Facebook slapped with $1.43 million fine for violating users' privacy in Spain

Facebook is once again in trouble regarding its users' privacy. The social media giant has recently been heavily fined once again for a series of privacy violations in Spain. Recently, Google also incurred a record-breaking fine of $2.7 billion €2.42 billion by the European antitrust officials fo...

The vulnerability of the backup tool for virtual machines in vSphere Data Protection, caused by deserialization issues, allows a perpetrator to execute commands on the device.

The vulnerability of the backup tool for vSphere Data Protection stems from deserialization issues. Exploiting this vulnerability allows a malicious actor to execute commands on the device remotely...

The vulnerability of the iOS operating system, due to errors in processing NAS messages, allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the iOS operating system arises due to buffer overflow. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the information protected during the processing of Downlink NAS messages in Qualcomm Telephony. Th...

VMware vSphere Data Protection (VDP) Multiple Vulnerabilities

VMware vSphere Data Protection VDP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Data Protection and the GDPR Job Market

The May 2018 deadline for full GDPR compliance will be upon us all before we know it. The GDPR will affect all organizations—regardless of their location—that handle personal data coming out of the EU. Article 37 of the GDPR requires organizations to retain a data protection officer DPO if, among...

EMC Data Protection Advisor ScheduledReportResource Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within...

EMC Data Protection Advisor RequestHistoryResource orderby SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within...

EMC Data Protection Advisor BaseRestEntityResource orderby SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within...

EMC Data Protection Advisor ReportQueueResource orderby SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of EMC Data Protection Advisor. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be easily bypassed. The specific flaw exists within...

Targeted Attack Landscape: A Continuing Threat

When planning the cyber defenses of an organization, it's important to factor in the total threat landscape - including continuing threats as well as emerging security issues. In this way, organizations can create a more holistic data protection posture. While not seen in many headlines currently...

Ransomware is Here to Stay: So How Do I Protect My Data?

Ransomware is the gift that keeps on giving for cybercriminals. Google research revealed recently that online extortionists have managed to grab more than $25 million from their victims over the past two years. Other estimates suggest businesses and netizens handed over as much as $1 billion in...

VMware VDP Known SSH Key Exploit

VMware vSphere Data Protection appliances 5.5.x through 6.1.x contain a known ssh private key for the local user admin who is a sudoer without password. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/ssh'...

Visit Trend Micro at VMworld 2017

Trend Micro will be at VMworld 2017 in Las Vegas on August 27th – 31st, showing why experience matters when it comes to automated security for your data center and cloud environments. Stop by our booth, 610, to chat with our security experts, and enter our daily draws to win a Phantom 3 Drone! Se...

Hacker Publishes iOS Secure Enclave Firmware Decryption Key

A hacker Thursday afternoon published what he says is the decryption key for Apple iOS’ Secure Enclave Processor SEP firmware. The hacker, identified only as xerub, told Threatpost that the key unlocks only the SEP firmware, and that this would not impact user data. “Everybody can look and poke a...

CVE-2017-6772

CVE-2017-6772 affects Cisco Elastic Services Controller (ESC) v2.3(2). A vulnerability causes information disclosure due to insufficient protection of sensitive data. An authenticated, remote attacker can view sensitive system configuration files by logging in and navigating to certain configurat...

CVE-2017-6784

A vulnerability in the web interface of the Cisco RV340, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerability is due to Cisco...

Unquoted Service Path Privilege Escalation in ThinkPad Active Protection System - us

Lenovo Security Advisory: LEN-15765 Potential Impact: Privilege Escalation Severity: High Scope of Impact: Lenovo Specific CVE Identifier: CVE-2017-3756 Summary Description: A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems. An attacker wi...

Countdown to GDPR: IT Policy Compliance

From the first page, the EU’s General Data Protection Regulation stresses the importance it places on the security and privacy of EU residents’ private information. The 88-page document opens by referring to the protection of this personal data as a “fundamental right” essential for “freedom,...

vCenter Server Appliance - Backup/Restore Recommendations

Native File-Based Backup and Restore Recommended vCenter Server Appliance Data Integrity Best Practices recommends using the native file-based backup and restore operations to protect the vCenter Server Appliance. Review: VMware vSphere User Guide: Considerations and Limitations for File-Based...

Companies Could Face $22 Million Fine If They Fail to Protect Against Hackers

Over the past few years, massive data breaches have become more frequent and so common that pretty much every week we heard about some organisation being hacked or hacker dumping tens of millions of users records. But even after this wide range of data breach incidents, many organisations fail to...