AI and Machine Learning: Boosting Compliance and Preventing Spam

Some of the most advanced strategies in the current technology and analytics spaces include artificial intelligence and machine learning. These innovative approaches can hold nearly endless possibilities for technological applications: from the ability to eliminate manual work and enable software...

Enhanced Infrastructure DDoS Protection Analytics: Targeted Visibility for Greater Accuracy

We've rolled out enhanced infrastructure protection analytics which shows top traffic patterns for traffic flowing through our Incapsula Infrastructure DDoS Protection service. Imperva clients can now view network statistics categorized by source or destination IPs and ports, or by packet size fo...

Facebook Suspends Analytics Firm Over Surveillance Concerns

Online data privacy is again being thrust into the spotlight after Facebook announced Friday it suspended yet another analytics firm due to concerns about the collection and sharing of data. The company is launching an investigation into whether Boston-based Crimson Hexagon’s collection of public...

Microsoft Intelligent Security Association expands with new members and products

Last April, we introduced theMicrosoft Intelligent Security Associationa group of 19 security technology providers who have integrated their solutions with a select set of Microsoft products to provide customers better protection, detection, and response. Today, we are pleased to announce five ne...

CVE-2018-5436

The Spotfire server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contain multiple vulnerabilities that may allow for the disclosure of information, including user and data source credentials. Affected releases are TIBCO Softwa...

CVE-2018-5436

CVE-2018-5436 affects TIBCO Spotfire Platform for AWS Marketplace (up to 7.12.0) and TIBCO Spotfire Server (up to 7.8.1; 7.9.0; 7.10.0; 7.11.0; 7.12.0). The vulnerabilities may disclose information, including user and data source credentials. CVSSv3 base score 8.8 (HIGH) with NETWORK attack vecto...

QSC18 Virtual Edition – Building Security In: The Qualys Cloud Platform and Architecture

Digital transformation, driven primarily by the DevOps movement, represents a new opportunity “to redo IT from scratch, but more importantly, to redo security from scratch,” Sumedh Thakar, Qualys' Chief Product Officer, said during QSC18 Virtual Edition. Specifically, organizations can organicall...

CVE-2018-1460

CVE-2018-1460 affects IBM Netezza Platform Software (IBM PureData System for Analytics) versions 7.0.4 through 7.2.1.6. A local attacker can modify a world-writable file to execute commands with root privileges, enabling local privilege escalation. IBM’s security bulletin confirms the vulnerabili...

WordPress WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin <= 1.8 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by ThreatPress Research Team in WordPress WooCommerce Enhanced Ecommerce Analytics Integration with Conversion Tracking plugin versions = 1.8. Solution 3 June 2018 - plugin still closed by WordPress Security team, no patched version available...

When Looking at Data, It’s All A Matter of Preference

Are you a cash or card kind of person? Currency has always been fascinating to me. Plenty of us grew up with parents who predominantly carried cash, paid all bills through mail, and even balanced a checkbook! I will never forget the days of taking my paychecks down to the bank and waiting in line...

CVE-2018-1413

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138819...

CVE-2018-1413

CVE-2018-1413 affects IBM Cognos Analytics 11.0, with cross-site scripting via the Web UI that could lead to credentials disclosure in a trusted session. IBM IBM Cognos Bulletins/NTAP references confirm the vulnerability and list 11.0.11.0 as the fixed release. Remediation: upgrade to IBM Cognos ...

Securing the modern workplace with Microsoft 365 threat protection – part 1

This post is authored by Debraj Ghosh, Senior Product Marketing Manager, Microsoft 365 Security. The roots of Microsoft 365 threat protection Over the next few weeks, well introduce you to Microsoft 365s threat protection services and demonstrate how Microsoft 365s threat protection leverages...

CVE-2018-2803

Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications subcomponent: Report. The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

CVE-2018-2803

CVE-2018-2803 affects Oracle Hospitality Reporting and Analytics, Report subcomponent, in Oracle Hospitality Applications version 9.0. The vulnerability allows a low privileged, network-accessible attacker (via HTTP) to create, delete, or modify data, and to access critical data across Oracle Hos...

CVE-2018-5429 TIBCO JasperReports Library Code Sandboxing Problem

A vulnerability in the report scripting component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports...

CVE-2015-7433

IBM Capacity Management Analytics 2.1.0.0 allows local users to discover cleartext usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107862...

CVE-2015-7432

IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by leveraging access to setenv.sh and parameter.txt. IBM X-Force ID: 107861...

CVE-2015-7433

IBM Capacity Management Analytics 2.1.0.0 allows local users to discover cleartext usernames and passwords by leveraging access to the CMA install machine. IBM X-Force ID: 107862...

Cross site request forgery (csrf)

A vulnerability in the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to improper CSRF protection by the affected application. An attacker could...