Beers with Talos Ep. #80: Working securely in a new (not yet) normal

Beers with Talos BWT Podcast episode No. 80 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded April 24, 2020 Matt isn’t with us today, but the rest of the crew discusses some current security issues in our...

The vulnerability of the Media Foundation component in Windows operating systems, which allows a hacker to disclose protected information

The vulnerability of the Media Foundation component in Windows operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow attackers to disclose sensitive information through a specially created file or website...

The vulnerability of the Preferences sub-component of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite allows a perpetrator to gain access to and modify data.

The vulnerability of the Preferences sub-component of the Oracle CRM Technical Foundation component of the Oracle E-Business Suite system relates to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to read,...

The vulnerability of the Media Foundation component in Windows operating systems, which allows a hacker to disclose protected information

The vulnerability of the Media Foundation component in Windows operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow attackers to disclose sensitive information through a specially created file or website...

The vulnerability of the Media Foundation component in Windows operating systems, which allows a hacker to disclose protected information

The vulnerability of the Media Foundation component in Windows operating systems is related to the lack of protection for service data. Exploiting this vulnerability can allow attackers to disclose sensitive information through a specially created file or website...

The vulnerability of the BIND DNS server’s forwarding directive configuration allows a attacker to perform a DNS Rebinding attack.

The vulnerability of the Forwarders directive configuration of the DNS BIND server is related to a violation of data protection mechanisms. Exploiting this vulnerability allows an attacker operating remotely to carry out a DNS Rebinding type attack...

The vulnerability of the win32k component of the Windows operating system, which allows a hacker to disclose protected information

The vulnerability of the win32k component in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information through a specially created application...

CVE-2020-5248

GLPI before version 9.4.6 is vulnerable due to a default, public encryption key (GLPIKEY) used to encrypt data. This allows decryption of sensitive data stored with that key. The issue arises because changing the key after installation requires re-encrypting existing data, and some columns/rows (...

Lock and Code S1Ep6: Recognizing facial recognition’s flaws with Chris Boyd

This week on Lock and Code, we discuss the top security headlines generated right here on Labs and around the Internet. In addition, we talk to Chris Boyd, lead malware intelligence analyst at Malwarebytes, about facial recognition technology—its early history, its proven failures at accuracy, an...

europa-uni.de Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1158226 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

The vulnerability of the Miscellaneous component of the Oracle Scripting environment for creating and processing scripts allows a attacker to gain access to modify, add, or unauthorizedly access sensitive information using the HTTP protocol.

The vulnerability of the Miscellaneous component of the Oracle Scripting environment for creating and processing scripts is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or unauthorizedly access protect...

Data privacy law updates eyed by Singapore

In early 2019, Singapore’s data privacy regulators proposed that the country’s data privacy law could use two new updates—a data breach notification requirement and a right of data portability for the country’s residents. The proposed additions are commonplace in several data privacy laws around...

The vulnerability of the Apache Tomcat application server’s JMX component stems from a lack of protection mechanisms for registration data. This allows attackers to gain unauthorized access to confidential information, cause service failures, and compromise data integrity.

The vulnerability of the Apache Tomcat application server’s JMX component is related to the lack of a mechanism to protect registration data. Exploiting this vulnerability can allow attackers to gain unauthorized access to confidential data, cause service failures, and compromise the integrity of...

Dell EMC Data Protection Central Installed (Linux)

Binary data dellemcdataprotectioncentralnixinstalled.nbin...

Security Bulletin: Vulnerability in IBM Java Runtime affects IBM Spectrum Protect for Enterprise Resource Planning on Windows (CVE-2019-4732)

Summary Multiple vulnerabilities in IBM Java Runtime Environment were disclosed as part of the IBM Java SDK updates in January 2020. IBM Java Runtime Environment, used by IBM Spectrum Protect formerly Tivoli Storage Manager for Enterprise Resource Planning. has addressed the applicable CVE which...

The vulnerability of Google Chrome, related to the lack of protection for service data, allows a perpetrator to gain unauthorized access to information.

The vulnerability of Google Chrome lies in the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to information through a specially created Chrome extension...

The vulnerability of Firefox browsers, related to the lack of protection for service data, allows attackers to gain unauthorized access to information.

The vulnerability of Firefox browsers is related to the lack of protection for service data. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to information...

The vulnerability of Google Chrome, related to the lack of protection for service data, allows a perpetrator to gain unauthorized access to information.

The vulnerability of Google Chrome lies in the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to information through a specially created HTML page...

The vulnerability of the GNOME NetworkManage network connection management tool lies in the lack of protection for service data, allowing a malicious actor to gain unauthorized access to information.

The vulnerability of the GNOME NetworkManage network connection management tool is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to information...

Principles of a Cloud Migration – Security, The W5H – Episode WHAT?

Teaching you to be a Natural Born Pillar! Last week, we took you through the “WHO” of securing a cloud migration here, detailing each of the roles involved with implementing a successful security practice during a cloud migration. Read: everyone. This week, I will be touching on the “WHAT” of...