Microsoft Kept Secret That Its Bug-Tracking Database Was Hacked In 2013

It was not just Yahoo among "Fortune 500" companies who tried to keep a major data breach incident secret. Reportedly, Microsoft had also suffered a data breach four and a half years ago in 2013, when a "highly sophisticated hacking group" breached its bug-reporting and patch-tracking database, b...

IBM Spectrum Protect Information Disclosure Vulnerability (CNVD-2017-29916)

IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from U.S.-based IBM that provides organizations with a single point of control and management, and support for backup and recovery of virtual, physical and cloud environments of all sizes. An...

Make way for the GDPR: Is your business ready?

In Week 2 of National Cyber Security Awareness Month NCSAM, the spotlight is on businesses—particularly, their more profound need to take cybersecurity seriously in this age of breaches. And what better way for them to start this off than to think about how they can improve on handling and storin...

The vulnerability of the monitoring system for critical equipment, StruxureWare Data Center Expert, arises from the lack of protection for operational data. This allows attackers to obtain product passwords in an unencrypted form.

The vulnerability of the StruxureWare Data Center Expert monitoring system relates to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor to obtain product passwords in an unencrypted form by reading the contents of the RAM...

The vulnerability of the microprogramming software used in Rockwell Automation’s Micrologix 1100 and Micrologix 1400 control systems lies in the lack of protection for operational data. This allows attackers to obtain user credentials in an unencrypted form by monitoring traffic between the browser and the server.

The vulnerability of the microprogramming software used in Rockwell Automation’s Micrologix 1100 and Micrologix 1400 controllers lies in the lack of protection for operational data. Exploiting this vulnerability can allow an attacker, operating remotely, to obtain user credentials in unencrypted...

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 25, 2017

A couple of years back, I remember working at a tradeshow booth and giving a demo to someone who was interested in our solution. He said, “Your solution is great, but I need something that will not let anyone from the outside in my network and I need something that will not let my employees do...

GDPR Requirements: Get Started with Classifier

The GDPR requires that organizations exhibit commitment to individuals’ data privacy by implementing a data protection by design and by default approach, meaning organizations need to build privacy and protection into their products, services, and applications. GDPR also mandates that organizatio...

PT-2017-11634 · Emc · Emc Data Protection Advisor

Name of the Vulnerable Software and Affected Versions: EMC Data Protection Advisor version 6.3.0 Description: This issue allows remote attackers to execute arbitrary code on vulnerable installations. Authentication is required to exploit this issue. The specific flaw exists within the EMC DPA...

(0Day) EMC Data Protection Advisor ScheduledReportResource Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of EMC Data Protection Advisor. Authentication is required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. Wh...

The vulnerability of Kaspersky Safe Browser’s antivirus protection lies in the lack of protection for service data, which allows attackers to obtain confidential information.

The vulnerability of Kaspersky Safe Browser lies in the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain confidential information using a specially crafted certificate. The problem is that Kaspersky Safe Browser does not...

The vulnerability of the multimedia framework of the Android operating system allows a perpetrator to gain access to protected data or execute arbitrary code.

The vulnerability of the multimedia framework of the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to protected data or execute arbitrary code within a privileged process...

EMC Data Protection Advisor Remote Command Injection Vulnerability

EMC Data Protection Advisor is data protection management software. A remote command injection vulnerability exists in the EMC Data Protection Advisor Application service implementation, which could be exploited by a remote attacker to submit a special request to execute arbitrary code in the...

EMC Data Protection Advisor < 6.4.130 Hardcoded Password Vulnerability

According to its self-reported version number, the EMC Data Protection Advisor running on the remote host is 6.3.x prior to 6.3 patch 67 or 6.4.x prior to 6.4 patch 130. It is, therefore, affected by a default credential vulnerability due to hardcoded passwords with the Apollo System Test,...

EMC Data Protection Advisor Hard Password Password Vulnerability

EMC Data Protection Advisor is a data protection management solution from EMC Corporation. The solution supports automated and centralized execution of all such data collection and analysis, as well as obtaining a single comprehensive view of the data protection environment and activities. An...

EMC Data Protection Advisor Hardcoded Password Vulnerability

EMC Data Protection Advisor contains undocumented accounts with hard-coded passwords that could potentially be exploited by malicious users to compromise the affected system. Versions 6.3.x and 6.4.x are affected. EMC Data Protection Advisor Hardcoded Password Vulnerability EMC Identifier:...

EMC Data Protection Advisor Application Service Static Credentials Authentication Bypass Vulnerability

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of EMC Data Protection Advisor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the EMC DPA Application service, which listens on TCP port 9002 by default. T...

Three Ways to Use Data Classification Scan Results

In July we launched Classifier, a free data classification tool that allows you to quickly and easily uncover sensitive data in your databases. Since its launch, the tool has been widely used around the globe, which comes as no surprise given the heightened focus on data protection. Furthermore,...

Lessons Learned from the Equifax Disaster

143 million U.S. consumers, Equifax.com users who may have been affected by the the worst data breach in history are receiving all sorts of advice including a free TrustedID product license from Equifax. But despite numerous public reports about the incident, there are still many important...

The Equifax Breach from a Geo Political Perspective

The Equifax breach stole names, addresses, birth dates, and credit card numbers for over 200,000 consumers. One might immediately assume that cyber criminals made the attack in order to sell the information to identity thieves who will run up fraudulent charges, file fake tax returns, defraud...

Encryption: Pros and Cons

The expression “when you are a hammer, everything is a nail” has a curious background. The concept belongs to a generalized law of the instrument which is a cognitive bias that occurs by being overly familiar with certain tools, and the likelihood of force-fitting problems to the tools at hand. A...