Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime affect IBM Content Classification (CVE-2016-0494, CVE-2016-0466 and CVE-2016-0603)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6.0 that is used by IBM Content Classification. These vulnerabilities have different impacts and different levels of risk. Vulnerability Details CVEID: CVE-2016-0494 DESCRIPTION: An unspecifie...

Security Bulletin: Vulnerabilities in Content Classification due to security vulnerabilities in Oracle Outside In Technology and Oracle Java Development Kits

Summary Security vulnerabilities in Oracle Outside In Technology and Oracle Java Development Kits JDKs can affect the security of IBM Content Classification, also known as IBM InfoSphere Classification Module. Vulnerability Details CVE ID: CVE-2013-5791 . DESCRIPTION: The Oracle Outside In...

Security Bulletin: Vulnerability in IBM Content Classification (CVE-2013-5879, CVE-2014-0411)

Summary CVE-2013-5879 Oracle Outside In Technology Outside In Maintenance unauthorized access CVE-2014-0411 A vulnerability exists in IBM SDK Java™ Technology Edition Version 6 that is shipped with IBM Content Classification. It is related to the Java™ Secure Socket Extension component...

Monitoring Data & Data Access to Support Ongoing GDPR Compliance – Part III: Tools

The new European Union EU-wide General Data Protection Regulation GDPR was signed into law in late April 2016, and the compliance deadline came into effect on May 25, 2018. The Regulation is expansive and covers a variety of subject areas, provisions, and actions in the form of documented Article...

Vulnerability Databases: Classification and Registry

What publicly available Vulnerability Databases do we have? Well, I can only say that there are a lot of them and they are pretty different. Here I make an attempt to classify them. It's quite an ungrateful task. No matter how hard you try, the final result will be rather inaccurate and incomplet...

Reverse Engineering the Analyst: Building Machine Learning Models for the SOC

Many cyber incidents can be traced back to an original alert that was either missed or ignored by the Security Operations Center SOC or Incident Response IR team. While most analysts and SOCs are vigilant and responsive, the fact is they are often overwhelmed with alerts. If a SOC is unable to...

SQL Injection Vulnerability in youke 365 1.0.7

Uc365 website classification and navigation system is a cross-platform open source software, based on PHP + MYSQL development and construction of open source website classification and catalog management system. A SQL injection vulnerability exists in the Uke365 Website Classifieds Navigation...

GDPR Is Here: Assess Risk from Vendors and from Internal Teams

Organizations must manage risk from third parties such as contractors and suppliers, and from internal staffers and teams, as part of their compliance program for the EU’s General Data Protection Regulation GDPR. The need to manage vendor risk in particular is stressed repeatedly throughout the...

Data classification and protection now available for structured data in SQL

This post is authored by Gilad Mittelman, Senior Program Manager, SQL Data Security. Data privacy and data security have become one of the most prominent topics in organizations in almost every industry across the globe. New regulations that formalize requirements are emerging around these topics...

Flexense DiskSorter Enterprise Cross-Site Scripting Vulnerability

Flexense DiskSorter Enterprise is a file classification solution from Flexense Canada. The solution supports classification of files on local disks, network shares, NAS storage devices and enterprise storage systems. A cross-site scripting vulnerability exists in Flexense DiskSorter Enterprise...

Configuring Imperva SecureSphere for GDPR Compliance: Part One

Time is running out. 23 days until GDPR enforcement The GDPR effective date is less than a month away and, given the significant risk and potential costs associated with a failure to comply, organizational readiness efforts continue to mount. GDPR non-compliance penalties can be severe up to 79...

SUSE SLED12 / SLES12 Security Update : Recommended update for LibreOffice (SUSE-SU-2018:1076-1)

LibreOffice was updated to version 6.0.3. Following new features were added : - The Notebookbar, although still an experimental feature, has been enriched with two new variants: Grouped Bar Full for Writer, Calc and Impress, and Tabbed Compact for Writer. The Special Characters dialog has been...

Critical Actions to Finalize Your GDPR Compliance Program

Starting May 25, 2018, enforcement begins for the new EU General Data Protection Regulation GDPR and its heightened principles and requirements regarding data privacy, data processing, and data security. The newly revised regulation applies to organizations doing business in the European Union or...

glibc security, bug fix, and enhancement update

2.17-222 - Restore internal GLIBCPRIVATE symbols for use during upgrades 1523119 2.17-221 - CVE-2018-1000001: Fix realpath buffer underflow 1534635 - i386: Fix unwinding for 32-bit C++ application 1529982 - Reduce thread and dynamic loader stack usage 1527904 - x86-64: Use XSAVE/XSAVEC more often...

How to Tune Your Database Security to Protect Big Data

As digital information and data continues to accumulate worldwide, new big data solutions grow more and more popular. The introduction of IoT into our lifestyle, which turns appliances into smart data logging machines, along with organizations tracking behaviors for data science and research...

securesafeaccess.com XSS vulnerability

Open Bug Bounty ID: OBB-591600 Description| Value ---|--- Affected Website:| securesafeaccess.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Data Security Solutions for GDPR Compliance

Enforcement of the new EU General Data Protection Regulation GDPR adopted in 2016 starts on May 25, 2018. It requires all organizations that do any business in the EU or that collect or process personal data originating in the EU to comply with the regulation. Organizations that do not have a...

DEBIAN-CVE-2018-7421

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification...

CVE-2018-7421

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification...

Design/Logic Flaw

In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-dmp.c by correctly supporting a bounded number of Security Categories for a DMP Security Classification...