7667 matches found
Legal Robot: [Cross-domain Referer leakage] Password reset token leakage via referer
A security researcher discovered that sensitive information, like password reset tokens could still be leaked to analytics services like Google Analytics or via the Referer sic header. Even though tokens were immediately invalidated, we decided to re-engineer the process to eliminate any...
July 25, 2017 – Morning Cyber Coffee Headlines – “Henry Ford” Edition
Good morning! Sit with Carbon Black this morning over a cup of coffee or tea and browse a few industry headlines to get the day started. We’ve got just enough information below to get you through that first cup…enjoy! July 25, 2017 - Headlines UK gov wants teens to practice cybersecurity in their...
CVE-2017-5529
JasperReports library components contain an information disclosure vulnerability. This vulnerability includes the theoretical disclosure of any accessible information from the host file system. Affects TIBCO JasperReports Library Community Edition versions 6.4.0 and below, TIBCO JasperReports...
Legal Robot: Token leakage by referrer header & analytics
A security researcher discovered that sensitive information, like password reset tokens could still be leaked to analytics services like Google Analytics or via the Referer sic header. Even though tokens were immediately invalidated, we decided to re-engineer the process to eliminate any...
Static Versus Dynamic Data Masking
Most participants in the trench warfare of IT security agree that the best way to protect data is to apply a layered approach to security. Data masking is a security and privacy enhancing technology recommended by industry analysts as a must-have data protection layer. While terminology varies...
An Analytical Framework for Network Data: Flare
An Analytical Framework for Network Data Flare is a network analytic framework designed for data scientists, security researchers, and network professionals. Written in Python, it is designed for rapid prototyping and development of behavioral analytics, and intended to make identifying malicious...
Analytics Tracker < 1.1.1 - XSS
The Analytics Tracker WordPress plugin was affected by a XSS security vulnerability...
IBM BigFix Compliance Analytics Security Bypass Vulnerability
IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. A security bypass...
Database of Over 198 Million U.S. Voters Left Exposed On Unsecured Server
Information on more than 198 Million United States citizens, that's over 60% of the US population, was exposed in what's believed to be the largest ever known exposure of voter-related to date. This blunder was caused by Deep Root Analytics DRA, a data analytics firm employed by the US Republican...
IBM BigFix Security Compliance Analytics Information Disclosure Vulnerability
IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. IBM BigFix Security Complian...
IBM BigFix Security Compliance Analytics Weak Default Password Vulnerability
IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. A security vulnerability...
IBM BigFix Security Compliance Analytics Cross-Site Scripting Vulnerability
IBM BigFix Security Compliance Analytics is a suite of systems management software from IBM in the United States. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other functions. A cross-site scripting...
Today’s File Security is So ‘80s, Part 2: Detect Suspicious File Access with Dynamic Peer Groups
In a previous post, we shared three primary reasons why the traditional, static approach to file security no longer works for today’s modern enterprises. Working groups are formed organically and are cross-functional by nature, making a black and white approach to file access control outdated—it...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an...
CVE-2017-1179
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431...
CVE-2017-1179
IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431...
CVE-2017-1179
CVE-2017-1179 affects IBM BigFix Compliance Analytics 1.9.79, where information disclosure occurs due to the use of weaker-than-expected cryptographic algorithms, potentially allowing an attacker to decrypt highly sensitive data. The available connected documents identify the vulnerability class ...
CVE-2017-1125
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340...
Code injection
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340...
CVE-2017-1125
IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340...