confidential information...

5 Simple Ways to Make Your Gmail Inbox Safer

These built-in features definitely protect your data, but they can help keep your inbox tidy too...

Going dark: encryption and law enforcement

UPDATE, 05/22/2020: In the advent of the EARN IT Act, the debate on government subversion of encryption has reignited. Given that the material conditions of the technology have not changed, and the arguments given in favor of the bill are not novel, we've decided to republish the following blog...

Ethical dilemmas with responsible disclosure

We do a LOT of disclosures, probably starting one a day on average. Between us, we spend a man day or so per week just managing disclosures. It creates pain for us and consumes time, particularly when the vendor won’t listen. We get the occasional legal threat, which takes time and money to slap...

10 best practices for MSPs to secure their clients and themselves from ransomware

Lock-downs and social distancing may be on, but when it comes to addressing the need for IT support—whether by current of potential clients—it’s business as usual for MSPs. And, boy, is it a struggle. On the one hand, they keep an eye on their remote workers to ensure they’re still doing their jo...

Description of Update Rollup 2 for System Center 2012 R2 Data Protection Manager

Description of Update Rollup 2 for System Center 2012 R2 Data Protection Manager This update rollup was re-released on May 20, 2014 to resolve a "DPMAMService" crash that occurred if the original update KB 2958100 was applied. If you already installed Update Rollup 2 on your Windows Server 2003...

Update Rollup 7 for System Center 2012 R2 Data Protection Manager

Update Rollup 7 for System Center 2012 R2 Data Protection Manager Notice for users who installed Update Rollup 7 earlier than August 21, 2015 We had an issue with Update Rollup 7 in which expired recovery points were not getting cleaned up, and the release was pulled back. The update rollup was...

Update Rollup 6 for System Center 2012 R2 Data Protection Manager

Update Rollup 6 for System Center 2012 R2 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 6 for Microsoft System Center 2012 R2 Data Protection Manager. Additionally, this article contains the installation instructions for Update Rollup 6 for...

The vulnerability of the Microsoft Dynamics 365 resource planning software and the integrated enterprise management system Microsoft Dynamics NAV lies in the lack of protection for operational data, allowing attackers to gain unauthorized access to protected information.

The vulnerability of the Microsoft Dynamics 365 resource planning software and the integrated enterprise management system Microsoft Dynamics NAV lies in the lack of protection for operational data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access...

Cloud Compliance – A Top Challenge for organizations

Regulatory compliance violations are among the top three biggest Cloud Application Security challenges for organizations, according to the CyberEdge Group’s ‘2020 Cyberthreat Defense Report’. Equally concerning are ‘Limitations of cloud service provider’s security tools’ which come in joint secon...