470 matches found
Hanwha Techwin Smartcam Authentication Bypass Vulnerability
Hanwha Techwin Smartcam is a series of security surveillance cameras based on cloud-based services. An authentication bypass vulnerability exists in Hanwha Techwin Smartcam. An attacker can exploit the vulnerability to bypass authentication...
Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform
Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Securit...
Security Camera Found Riddled With Bugs
CANCUN, Mexico – Tech firm Hanwha Techwin is racing to fix 13 critical security holes found in its popular line of SmartCam security cameras. The patch rollout is part of public disclosure of the vulnerabilities set for today by researchers who discovered the bugs. Flaws range from the use of an...
CVE-2018-0208
CVE-2018-0208 affects Cisco Registered Envelope Service (cloud based) web-based management interface. The issue is insufficient validation of user-supplied input, enabling an authenticated, remote attacker to perform cross-site scripting (XSS) against a user of the interface. Exploitation require...
With the Predictive Security Cloud (PSC) Leading the Way, Carbon Black is Named One the “Coolest 20 Vendors in Endpoint Security” by CRN
Editor’s Note: Victor Baez, Carbon Black’s VP of WW Channel and this blog’s author, was recently named a 2018 CRN Channel Chief. As part of CRN's annual Security 100 list, 20 endpoint companies have been named “Coolest Endpoint Security Vendors of 2018.” Carbon Black is among them. We are honored...
Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform
Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Securit...
Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform
Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Securit...
NetRefer Chooses Imperva Incapsula WAF: A Case Study
Since 2005, companies have been using NetRefer’s performance marketing software to fully automate their affiliate programs. From enrollment through customer relationship management CRM, tracking, finance and rewards management and payments, NetRefer’s Unified Performance Marketing Platform...
Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform
Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Securit...
Essays from 7 Experts on Moving to a Cloud-Based Endpoint Security Platform
Carbon Black recently published a series of essays about the experiences of experts in the field on information security as they moved their endpoint security program to the cloud; this is one of those essays. To read the full series check out 7 Experts on Moving to a Cloud-Based Endpoint Securit...
Carbon Black Named a Visionary in Gartner’s 2018 Magic Quadrant for Endpoint Protection Platforms
For the second consecutive year, Carbon Black has been named a “Visionary” in Gartner’s Magic Quadrant for Endpoint Protection Platforms. For this year’s edition of the MQ, Gartner evaluated Cb Defense, our flagship solution built on the Cb Predictive Security Cloud ™ PSC. Our vision for the PSC ...
Excerpts from Preparing for NGAV at Scale: Easy Operation at Enterprise Scale
Carbon Black recently published a guide to help enterprises gauge their readiness in their initial search for next-generation antivirus, or NGAV; this is the last excerpt from that guide, which you can find here. For more information about how Cb Defense, Carbon Black's NGAV + EDR solution, helps...
Fixing the Meltdown and Spectre vulnerabilities
Two days ago, Graz University of Technology published a paper describing a pair of attacks on common microprocessors. The underlying vulnerability affects Intel, AMD, and ARM processors. All contemporary microprocessors pre-execute instructions. In other words, the vulnerability bypasses address...
Developers Targeted in ‘ParseDroid’ PoC Attack
Researchers have developed a proof of concept attack that could impact the millions of users of integrated development environments such as Intellij, Eclipse and Android Studio. Attacks can also be carried out against servers hosting development environments in the cloud. The attack vector was...
Uber Reveals 2016 Breach of 57 Million User Accounts
Ride-hailing service Uber Technologies revealed Tuesday that the company suffered a breach of 57 million Uber user accounts in 2016. According to reports, Uber then attempted to cover up the incident by paying $100,000 to attackers to keep the hack a secret and delete the data. Dara Khosrowshahi,...
CVE-2017-12290
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service a cloud-based service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are du...
CVE-2017-12322
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service a cloud-based service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are du...
Cross site scripting
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service a cloud-based service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are du...
CVE-2017-12291
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service a cloud-based service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are du...
CVE-2017-12320
Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service a cloud-based service could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are du...