4665 matches found
Spoofing
The VMware Content Locker for iOS prior to 4.14 contains a data protection vulnerability in the SQLite database. This vulnerability relates to unencrypted filenames and associated metadata in SQLite database for the Content Locker...
Taking Stock: The Internet of Things, and Machine Learning Algorithms at War
It’s in the news every day; hackers targeting banks, hospitals, or, as we’ve come to fear the most, elections. Suffice to say then that cybersecurity has, in the last few years, gone from a relatively obscure industry – let's qualify that: not in the sense of importance, but rather how folks have...
GDPR 101: Monitoring & Maintaining Compliance After the Deadline
Discussions about the EU’s General Data Protection Regulation GDPR reached a crescendo on May 25, the compliance deadline, but many companies continue seeking guidance. The reason: A majority of companies missed the deadline, according to estimates from various sources, including Gartner, Crowd...
AirWatch Agent and VMware Content Locker updates resolve data protection vulnerabilities
a. The AirWatch Agent for iOS devices contains a data protection vulnerability The AirWatch Agent for iOS devices contains a data protection vulnerability whereby the files and keychain entries in the Agent are not encrypted. VMware would like to thank Stephan Sekula of Compass Security for...
EMC Data Protection Advisor Installed
Binary data winemcdpainstalled.nbin...
VMware vSphere Data Protection 6.x Information Disclosure Vulnerability (VMSA-2018-0021
The version of VMware vSphere Data Protection installed on the remote host is 6.x. It is, therefore, affected by an information disclosure vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid112208; scriptversion"1.4";...
EMC Data Protection Advisor 6.2 < 6.4 Patch B180 / < 6.5 patch B51 (DSA-2018-112).
According to its self-reported version, the application is 6.2 6.4 Patch B180 or 6.5 6.5 patch B51. It is, therefore, affected by an XML external entity vulnerability vulnerability. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid112193; scriptversion"1.6";...
Podcast: Plugging Leaky Data in the Cloud
Securing data in the cloud is a growing concern for enterprises and SMBs. As more sensitive information is stored in the cloud, users may lack awareness of where their sensitive information is going – and whether that data has been accidentally exposed. Threatpost talked to Scott Ellis, product...
Recent App Issues Reveal Facebook’s Struggles to Temper Data Privacy Woes
Facebook was hit with a double privacy punch regarding data privacy on Wednesday. First, Facebook acknowledged in a public post that one of the apps on its platform, myPersonality, inappropriately shared 4 million users’ data with researchers. Also on Wednesday, The Wall Street Journal reported...
Speculation Attack Against Intel's SGX
Another speculative-execution attack against Intel's SGX. At a high level, SGX is a new feature in modern Intel CPUs which allows computers to protect users' data even if the entire system falls under the attacker's control. While it was previously believed that SGX is resilient to speculative...
CVE-2018-11048
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 contain a XML External Entity XXE Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to...
Xxe
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 contain a XML External Entity XXE Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to...
CVE-2018-11048
CVE-2018-11048 affects Dell EMC Data Protection Advisor (DPA) versions 6.2, 6.3, 6.4, 6.5 and IDPA 2.0, 2.1, with a XML External Entity (XXE) Injection in the REST API. An authenticated remote attacker could read certain server files or cause a denial of service by sending crafted DTDs in XML req...
CVE-2018-11048
Dell EMC Data Protection Advisor, versions 6.2, 6,3, 6.4, 6.5 and Dell EMC Integrated Data Protection Appliance IDPA versions 2.0, 2.1 contain a XML External Entity XXE Injection vulnerability in the REST API. An authenticated remote malicious user could potentially exploit this vulnerability to...
The vulnerability of the Outside In Filters component of the software development kit (SDK) provided by Outside In Technology allows a perpetrator to gain unauthorized access to protected data or cause service failures.
The vulnerability of the Outside In Filters component within the software development kit SDK of Outside In Technology is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected data or cause service failures...
Securely Configuring LenovoEMC NAS Devices - US
Lenovo Security Advisory: LEN-11575 Potential Impact: Access to stored data if security settings have not been configured Scope of Impact: Lenovo-specific Summary Description: In light of recent work by a security researcher, Lenovo would like to remind owners of older LenovoEMC consumer Network...
Consumer DNA Testing Takes a Step Towards Privacy, Transparency
A group of well-known genetic testing providers have partnered with the Future of Privacy Forum FPF to establish privacy guidelines for handling information about what is arguably the most personal private information there is: DNA. Consumer-grade DNA testing – i.e., services that allow folks at...
Protect your data in files, apps, and devices
This blog is part of a series that responds to common questions we receive from customers about deployment of Microsoft 365 security solutions. In this series youll find context, answers, and guidance for deployment and driving adoption within your organization. Check out our last blog, Enable yo...
Onwards and Upwards: Our GDPR Journey and Looking Ahead
At Imperva, our world revolves around data security, data protection, and data privacy. From our newest recruits to the most seasoned members of the executive team, we believe that customer privacy is key. For the better part of the last two years, Imperva has laid the foundation for our complian...
PT-2018-10495 · Intuit · Intuit Lacerte
Name of the Vulnerable Software and Affected Versions: Intuit Lacerte version 2017 Intuit Lacerte versions prior to 2017 Description: The software transfers the entire customer list in cleartext over SMB, allowing attackers to obtain sensitive information by sniffing the network or conduct...