Versa Networks: Unapproved SSH Encryption Enabled

In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR Technical Security Requirements...

VMware Releases Security Updates

VMware has released security updates to address vulnerabilities in vSphere Data Protection. An attacker could exploit some of these vulnerabilities to take control of an affected system. NCCIC encourages users and administrators to review the VMware Security Advisory VMSA-2018-0029 and apply the...

VMSA-2018-0029:vSphere Data Protection (VDP) updates address multiple security issues.

VMSA-2018-0029 vSphere Data Protection VDP updates address multiple security issues. VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0029 VMware Security Advisory Severity: Critical VMware Security Advisory Synopsis: vSphere Data Protection VDP updates address multiple...

With The NASDAQ Bell Ceremony, We Kick Off The Next Leg of Imperva’s Incredible Journey

On Friday morning our CEO Chris Hylen and company execs rung the NASDAQ opening bell in New York, welcoming another day of trading for the world’s second-largest stock exchange; and taking full advantage of the opportunity to celebrate recent corporate milestones for Imperva. “I’m honored to be...

Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection

Exploit Title: Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://warrantytrack.org/ Software Link: https://kent.dl.sourceforge.net/project/warrantytrack/warrantytrack%20Rel.11.06.3.zip Version: 11.06....

Why you need to know about Penetration Testing and Compliance Audits?

We live in an age where data flows like water, becoming the new life source of our everyday ventures. As such, you can just imagine what all of that entails and the weight that data receive, especially when it comes to a decision making on how to handle this fairly new and arguably invaluable...

The Importance of Employee Cybersecurity Training: Top Strategies and Best Practices

For those responsible for overseeing the data protection and cybersecurity of an organization, it's a familiar storyline: "Employee opens email attachment and infects business with ransomware." Headlines to this effect are nothing new. Even the most advanced security solutions can't completely...

Lawsuits Aim Billions in Fines at Equifax and Ad-Targeting Companies

Equifax, Experian and Oracle are among a slate of companies whose business is consumer information, that could soon face billions of dollars in fines for improper data handling. Privacy International has filed complaints against seven corporations, consisting of data brokers Acxiom and Oracle,...

Embracing the Cybersecurity ‘Grey Space’

It is just as tiring for security teams to keep saying “No” as it is for every other department to keep hearing it. To preserve some level of smooth operations in an organization, security teams need to find a way to let employees move data around while still protecting digital assets like IP and...

Security Bulletin: Information Disclosure in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect for Virtual Environments (CVE-2018-1553)

Summary Information disclosure vulnerability in IBM WebSphere Application Server Liberty affects IBM Spectrum Protect formerly Tivoli Storage Mangaer for Virtual Environments. Vulnerability Details CVEID: CVE-2018-1553 DESCRIPTION: IBM WebSphere Application Server Liberty could allow a remote...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect for Virtual Environments (CVE-2018-1656, CVE-2018-12539)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ that is used by IBM Spectrum Protect formerly Tivoli Storage Manager for Virtual Environments: Data Protection for VMware and Data Protection for Hyper-V. These issues were disclosed as part of the IBM Java SDK updates i...

Design/Logic Flaw

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy...

CVE-2018-15446 Cisco Meeting Server Information Disclosure Vulnerability

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy...

ThreatList: Despite Fraud Awareness, Password Reuse Persists for Half of U.S. Consumers

As National Fraud Day approaches Nov. 11, it remains clear that more consumer education is required when it comes to thwarting scammers and identity thieves. Despite almost half of U.S. consumers 49 percent believing their security habits make them vulnerable to information fraud or identity thef...

Default credentials

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default...

CVE-2018-11062

Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default...

CVE-2018-11062

Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1, and 2.2 contain undocumented accounts named ‘support’ and ‘admin’ protected by default passwords. These accounts have limited privileges but can access certain system files, enabling a potential attacker with knowledge of the...

Jelastic 5.4 - host SQL Injection

Jelastic 5.4 - host SQL Injection Exploit Title: Jelastic 5.4 - 'host' SQL injection Google Dork: N/A Date: date Exploit Author: Procode701 Vendor Homepage: https://jelastic.com/ Software Link: https://jelastic.com/ Version: 5.4 Tested on: Kali Linux CVE : N/A POC: The application...

Arcserve Unified Data Protection XML External Entity Injection Vulnerability

Arcserve Unified Data Protection UDP is a set of unified data protection solutions from Arcserve, Inc. in the United States. The solution provides backup and recovery of all virtual and physical environments, global deduplication, and more. An XML external entity injection vulnerability exists in...

Arcserve Unified Data Protection Cross-Site Scripting Vulnerability

Arcserve Unified Data Protection UDP is a set of unified data protection solutions from Arcserve, Inc. in the United States. The solution provides backup and recovery of all virtual and physical environments, global deduplication, and more. A cross-site scripting vulnerability exists in the...