MongoDB 4.2 Introduces End-to-End Field Level Encryption for Databases

At its developer conference held earlier this week in New York, the MongoDB team announced the latest version of its database management software that includes a variety of advanced features, including Field Level Encryption, Distributed Transactions, and Wildcard Indexes. The newly introduced...

Design/Logic Flaw

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...

CVE-2019-1631 Cisco Integrated Management Controller Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...

Gain the Trust of Your Business Customers With SOC 2 Compliance

In today's business environment, data is what matters most. It matters to organizations that monetize it into operational insights and optimisations, and it matters the threat actors that relentlessly seek to achieve similar monetisation by compromising it. In the very common scenario in which...

Cisco Integrated Management Controller Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to access potentially sensitive system usage information. The vulnerability is due to a lack of proper data protection mechanisms. An attacker could...

Maciej Cegłowski on Privacy in the Information Age

Maciej Cegłowski has a really good essay explaining how to think about privacy today: For the purposes of this essay, I'll call it "ambient privacy" -- the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the...

The vulnerability of the Windows GDI component of the Windows operating system, which allows a hacker to compromise sensitive information

The vulnerability of the Windows GDI component of the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information through a specially created document...

CVE-2019-4162

IBM Security Information Queue (ISIQ) versions 1.0.0–1.0.2 are affected by missing HTTP Strict Transport Security (HSTS) headers, enabling potential exposure where users may navigate to an unencrypted version of the web app or accept invalid TLS certificates. The issue stems from ISIQ not enforci...

Help Keep Data and Systems Safe with Access Rights Manager (ARM)

Built to provision, deprovision, audit, and manage user access rights to data, files, and other systems, SolarWinds® Access Rights Manager ARM is designed to help security admins and IT pros protect their companies from potential risks like data loss and breaches. Visualize who has access to what...

The vulnerability of the HECI subsystem of the microprogramming software Intel Converged Security and Manageability Engine and Intel Server Platform Services allows attackers to disclose protected information.

The vulnerability of the HECI microprogramming software’s subsystem, including Intel Converged Security and Manageability Engine and Intel Server Platform Services, is related to the lack of protection for operational data. Exploiting this vulnerability can allow attackers to disclose sensitive...

Why Election Trust is Dwindling in a Post-Cambridge Analytica World

LONDON, UK – The 2018 Facebook-Cambridge Analytica incident opened the world’s eyes to how much private user data was being collected, shared and sold. But experts worry that future ramifications of this scandal go way beyond Facebook and have created distrust in the election process as a whole...

NIST’s privacy framework lets privacy tell its own story

Online privacy remains unsolved. Congress prods at it, some companies fumble with it while a small handful excel, and the public demands it. But one government agency is trying to bring everyone together to fix it. As the Senate sits on no fewer than four data privacy bills that their own members...

Snapchat Privacy Blunder Piques Concerns About Insider Threats

Snap, the company behind the popular Snapchat social media app, has found itself in hot water after a recent report revealed that Snap employees were abusing their access to private user data – which includes location data, saved Snaps and phone numbers. According to a Thursday Motherboard report...

The vulnerability of Intel Core processors lies in the lack of protection for system data, which allows attackers to exploit this to disclose confidential information.

The vulnerability of Intel Core processors is related to the lack of protection for system data. Exploiting this vulnerability can allow attackers to disclose the protected information...

The vulnerability of the OpenSSH cryptographic protection mechanism lies in the lack of protection for service data, which allows attackers to disclose the protected information.

The vulnerability of the auth-gss2.c file in the OpenSSH cryptographic protection mechanism is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor to disclose the protected information remotely...

5 Cybersecurity Tools Every Business Needs to Know

Cybersecurity experts all echo the same thing – cyber attacks are going to get more rampant, and they will continue to pose severe threats against all technology users. Businesses, in particular, have become prime targets for cybercriminals due to the nature of data and information they process a...

The vulnerability of the SSLv2 protocol implementation in the Network Security Services library allows attackers to disclose protected information.

The vulnerability of the SSLv2 protocol implementation in the Network Security Services library is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

Safeguard your most sensitive data with Microsoft 365

I am Security Operations’ SecOps worst nightmare. Or at least I used to be. As an industrious product marketer, I often share intellectual property think: details of new product capabilities or spreadsheets that contain customer personal identifying information PII with colleagues and vendors. We...

Take these Five Steps to Really Mitigate your Data Breach Risks

Data breaches are a CSO/CISO’s worst nightmare. And they’re getting bigger and more damaging all the time. It’s no longer just hundreds of millions of users whose personal data is stolen at a time, but billions of users. That’s translating into ever-growing financial repercussions. The irony,...

Protecting Yourself from Identity Theft

I don't have a lot of good news for you. The truth is there's nothing we can do to protect our data from being stolen by cybercriminals and others. Ten years ago, I could have given you all sorts of advice about using encryption, not sending information over email, securing your web connections,...