How the Solid Protocol Restores Digital Agency

The current state of digital identity is a mess. Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you've never heard of. These entities collect, store, and trade your...

The Age of Integrity

We need to talk about data integrity. Narrowly, the term refers to ensuring that data isn’t tampered with, either in transit or in storage. Manipulating account balances in bank databases, removing entries from criminal records, and murder by removing notations about allergies from medical record...

Configure The ntpd Service Properly

In the cluster scenario, the time of servers must be accurate and consistent. For example, if the server time is inconsistent, the data generated by different servers may be sorted or compared inaccurately. Even if you run the date command to set the time of all servers to the same value, the tim...

Director: Dashboard not showing correct session count data

Director dashboard showing wrong data Session count in Studio and Director Dashboard is incorrect...

Qualys Performance Tuning Series: Remove Stale Compliance Data for the Best Performance

In our first post in the Performance Tuning Series, we talked about removing stale assets to improve performance. In this installment, we will address the benefits of removing data once it becomes stale. Why does data become stale? The IT environment of any enterprise is very dynamic, and more so...

CVE-2024-54096

Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy...

Mind the Gap: How Surface Command Tackles Asset Visibility in Attack Surface Management

“Only 17% of organizations can clearly identify and inventory a majority 95% or more of their assets.” - Gartner Imagine the scenario: your organization has been exposed to a new zero-day vulnerability. You are responsible for Threat & Vulnerability Management TVM, you have asked your IT departme...

How to comply with GDPR requirements

Understanding the Basics of GDPR Compliance Within the sphere of cybersecurity, significant strides were made as the European Union EU introduced an innovative legislative tool called the General Data Protection Regulation GDPR, unveiled on May 25, 2018. This regulation highlights the EU's unifie...

Fixed in ClickHouse v24.1, 2024-01-30​

When toggling between user roles while using ClickHouse with query cache enabled, there is a risk of obtaining inaccurate data. ClickHouse advises users with vulnerable versions of ClickHouse not to use the query cache when their application dynamically switches between various roles...

CrossTicks is not called when Users claimConcentratedRewards.

Lines of code Vulnerability details Vulnerability Details The crossTicks function is called to keep track and update the ticks whenever a tick is crossed, as specified by the Natspec /// @notice Keeps track of the tick crossings /// @dev Needs to be called whenever a tick is crossed function...

Qualys Performance Tuning Series – Remove Stale Assets for Best Performance

As organizations transition to the cloud, their cloud environments and assets rapidly grow. Many of the assets within the cloud are ephemeral in nature, they exist for a few minutes, hours or days and then are terminated. These transitory assets pose a unique challenge from an asset and...

Chainlink oracle data can be stale

Lines of code Vulnerability details Impact Oracle data can be stale which can lead to wrong calculations for balancing indexes. Proof of Concept When lastRoundData is called only price is pulled from the provided data. RoundId should be checked to ensure the data is updated. Recommended Mitigatio...

CVE-2021-34573

CVE-2021-34573 affects Enbra EWM v1.7.29. Multiple external records (CNVD/CNNVD, CVE lists) describe an access control error wherein event returns and the “No flow”/backflow events are not re-recognized or are misinterpreted when used with several wireless M-Bus sensors. This can lead to incor...