What is IAM (Identity and Access Management) ❓

Would you like to leave your locker open, with valuables inside, while you’re leaving town or going to sleep? Of course not, as doing so is a foolish act and is like sending invitations to the buglers. Similarly, one shouldn’t leave its database and information center open for all. This will lead...

AI-driven adaptive protection against human-operated ransomware

In human-operated ransomware attacks, threat actors use predictable methods to enter a device but eventually rely on hands-on-keyboard activities to move inside a network. To fortify our existing cloud-delivered automated protection against complex attacks like human-operated ransomware, we...

SAP Commerce 授权问题漏洞

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. The product supports sales management, marketing management, order management, and operations management. SAP Commerce suffers from an authorization issue vulnerability that stems from the product's lack of authorization...

Cisco Umbrella Enumeration Vulnerability

Cisco Umbrella is a suite of cloud security platforms from Cisco. The platform prevents cyber threats such as phishing, malware and ransomware. Cisco Umbrella suffers from an enumeration vulnerability that stems from an overly descriptive error message appearing on the dashboard when a user...

New insights on cybersecurity in the age of hybrid work

As we approach the last week of Cybersecurity Awareness Month, I think about what is top of mind for myself and my peers in security. The past year has continued the 2020s major shift in the way organizations operate. Recent data shows that 81 percent of enterprise organizations have begun the mo...

New insights on cybersecurity in the age of hybrid work

As we approach the last week of Cybersecurity Awareness Month, I think about what is top of mind for myself and my peers in security. The past year has continued the 2020s major shift in the way organizations operate. Recent data shows that 81 percent of enterprise organizations have begun the mo...

Information disclosure

IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630...

Security Bulletin: IBM App Connect Enterprise Certified Container could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors (CVE-2021-29906)

Summary IBM App Connect Enterprise may include the hash of an IBM Cloud API key that is used by an Integration Server in the Pod definition of that Integration Server. This is only present if the Integration Server is configured to communicate with the cloud-based connectors in a cloud instance o...

NetIQ Access Manager Denial of Service Vulnerability

NetIQ Access Manager provides a simple, secure and scalable solution to handle all your web access needs. Whether your users are accessing on-premise or cloud-based services using a cell phone or laptop, Access Manager is secure and provides a single sign-on experience.A denial-of-service...

The pitfalls of relying only on your ISP for DDoS protection

Relying on your Internet Service Provider ISP for DDoS protection is like going to a restaurant known for the freshest, tastiest seafood and ordering beef. Sure, they have it on the menu and they are happy to sell it to you, but the experience is not likely to compare well to what you’d have in a...

Cloudflare mitigated one of the largest DDoS attack involving 17.2 million rps

Web infrastructure and website security company Cloudflare on Thursday disclosed that it mitigated the largest ever volumetric distributed denial of service DDoS attack recorded to date. The attack, launched via a Mirai botnet, is said to have targeted an unnamed customer in the financial industr...

Top Routinely Exploited Vulnerabilities

Summary This Joint Cybersecurity Advisory was coauthored by the U.S. Cybersecurity and Infrastructure Security Agency CISA, the Australian Cyber Security Centre ACSC, the United Kingdom’s National Cyber Security Centre NCSC, and the U.S. Federal Bureau of Investigation FBI. This advisory provides...

Dogged Persistence -- The Name of the Game for One DDoS Attacker

With DDoS, we typically observe a moderate degree of attacker persistence. DDoS attacks are relatively easy to launch from a number of online booter services, and the availability of cryptocurrencies for payment has made it easy to remain anonymous. Attackers can try their hand at DDoS for little...

The vulnerability of the cloud-based video digitization, annotation, and format conversion application for Adobe Prelude lies in insufficient validation of input data, allowing a perpetrator to execute arbitrary code.

The vulnerability of the cloud-based video conversion, annotation, and format conversion application for Adobe Prelude is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially crafted file...

Zero Trust Adoption Report: How does your organization compare?

From the wide adoption of cloud-based services to the proliferation of mobile devices. From the emergence of advanced new cyberthreats to the recent sudden shift to remote work. The last decade has been full of disruptions that have required organizations to adapt and accelerate their security...

Zero Trust Adoption Report: How does your organization compare?

From the wide adoption of cloud-based services to the proliferation of mobile devices. From the emergence of advanced new cyberthreats to the recent sudden shift to remote work. The last decade has been full of disruptions that have required organizations to adapt and accelerate their security...

Why Your Business Needs a Long-Term Remote Security Strategy

When COVID-19 first emerged, companies across all sectors of the economy were forced to rapidly transition to remote work. The goal was simple: Ensuring business continuity in the face of an unprecedented challenge — a challenge that most assumed would come and go in short order. As vaccines...

Security for AWS Lambda Serverless Applications

Serverless computing is another beautiful cloud-based advancement for developers. But, like all applications, proper security is required to maximize the benefits. Learn more in this article...

Why You’re Not Making the Leap from Compliance to a Database Security Strategy

Gartner strongly recommends that the concept of “big data strategy” should be replaced with “making big data part of our everyday strategy.” Technology has created a database activity explosion for most enterprises and made traditional agent-based data logging, monitoring, and auditing far too...

Huawei eCNS280_TD Resource Management Error Vulnerability

Huawei eCNS280TD is the core network equipment of Huawei's wireless broadband trunking system in China. Based on Network Functions Virtualization NFV and cloud-based architecture design, it provides network functions of traditional core networks, but also provides capacity configurations for each...