The vulnerability of the MembersApp component of the SAP NetWeaver software integration platform allows a hacker to disclose user information.

The vulnerability of the MembersApp component of the SAP NetWeaver software integration platform is related to insufficient data protection. Exploiting this vulnerability allows a malicious actor to obtain user information such as listing user names by taking advantage of the temporary difference...

New EU Privacy Law May Weaken Security

Companies around the globe are scrambling to comply with new European privacy regulations that take effect a little more than three months from now. But many security experts are worried that the changes being ushered in by the rush to adhere to the law may make it more difficult to track down...

Can Consumers' Online Data Be Protected?

Everything online is hackable. This is true for Equifax's data and the federal Office of Personal Management's data, which was hacked in 2015. If information is on a computer connected to the Internet, it is vulnerable. But just because everything is hackable doesn't mean everything will be hacke...

Microsoft Intune App PIN Bypass

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Microsoft Intune 1 Vendor: Microsoft CSNC ID: CSNC-2017-027 Subject: App PIN Bypass Risk: Medium Effect: Locally exploitable Author: Stephan Sekula Date: 31.08.2017 Introduction: ------------- Define a mobile...

Secure VPN Services — Get 91% Off On Lifetime Subscriptions

Since most of us rely upon the Internet for day-to-day activities, hacking and spying have become a prime concern today, and so have online security and privacy. The governments across the world have been found to be conducting mass surveillance and then there are hackers and cybercriminals who a...

Countdown to GDPR: For GDPR Compliance, Web App Security Is a Must

With web and mobile apps becoming a preferred vector for data breaches, organizations must include application security in their plans for complying with the EU's General Data Protection Regulation GDPR. First discussed in the 1990s and turned into law in 2016, GDPR goes into effect in May of thi...

GDPR and Breach Detection: How to Ask the Right Questions to Meet the GDPR Breach Notification Rule

It is now less than four months before the General Data Protection Regulation GDPR becomes effective. This new data regulation of the European Union is designed to provide individuals with rights and protections over their personal data collected by business around the world. It aims to unify dat...

Data Privacy in the Age of IoT

On Data Privacy Day, January 28th, we should have all taken a few moments to think more carefully about safeguarding our personal data, staying safe online, and improving our privacy habits. Just what does that mean in the age of IoT — the Internet of Things? In previous years, cyber threats most...

EMC Data Protection Advisor Application Service Static Credentials Authentication Bypass (CVE-2017-8013)

A static credentials authentication bypass vulnerability exists in the EMC Data Protection Advisor Application service...

SA163: OpenSSH Vulnerability October 2017

SUMMARY Symantec Network Protection products using affected versions of OpenSSH are susceptible to a security vulnerability. A remote attacker with read-only access to an SFTP server can create a large number of zero-length files and deplete the target's hard disk space. AFFECTED PRODUCTS The...

Popular Sonic the HedgeHog Apps at Risk of Leaking User Data to Unverified Servers

Three Sonic the Hedgehog games for Android, downloaded over 100 million times, are at risk of leaking user geolocation and other personal device data to suspicious servers, putting users at risk of man-in-the-middle attacks and similar type vulnerabilities, according to security experts. The game...

Security Strategies for DevOps, APIs, Containers and Microservices

More and more IT professionals see DevSecOps, a practice which integrates security measures earlier in the development process to improve production code quality, as a mainstay for future application development. Much of this stems from the growing trend towards speeding up application developmen...

Cisco Policy Suite Unauthenticated Information Disclosure Vulnerability

A vulnerability in the Policy and Charging Rules Function PCRF of the Cisco Policy Suite CPS could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The attacker would also have to have access ...

Fighting Ransomware

No More Ransom is a central repository of keys and applications for ransomware, so people can recover their data without paying. It's not complete, of course, but is pretty good against older strains of ransomware. The site is a joint effort by Europol, the Dutch police, Kaspersky, and McAfee...

How to Protect Your Personal Data in 3 Simple Ways

By Carolina As the big tech corporations are coming under increased attack This is a post from HackRead.com Read the original post: How to Protect Your Personal Data in 3 Simple Ways...

The vulnerability of the sane-backends package, related to insufficient protection of operational data, allows a perpetrator to breach data confidentiality.

The vulnerability of the sane-backends package is related to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise data confidentiality using the specially crafted SANENETCONTROLOPTION package...

The vulnerability of the libgcrypt11 library, related to the lack of protection for service data, allows attackers to compromise data confidentiality.

The vulnerability of the libgcrypt11 library is related to the lack of protection for service data. Exploiting this vulnerability allows a local attacker to compromise the confidentiality of data by fully recovering the RSA key, using a sliding window technique from left to right...

Cloud Database Migration Peer Insights [Study]

Not long ago, for security, compliance or other reasons, it was unthinkable for many regulated organizations to move sensitive data into the cloud. It’s striking how things have changed. Maybe it was inevitable that services like email were cloud migration candidates. People trust Microsoft, and...

SA161: Local Information Disclosure Due to Meltdown and Spectre Attacks

SUMMARY Symantec Network Protection products, which run on an affected CPU chipset and execute arbitrary code from external sources, are susceptible to several information disclosure vulnerabilities aka Meltdown and Spectre attacks. A remote attacker, with the ability to execute arbitrary code...

In-Spectre-Meltdown - Tool to identify Meltdown & Spectre Vulnerabilities in processors

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 Meltdown and CVE-2017-5715 Spectre allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways ...