Millions of PCs Found Running Outdated Versions of Popular Software

It is 2019, and millions of computers still either have at least one outdated application installed or run outdated operating systems, making themselves vulnerable to online threats and known security vulnerabilities/exploits. Security vendor Avast has released its PC Trends Report 2019 revealing...

Google fined $57 million by France for lack of transparency and consent

The French data protection watchdog CNIL has issued its first fine of €50 million around $57 million under the European Union's new General Data Protection Regulation GDPR law that came into force in May last year. The fine has been levied on Google for "lack of transparency, inadequate informati...

A Twitter Bug Left Android Users' Private Tweets Exposed For 4 Years

Twitter just admitted that the social network accidentally revealed some Android users' protected tweets to the public for more than 4 years — a kind of privacy blunder that you'd typically expect from Facebook. When you sign up for Twitter, all your Tweets are public by default, allowing anyone ...

The vulnerability of the Microsoft Office suite lies in the lack of protection for operational data, which allows attackers to read arbitrary files.

The vulnerability of the Microsoft Office suite is related to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor to read arbitrary files using a specially created file...

The vulnerability of the Linux subsystem of the Windows operating system, which allows a perpetrator to gain access to protected information

The vulnerability of the Linux subsystem of the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to gain access to protected information through a specially created application...

The vulnerability of the mincore() function in the Linux operating system’s kernel allows a hacker to disclose protected information.

The vulnerability of the mincore function mm/mincore.c in the Linux operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose the protected information...

Luas data ransom: the hacker who cried wolf?

In a terrible start to the year for Irish tram firm Luas, their site was compromised a week ago and adorned with a stark ransom warning: Click to enlarge You are hacked. Some time ago I wrote that you have serious security holes. You didn’t reply. The next time someone talks to you, press the rep...

Imperva SecureSphere Native Arbitrary Code Execution Vulnerability

Imperva SecureSphere is a suite of high-performance, centralized data security protection and management products from US-based Imperva. The product provides unified auditing, reporting and logging of different SecureSphere products, visualization of security status and real-time monitoring of...

The vulnerability of the Graphics Device Interface (GDI) component of the Windows operating system, which allows a hacker to disclose protected information

The vulnerability of the Graphics Device Interface GDI component in the Windows operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow an attacker to disclose protected information through a specially created application...

SUSE SLES12 Security Update : php7 (SUSE-SU-2017:0899-1)

This update for php7 fixes the following issues: Security issue fixed : - CVE-2015-8994: code permission/sensitive data protection vulnerability bsc1027210. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has...

The vulnerability of the QRadar Advisor security analysis tool, related to insufficient data protection, allows attackers to disclose protected information.

The vulnerability of the QRadar Advisor with Watson analytical security analysis tool is related to insufficient data protection. Exploiting this vulnerability can allow a malicious actor to disclose protected information...

Human Rights by Design

Good essay: "Advancing Human-Rights-By-Design In The Dual-Use Technology Industry," by Jonathon Penney, Sarah McKune, Lex Gill, and Ronald J. Deibert: But businesses can do far more than these basic measures. They could adopt a "human-rights-by-design" principle whereby they commit to designing...

The vulnerability of the IOBit Advanced SystemCare optimization tool, related to insufficient data protection, allows a hacker to disclose protected information.

The vulnerability of the IOBit Advanced SystemCare optimization tool is related to insufficient data protection. Exploiting this vulnerability can allow a hacker to disclose protected information...

Amazon sent 1,700 audio recordings of Alexa user to a stranger

By Waqas An Amazon customer in Germany under the European Union data protection law called GDPR General Data Protection Regulation requested the company to send all the data it stored on him but little did he know he was about to get his hands on a trove of 1,700 audio recordings of a stranger...

The challenges of adopting a consistent cybersecurity framework in the insurance industry

As hacking events have increased in number and severity, we in the cybersecurity community have united around common strategies that all organizations can implement to reduce their risk. Universal best practices provide organizations with many useful tools to protect their businesses. But what...

IBM Security Guardium Authentication Bypass Vulnerability

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A security vulnerability exists in IBM Security Guardium that stems fr...

Twitter Draws Data Privacy Concerns with Two New Bugs

Two recently-patched flaws in Twitter’s platform have reignited concerns about user data-privacy issues. On Monday, the social-media giant revealed a hole that accidentally enabled bad actors to pull the country codes of accounts’ phone numbers – and revealed that several IP addresses located in...

App Security and PCI; Are you ready for the audit?

As most people know, merchants, financial institutions and anybody else who is involved in processing credit cards are subject to the PCI DSS compliance to reduce fraud and cybersecurity risks. This affects both brick-n-mortar stores and banks as well as card-not-present CNP transactions that...

Data scraping treasure trove found in the wild

We bring word of yet more data exposure, in the form of “nonsensitive” data scraping to the tune of 66m records across 3 large databases. The information was apparently scraped from various sources and left to gather dust, for anyone lucky enough to stumble upon it. What is data scraping? The...

CISO series: Strengthen your organizational immune system with cybersecurity hygiene

One of the things I love about my job is the time I get to spend with security professionals, learning firsthand about the challenges of managing security strategy and implementation day to day. There are certain themes that come up over and over in these conversations. My colleague Ken Malcolmso...