CVE-2017-8013

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

CVE-2017-8013

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

CVE-2017-8013

CVE-2017-8013 affects EMC Data Protection Advisor 6.3.x (before patch 67) and 6.4.x (before patch 130). Root cause: undocumented accounts with hard-coded passwords (Apollo System Test, emc.dpa.agent.logon, emc.dpa.metrics.logon) enabling access via REST APIs and potentially administrative privile...

CVE-2017-8013

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". An attacker with knowledge of the password...

EMC Data Protection Advisor < 6.4.110 Database Hardcoded Password Vulnerability

According to its self-reported version number, the EMC Data Protection Advisor running on the remote host is 6.3.x prior to 6.3 patch 159 or 6.4.x prior to 6.4 patch 110. It is, therefore, affected by a default credential vulnerability due to hardcoded password with the appolosuperuser database...

Our Journey to GDPR Compliance: Lessons learned on our way to May 25th

With the European Union’s EU General Data Protection Regulation GDPR date fast approaching, we have been working hard to make sure our already strong security culture and policies will align with the new regulation. As GDPR is a very broad law that includes people, process, and technology, workin...

Getting ready for May 25th

How Wallarm helps with GDPR On May 25, 2018 the General Data Protection Regulation GDPR becomes enforceable. Both European and international companies are reviewing their existing data processing practices to ensure their are in compliance with the new standard, as the proposed non-GDPR complianc...

NIST Cybersecurity Framework Series Part 1: Identify

The National Institute of Standards and Technology created the Cybersecurity Framework NIST CSF four years ago under the Obama administration. Recently, the framework received added attention when President Donald Trump signed a cybersecurity executive order in May 2017, mandating that government...

Dell EMC Data Protection Advisor Local Hardcoded Credential Information Disclosure Vulnerability

Dell EMC Data Protection Advisor is a suite of data protection management solutions from Dell USA. The solution supports automated and centralized execution of all such data collection and analysis, as well as obtaining a single comprehensive view of the data protection environment and activities...

CVE-2018-1206

Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where D...

Hardcoded credentials

Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where D...

CVE-2018-1206

Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where D...

CVE-2018-1206

Dell EMC Data Protection Advisor is affected by CVE-2018-1206 in versions prior to 6.3 Patch 159 and prior to 6.4 Patch 110, due to a hardcoded admin database account named apollosuperuser. A local attacker with server access and knowledge of this password could gain unauthorized access to the Da...

CVE-2018-1206

Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and Dell EMC Data Protection Advisor versions prior to 6.4 Patch 110 contain a hardcoded database account with administrative privileges. The affected account is "apollosuperuser." An attacker with local access to the server where D...

GDPR: The Stakes Are High and Time Is of the Essence

With the General Data Protection Regulation GDPR going into effect in under three months, the countdown clock is fast approaching zero for organizations worldwide that handle personal data of EU residents. GDPR is a very broad and wide-ranging regulation that requires organizations to obtain a lo...

Building an incident response program: creating the framework

In part one of our series, our overview of Building an incident response plan, we discussed what regulations organizations will need to meet in order to address incident/breach response protocols laid out in the EU’s General Data Protection Regulation GDPR. This week, we’ll talk to you about step...

How to Ensure Data Protection Regulation Compliance in Your Company

By Ryan De Souza Data protection has never been more important, and keeping up This is a post from HackRead.com Read the original post: How to Ensure Data Protection Regulation Compliance in Your Company...

The vulnerability of EMC Avamar backup system, EMC NetWorker backup and recovery system, and EMC Integrated Data Protection Appliance – related to deficiencies in authentication procedures – allows attackers to bypass these authentication processes.

The vulnerabilities of the EMC Avamar backup system, the EMC NetWorker backup and recovery system, and the EMC Integrated Data Protection Appliance are related to deficiencies in authentication procedures. Exploiting these vulnerabilities allows a malicious actor to bypass authentication procedur...

The Sixth Question(s) Today’s CEOs Should Ask (& Know the Answers To)

In a previous blog, we discussed Commander’s Intent for CEOs and introduced 10 questions CEOs should be asking their teams. In this blog series, I am going to take a deeper dive into each question and break them down one at a time. We will discuss why CEOs should care about each question and the...

Apple Moves iCloud Data and Encryption Keys for Chinese Users to China

Apple has finally agreed to open a new Chinese data center next month to comply with the country's latest controversial data protection law. Apple will now move the cryptographic keys of its Chinese iCloud users in data centers run by a state-owned company called Cloud Big Data Industrial...