Update Rollup 6 for System Center 2016 Data Protection Manager

Update Rollup 6 for System Center 2016 Data Protection Manager Introduction This article describes the issues that are fixed in Update Rollup 6 for Microsoft System Center 2016 Data Protection Manager. This article also contains the installation instructions for this update.Note Existing Data...

CVE-2018-18460

XSS exists in the wp-live-chat-support v8.0.15 plugin for WordPress via the modules/gdpr.php term parameter in a wp-admin/admin.php wplivechat-menu-gdpr-page request...

Privacy for Tigers

Ross Anderson has some new work: As mobile phone masts went up across the world's jungles, savannas and mountains, so did poaching. Wildlife crime syndicates can not only coordinate better but can mine growing public data sets, often of geotagged images. Privacy matters for tigers, for snow...

The vulnerability of the development tool PI Studio arises from insufficient verification of the data entered by users. This allows attackers to gain access to protected information.

The vulnerability of the development tool PI Studio arises from insufficient verification of the data entered by users. Operating this tool may allow a malicious actor to gain access to protected information...

IBM Security Guardium Man-in-the-Middle Attack Vulnerability

IBM Security Guardium is a suite of platforms from IBM in the United States that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. A security vulnerability exists in IBM Security Guardium version 10.5...

Facebook Finds 'No Evidence' Hackers Accessed Connected Third-Party Apps

When Facebook last weekend disclosed a massive data breach—that compromised access tokens for more than 50 million accounts—many feared that the stolen tokens could have been used to access other third-party services, including Instagram and Tinder, through Facebook login. Good news is that...

How to protect your data from Magecart and other e-commerce attacks

In today's golden age of online shopping, consumers take to the Internet, punch in a few credit card details, and happily receive products at their doorstep, safe in the knowledge that their online vendor is well-known, vetted, and therefore their website has to be secure, right? Dut did you know...

Information Disclosure Vulnerability in Multiple IBM Products (CNVD-2018-24838)

IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from U.S.-based IBM that provides organizations with a single point of control and management, and support for backup and recovery of virtual, physical and cloud environments of all sizes. A...

Denial of Service Vulnerability in Multiple IBM Products (CNVD-2018-20099)

IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from U.S.-based IBM that provides organizations with a single point of control and management, and support for backup and recovery of virtual, physical and cloud environments of all sizes. A deni...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Spectrum Protect (formerly Tivoli Storage Manager) Client and IBM Spectrum Protect (formerly Tivoli Storage Manager) for Virtual Environments: Data Protection for VMware

Summary OpenSSL vulnerabilities were disclosed on March 27, 2018 by the OpenSSL Project. OpenSSL, used by the IBM Spectrum Protect formerly Tivoli Storage Manager Client and IBM Spectrum Protect for Virtual Environments formerly Tivoli Storage Manager for Virtual Environments: Data Protection for...

Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year

The security and privacy issues with APIs and third-party app developers are something that's not just Facebook is dealing with. A bug in Twitter's API inadvertently exposed some users' direct messages DMs and protected tweets to unauthorized third-party app developers who weren't supposed to get...

Update Rollup 1 for System Center 2016 Data Protection Manager

Update Rollup 1 for System Center 2016 Data Protection Manager Introduction This article describes the new features in Update Rollup 1 for Microsoft System Center 2016 Data Protection Manager. It also contains the installation instructions for this update. Note Existing Data Protection Manager to...

Facebook Now Offers Bounties For Access Token Exposure

Facebook announced Monday it is expanding its bug bounty program to sniff out vulnerabilities related to access token exposure. The social media giant will offer at least $500 for vulnerabilities found in third-party apps and websites that involve improper exposure of Facebook user access tokens...

CVE-2018-6976

CVE-2018-6976 affects VMware Content Locker for iOS prior to 4.14. The issue is a data protection vulnerability in the SQLite database, related to unencrypted filenames and associated metadata stored by Content Locker. This can expose metadata through the Content Locker’s data storage. Public ref...

CVE-2018-6975

CVE-2018-6975 concerns the AirWatch Agent for iOS prior to 5.8.1, where a data-protection vulnerability allows files and keychain entries in the Agent to be unencrypted. The VMware advisory (VMSA-2018-0023) confirms a data-protection issue and states that updates to the AirWatch Agent and VMware ...

CVE-2018-6975

The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted...

CVE-2018-6976

The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker...

CVE-2018-6975

The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted...

CVE-2018-6976

The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker...

CVE-2018-6975

The AirWatch Agent for iOS prior to 5.8.1 contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted...