PT-2019-2071 · Mcafee · Mcafee Tie Server +1

Name of the Vulnerable Software and Affected Versions: McAfee DXL Platform versions prior to 5.0.1 HF2 McAfee TIE Server versions prior to 2.3.1 HF1 Description: The issue is related to a lack of protection for service data, which can be exploited to gain read access to confidential information i...

IBM Spectrum Protect Clickjacking Vulnerability

IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from IBM in the United States. The platform provides organizations with a single point of control and management, and supports backup and recovery for virtual, physical and cloud environments of...

IBM Spectrum ProteIBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments Information Disclosure Vulnerability

IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments are both products of IBM Corporation.IBM Spectrum Protect Backup-Archive Client is a set of client programs for IBM Spectrum Protect file backup, archiving. IBM Spectrum Protect Backup-Archive Client is a...

The vulnerability of the Django library for the Python programming language, which allows attackers to compromise the integrity of protected information

The vulnerability of the Django library for the Python programming language is related to insufficient elimination of special elements in the output data used by the lower-level component. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Protect for Virtual Environments (CVE-2014-7810, CVE-2018-8039)

Summary IBM WebSphere Application Server Liberty is affected by Apache Tomcat and CXF vulnerabilities that affect IBM Spectrum Protect formerly Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Data Protection for Hyper-V. Vulnerability Details CVEID: CVE-2014-7810...

Security Bulletin: Password Exposure in IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments on Windows platforms (CVE-2018-1787)

Summary IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client and IBM Spectrum Protect for Virtual Environments on Windows are affected by a password exposure vulnerability caused by insecure file permissions. Vulnerability Details CVEID: CVE-2018-1787 DESCRIPTION: IBM Spectr...

Security Bulletin: Password disclosure via trace file affects IBM Spectrum Protect Backup-Archive Client and IBM Spectrum Protect for Virtual Environments (CVE-2018-1882)

Summary When tracing is enabled, the IBM Spectrum Protect Backup-Archive Client trace file may display the password in plain text. This affects the IBM Spectrum Protect formerly Tivoli Storage Manager Backup-Archive Client and IBM Spectrum Protect for Virtual Environments. Vulnerability Details...

The global data privacy roadmap: a question of risk

For most American businesses, complying with US data privacy laws follows a somewhat linear, albeit lengthy, path. Set up a privacy policy, don’t lie to the consumer, and check the specific rules if you’re a health care provider, video streaming company, or kids’ app maker. For American businesse...

The vulnerability of the Crystal Report component in the SAP Business One resource management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Crystal Report component in the SAP Business One resource management system is related to access control errors. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information from a remote location...

The vulnerability of the Windows operating system’s kernel, which allows a hacker to disclose protected information

The vulnerability of the Windows operating system’s kernel is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information through a specially created application...

The vulnerability of the Windows GDI component of the Windows operating system, which allows a hacker to compromise sensitive information

The vulnerability of the Windows GDI component of the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information through a specially crafted document or web page...

A week in security (March 18 – 24)

Last week on Malwarebytes Labs, we touched on the susceptibility of hospitals against phishing attacks, password reuse, the risk of interactive TV shows to side-channel attacks, and Facebook's new and out-of-character plan to promote privacy in the platform. Other cybersecurity news A study...

How Radio Frequency Technology is Putting the Industrial Sector at Risk

Each industry has its own unique security risks. The banking and health care sectors, for example, deal with some considerably sensitive financial and client data, and therefore must put robust protections in place to ensure its safety. The industrial sector, however, is a bit different. For many...

Linux: Default user umask

User Mask or User file creation MASK, umask is the default permission for a new file or directory created by a user. Secure default permission prevents other users from accessing private data. This script test for umask parameter set in files SPDX-FileCopyrightText: 2019 Greenbone AG Some text...

DRUPAL-CONTRIB-2019-033

This module addresses the General Data Protection Regulation GDPR that came into effect 25th May 2018, and the EU Directive on Privacy and Electronic Communications from 2012. It provides a banner where you can gather consent from the user when the website stores cookies on their computer or...

Imperva Wins Awards for Best Database Security, Coolest Cloud Security Vendor

SC Magazine has long been one of the most respected names in cybersecurity journalism, and one that has written about Imperva’s security research and solutions many times. So we’re proud to announce that we’ve won the 2019 SC Award for Best Database Security solution at SC’s awards ceremony on...

Beauty Out of Chaos: Elevating Cybersecurity to an Art Form – Part 1

How many of you can remember what it was like managing IT security 10 years ago? How about two decades? The truth is that the landscape was so utterly different back then that any comparisons with today are a little unfair. Yet they’re useful in one key regard: to teach us just how complex and...

Labs survey finds privacy concerns, distrust of social media rampant with all age groups

Before Cambridge Analytica made Facebook an unwilling accomplice to a scandal by appropriating and misusing more than 50 million users’ data, the public was already living in relative unease over the privacy of their information online. The Cambridge Analytica incident, along with other, seemingl...

Will pay-for-privacy be the new normal?

Privacy is a human right, and online privacy should be no exception. Yet, as the US considers new laws to protect individuals’ online data, at least two proposals—one statewide law that can still be amended and one federal draft bill that has yet to be introduced—include an unwelcome bargain:...

The vulnerability of the Network Security Services library lies in the possibility of reducing the version of the TLS protocol used, allowing attackers to gain access to protected information.

The vulnerability of the Network Security Services library relates to the possibility of reducing the version of the TLS protocol used. Exploiting this vulnerability can allow an attacker to gain access to protected information through a secondary channel...