Insider Threats Are Rising – But They Shouldn’t Be

There’s never been a shortage of risk that organizations face from insiders gone bad — those incidents where insiders steal information from their employers, clients, partners and government agencies. Many times, malicious insiders seek monetary gain. They’ll steal information such as account...

Understanding CCPA: It's Time to Action a Plan for Compliance

Notice to all procrastinators: The final countdown to the California Consumer Privacy Act CCPA has begun. On January 1, 2020, companies or organizations that do business in California will be required to comply with the state's strict new privacy legislation that establishes a legal and enforceab...

How Can Akamai Identity Cloud Help With Regulatory Compliance?

Regulatory compliance related to personal identifiable information PII is continuously being enacted around the world as the amount of breaches and data abuse continues to grow. Understanding the variances between the many different privacy and data protection laws can be challenging for companie...

Leaky Server Exposes 419M Phone Numbers of Facebook Users

Phone numbers linked to the Facebook accounts of hundreds of millions of users has been found online on an insecure server in the latest privacy gaffe for the social media giant. The server, which lacked password protection, contained more than 419 million records over several databases of Facebo...

The vulnerability of the ipddp_ioctl function in the Linux operating system’s kernel allows a hacker to disclose protected information.

The vulnerability of the ipddpioctl function drivers/net/appletalk/ipddp.c in the Linux kernel is related to insufficient protection of service data. Exploiting this vulnerability can allow an attacker to disclose the protected kernel address information...

Google Will Now Pay Anyone Who Reports Apps Abusing Users' Data

In the wake of data abuse scandals and several instances of malware app being discovered on the Play Store, Google today expanded its bug bounty program to beef up the security of Android apps and Chrome extensions distributed through its platform. The expansion in Google's vulnerability reward...

Google Will Now Pay Anyone Who Reports Apps Abusing Users' Data

In the wake of data abuse scandals and several instances of malware app being discovered on the Play Store, Google today expanded its bug bounty program to beef up the security of Android apps and Chrome extensions distributed through its platform. The expansion in Google's vulnerability reward...

Security Bulletin: Denial of Service vulnerability affects IBM Spectrum Protect Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-1786)

Summary IBM Spectrum Protect formerly Tivoli Storage Manager Client and IBM Spectrum Protect for Virtual Environments is vulnerable to a denial of service caused by incorrect accumulation of TCP/IP sockets in a CLOSEWAIT state. UPDATED: 8/21/2019 - Corrected Affected Product Versions Vulnerabilit...

Your Business is Compliant with Data Security Regulations. It’s Still not Safe.

There has been plenty of discussion about the impact of global data regulations on data security practices. Particularly with the implementation of the EU’s GDPR last year, organizations in every industry have been scrambling to develop new security practices to avoid fines and the associated bad...

Facebook Records User Audio, Sparking Privacy Questions

Facebook has admitted that it has been transcribing audio chats between its users on its Messenger platform. Sources said that it’s paying hundreds to third-party outside contractors to do so. The latter calls into question Facebook’s data-handling practices when it comes to being open with its...

Data and device security for domestic abuse survivors

For more than a month, Malwarebytes has worked with advocacy groups, law enforcement, and cybersecurity researchers to deliver helpful information in fighting stalkerware—the disturbing cyber threat that enables domestic abusers to spy on their partners’ digital and physical lives. While we’ve...

Dell EMC Integrated Data Protection Appliance Multiple Security Vulnerabilities

Description Dell EMC Integrated Data Protection Appliance is prone to multiple security vulnerabilities. Attackers can exploit these issues to steal cookie-based authentication credentials, control how the page is rendered to the user, obtain sensitive information or bypass certain security...

The vulnerability of the Cisco Unified Communications Manager web framework allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco Unified Communications Manager web framework is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information through a specially created...

The vulnerability of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, and Kaspersky Small Office Security lies in the lack of protection for operational data, allowing attackers to exploit this weakness to compromise the protected information.

The vulnerability of Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Free Anti-Virus, and Kaspersky Small Office Security lies in the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to...

The vulnerability of the PAN-OS operating system, related to the lack of protection for mission-critical data, allows attackers to enhance their privileges.

The vulnerability of the PAN-OS operating system is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to increase their privileges...

The vulnerability of the IBM QRadar SIEM system for event collection and analysis lies in the lack of protection for operational data, allowing attackers to disclose the protected information.

The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose the protected information...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Enterprise Resource Planning (CVE-2018-1890, CVE-2018-12547)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ which is used by IBM Spectrum Protect formerly Tivoli Storage Manager for Enterprise Resource Planning. These issues were disclosed as part of the IBM Java SDK updates in January 2019. Vulnerability Details CVEID:...

Security Bulletin: Password disclosure via application trace affects IBM Spectrum Protect for Enterprise Resource Planning (CVE-2018-1987)

Summary If tracing is activated, IBM Spectrum Protect formerly Tivoli Storage Manager for Enterprise Resource Planning may display the IBM Spectrum Protect node password in plain text in the trace file. Vulnerability Details CVEID: CVE-2018-1987 DESCRIPTION: IBM Tivoli Storage Manager for...

Security Bulletin: Spoofing and denial of service vulnerabilities in WebSphere Application Server Liberty affect IBM Spectrum Protect Client web user interface and IBM Spectrum Protect for Virtual Environments (CVE-2018-1902, CVE-2019-4046)

Summary Potential spoofing and denial of service vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client web user interface and IBM Spectrum Protect formerly Tivoli Storage Manager for Virtual Environments...

The vulnerabilities of Microsoft Exchange Server, Microsoft Lync and Skype for Business messaging programs, Microsoft Outlook and Outlook for iOS email clients, as well as Microsoft Office and Office 365 software packages, are related to the lack of protection for mission-critical data. This makes it possible for attackers to disclose protected information.

The vulnerabilities of Microsoft Exchange Server, Microsoft Lync and Skype for Business messaging applications, Microsoft Outlook and Outlook for iOS email clients, as well as Microsoft Office and Office 365 software packages are related to the lack of data protection measures. Exploiting these...