The vulnerability of the Network Security Services library lies in the possibility of reducing the version of the TLS protocol used, allowing attackers to gain access to protected information.

The vulnerability of the Network Security Services library relates to the possibility of reducing the version of the TLS protocol used. Exploiting this vulnerability can allow an attacker to gain access to protected information through a secondary channel...

The vulnerability of the Windows operating system’s kernel, which allows a hacker to disclose protected information

The vulnerability of the Windows operating system’s kernel is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information through a specially created application...

CB Customer Spotlight: Q&A with MSD of Mt. Vernon’s William Stein

For the past 28 years, William Stein, Certified Education Technology Leader, has served as the Director of Information Systems for the Metropolitan School District MSD of Mt. Vernon in Indiana. Stein uses Carbon Black solutions to protect the K-12 school district’s data by responding to emerging...

Max Schrems: lawyer, regulator, international man of privacy

Almost one decade ago, disparate efforts began in the European Union to change the way the world thinks about online privacy. One effort focused on legislation, pulling together lawmakers from 28 member-states to discuss, draft, and deploy a sweeping set of provisions that, today, has altered how...

Step 5. Set up mobile device management: top 10 actions to secure your environment

The “Top 10 actions to secure your environment” series outlines fundamental steps you can take with your investment in Microsoft 365 security solutions. In “Step 5. Set up mobile device management,” you’ll learn how to plan your Microsoft Intune deployment and set up Mobile Device Management MDM ...

The vulnerability of the Kernel Zones Virtualized NIC Driver in the Oracle Solaris operating system allows a hacker to gain access to protected information.

The vulnerability of the Kernel Zones Virtualized NIC Driver component in the Oracle Solaris operating system is related to insufficient access control. Exploiting this vulnerability could allow an attacker to gain access to protected information remotely...

Exposed: Instagram, OKCupid, Mumsnet All Face Data Concerns

It has once again been busy on the data privacy/exposure front as the week kicks off, with Instagram, dating site OKCupid and the UK’s powerhouse discussion site, Mumsnet, all making recent news. A report on GDPR breach notifications rounds out the latest. First up, Instagram users are apparently...

Google Boosts Encryption For Low-End Android Devices

Google introduced a new storage encryption solution that it hopes will expand security efforts across its full spectrum of Android-powered devices – including low-end devices that typically can’t support encryption. The new encryption offering, Adiantum, aims to solve a big issue that has plagued...

Security Bulletin: Offline dictionary attack vulnerability in IBM Spectrum Protect (formerly Tivoli Storage Manager) (CVE-2016-8937)

Summary IBM Spectrum Protect formerly Tivoli Storage Manager is vulnerable to an offline dictionary attack due to information disclosed during authentication. An attacker can gain full access to the IBM Spectrum Protect system allowing them to perform operations they may not be authorized to...

Securing the future of AI and machine learning at Microsoft

Artificial intelligence AI and machine learning are making a big impact on how people work, socialize, and live their lives. As consumption of products and services built around AI and machine learning increases, specialized actions must be undertaken to safeguard not only your customers and thei...

Merging Facebook Messenger, WhatsApp, and Instagram: a technical, reputational hurdle

Secure messaging is supposed to be just that—secure. That means no backdoors, strong encryption, private messages staying private, and, for some users, the ability to securely communicate without giving up tons of personal data. So, when news broke that scandal-ridden, online privacy pariah...

The vulnerability of the Microsoft Team Foundation Server project management and version control system, related to errors in the data protection mechanism, allows a hacker to disclose protected information.

The vulnerability of the Microsoft Team Foundation Server project management and version control system is related to errors in processing protected variables. Exploiting this vulnerability can allow an attacker, operating remotely, to expose protected information by creating a task that contains...

The vulnerability of the administration portal of Cisco Identity Services Engine allows a perpetrator to disclose protected information.

The vulnerability of the Cisco Identity Services Engine, a platform for managing network policies, is related to errors in the data protection mechanism. Exploiting this vulnerability can allow an attacker, operating remotely, to disclose the protected information...

EU Recalls Children's Smartwatch That Leaks Location Data

UPDATE The European Commission has issued a recall for a popular smartwatch for children, citing “serious” privacy issues that could allow a bad actor to track or communicate with kids remotely. The issues exist in Safe-KID-One, an IoT watch made by German company Enox Group that allows parents t...

Facebook's New Privacy Hires

The Wired headline sums it up nicely -- "Facebook Hires Up Three of Its Biggest Privacy Critics": In December, Facebook hired Nathan White away from the digital rights nonprofit Access Now, and put him in the role of privacy policy manager. On Tuesday of this week, lawyers Nate Cardozo, of the...

Prepare to Defend Your Network Against Swarm-as-a-Service

The digital world we now inhabit creates unprecedented opportunities – both for good and for ill. One of these possibilities is swarm-based tools that can be used to either attack or defend the network. This possibility, or set of possibilities, has arisen due to dramatic advances in swarm-based...

Airbus Suffers Data Breach, Some Employees' Data Exposed

European airplane maker Airbus admitted yesterday a data breach of its "Commercial Aircraft business" information systems that allowed intruders to gain access to some of its employees' personal information. Though the company did not elaborate on the nature of the hack, it claimed that the...

Informing Your Security Posture: How Cybercriminals Blend into the Background

Maintaining protection over an enterprise's critical data, systems and assets is a continual uphill battle. Not only are chances good that the business's digital footprint is growing through new applications, but hackers are also constantly bolstering their capabilities to silently breach platfor...

2019 and Beyond: The (Expanded) RSAC Advisory Board Weighs in on What’s Next

Just when we thought we’d escaped 2018 without an attack on the scale of WannaCry, NotPetya or Equifax, we were struck by Marriott’s November news of a breach affecting 500 million guests and once again reminded that complacency is the enemy of cybersecurity. We were also reminded that predicting...

The vulnerability of the EAS Console component of the Oracle Hyperion Essbase Administration Services allows a intruder to gain unauthorized access to protected data.

The vulnerability of the EAS Console component of the Oracle Hyperion Essbase Administration Services service is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...