How to cost-effectively manage and secure a mobile ecosystem

Today’s post was written by Roxane Suau, Vice President of Marketing for Pradeo. In the corporate environment, mobile devices and applications are at the center of communications, enhancing collaborators’ productivity with 24/7 access to information. But at the same time, they represent thousands...

The vulnerability of the Yubico pam-u2f PAM module lies in the lack of protection for service data, allowing attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Yubico pam-u2f PAM module is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...

The vulnerability of the `check_request_for_cacheability` function in server software like HAProxy allows attackers to disclose protected information.

The vulnerability of the checkrequestforcacheability function in the HAProxy network software is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor to disclose sensitive information through a remote request without authentication...

Marriott Hit With $123M Fine For Massive 2018 Data Breach

The U.K.’s privacy watchdog is hitting Marriott International with a $123 million £99 million penalty stemming from its 2018 data breach of more than 383 million guest records. The Tuesday fine is issued by the Information Commissioner’s Office ICO and comes only a day after the organization...

British Airways Fined £183 Million Under GDPR Over 2018 Data Breach

Britain's Information Commissioner's Office ICO today hit British Airways with a record fine of £183 million for failing to protect the personal information of around half a million of its customers during last year's security breach. British Airways, who describes itself as "The World's Favorite...

The vulnerability of the IBM Spectrum Protect server and data protection agent, related to buffer overflows in the stack, allows attackers to execute arbitrary code or cause failures in the server or data protection agent’s functionality.

The vulnerability of the IBM Spectrum Protect server and data protection agent is related to buffer overflows in the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or cause failures in the server or data protection agent...

The vulnerability of the Strife NT information protection system driver, related to deficiencies in access control, allows unauthorized access to information about file system objects.

The vulnerability of the Data Protection System’s driver for unauthorized access is related to deficiencies in access control for attributes of file system objects. Exploiting this vulnerability allows an intruder, operating locally, to gain unauthorized access to information about file system...

How to Protect Our Kids' Data and Privacy

Opinion: Kids today have an online presence starting at birth, which raises a host of legal and ethical concerns. We desperately need a new data protection framework...

Data Breach Lessons from the Trenches

In this webcast Threatpost editor Tom Spring examines the data breach epidemic with the help of noted breach hunter and cybersecurity expert Chris Vickery. He shares how companies can identify their own insecure data, remediate against a data breach and offers tips on protecting data against futu...

The vulnerability of the Dell EMC Avamar Server backup system and the DELL EMC Integrated Data Protection system arises from the failure to take measures to eliminate special elements used in the operating system command set, allowing attackers to execute arbitrary commands with root privileges.

The vulnerability of the Dell EMC Avamar Server backup system and the DELL EMC Integrated Data Protection system exists due to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability allows a malicious actor to execute arbitrary comman...

The vulnerability of the Remote Logging component of the McAfee Agent antivirus software allows a hacker to disclose protected information.

The vulnerability of the Remote Logging component of the McAfee Agent antivirus software is related to the lack of protection for operational data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information...

The vulnerability of the Dell EMC Avamar Server backup system and the DELL EMC Integrated Data Protection system lies in the lack of protection for operational data, allowing attackers to obtain the SSL/TLS connection private keys.

The vulnerability of the Dell EMC Avamar Server backup system and the DELL EMC Integrated Data Protection Appliance lies in the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to obtain the SSL/TLS connection secrets...

IBM Security Guardium Code Issue Vulnerability

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A code issue vulnerability exists in IBM Security Guardium, which can ...

Spanish Soccer League App Spies on Fans

The Spanish Soccer League's smartphone app spies on fans in order to find bars that are illegally streaming its games. The app listens with the microphone for the broadcasts, and then uses geolocation to figure out where the phone is. The Spanish data protection agency has ordered the league to...

The vulnerability of the Windows GDI component of the Windows operating system, which allows a hacker to compromise sensitive information

The vulnerability of the Windows GDI component of the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information through a specially created document or web page...

The vulnerability of the Windows operating system’s kernel, which allows a hacker to disclose protected information

The vulnerability of the Windows operating system’s kernel is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information through a specially created file...

The vulnerability of Intel microprogramming software relates to the lack of protection for system data, which allows attackers to disclose protected information.

The vulnerability of Intel microprogramming software is related to the lack of protection for system data. Exploiting this vulnerability can allow an attacker to disclose the protected information...

The vulnerability of the Windows Event Viewer component (eventvwr.msc) in the Windows operating system, which allows a malicious individual to read arbitrary files

The vulnerability of the Windows Event Viewer component eventvwr.msc in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability allows an attacker to read arbitrary files using a specially created XML file...

Facebook Faces Lawsuit Over Massive 2018 Data Breach

Facebook lost a key court ruling last week and now must face a lawsuit tied to a data breach of its platform disclosed in 2018, which impacted nearly 30 million of its users. The data breach, first disclosed by Facebook in September 2018, directly impacted the access tokens of 30 million accounts...

MongoDB 4.2 Introduces End-to-End Field Level Encryption for Databases

At its developer conference held earlier this week in New York, the MongoDB team announced the latest version of its database management software that includes a variety of advanced features, including Field Level Encryption, Distributed Transactions, and Wildcard Indexes. The newly introduced...