160 matches found
Cross site request forgery (csrf)
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2....
Cross site scripting
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0,...
PT-2020-15815 · Wso2 · Wso2 Identity Server Analytics +8
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.2.0 WSO2 API Manager Analytics versions 2.2.0 WSO2 API Microgateway versions 2.2.0 WSO2 Data Analytics Server versions 3.2.0 WSO2 Enterprise Integrator versions through 6.6.0 WSO2 IS as Key Manager versions 5.5.0...
CVE-2020-24704
CVE-2020-24704 is a reflected XSS vulnerability affecting multiple WSO2 products (API Manager, API Manager Analytics, API Microgateway, Data Analytics Server, Enterprise Integrator, IS as Key Manager, Identity Server/Analytics, and IoT Server) with versions listed in the Initial description. The ...
CVE-2020-24703
CVE-2020-24703 affects multiple WSO2 products: API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0–...
CVE-2020-24704
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0,...
PT-2020-15814 · Wso2 · Wso2 Identity Server Analytics +8
Name of the Vulnerable Software and Affected Versions: WSO2 API Manager versions 2.2.0 WSO2 API Manager Analytics versions 2.2.0 WSO2 API Microgateway versions 2.2.0 WSO2 Data Analytics Server versions 3.2.0 WSO2 Enterprise Integrator versions through 6.6.0 WSO2 IS as Key Manager versions 5.5.0...
OSSEM - Open Source Security Events Metadata
The Open Source Security Events Metadata OSSEM is a community-led project that focuses primarily on the documentation and standardization of security event logs from diverse data sources and operating systems. Security events are documented in a dictionary format and can be used as a reference fo...
The vulnerability of Intel’s Data Analytics Acceleration Library, related to permission processing errors, allows attackers to disclose protected information.
The vulnerability of the Intel Data Analytics Acceleration Library is related to permission processing errors. Exploiting this vulnerability can allow attackers to disclose sensitive information that is protected by the library’s security measures...
Ring Doorbell App for Android Caught Sharing User Data with Facebook, Data-Miners
UPDATE Amazon’s Ring Doorbell app for Android is a nexus for data-harvesting, according to an investigation by the Electronic Frontier Foundation EFF. Privacy advocates allege Ring goes so far as to silently deliver updates on Ring customer usage to Facebook, even if the Ring owner doesn’t have a...
Intel® DAAL Advisory
Summary: A potential security vulnerability in the Intel® Data Analytics Acceleration Library DAAL may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2019-14629 Description: Improper permissions in Inte...
CVE-2019-8632
CVE-2019-8632 concerns Texture’s analytics data being sent over HTTP instead of HTTPS. The issue affects Texture versions prior to the fixed releases and could allow interception of analytics data by an attacker in a privileged network position. The connected sources specify fixed versions: Textu...
Mordor - Re-play Adversarial Techniques
The Mordor project provides pre-recorded security events generated by simulated adversarial techniques in the form of JavaScript Object Notation JSON files for easy consumption. The pre-recorded data is categorized by platforms, adversary groups, tactics and techniques defined by the Mitre ATT&CK...
How Machine Learning is Changing the Face of Financial Services
Artificial intelligence AI has become integrated into our everyday lives. It powers what we see in our social media newsfeeds, activates facial recognition to unlock our smartphones, and even suggests music for us to listen to. Machine learning, a subset of AI, is progressively integrating into o...
Facebook Removed Tens of Thousands of Apps Post-Cambridge Analytica
Facebook said it has suspended tens of thousands of apps as part of its ongoing investigation into how third-party apps on its platform collect, handle and utilize users’ personal data. The results of the investigation, launched in March 2018 in response to Facebook’s infamous Cambridge Analytica...
Implementing EQR — Creating a Solution for Real-Time Processing of Disparate Big Data Sources
Building an Event Query Router for Big Data Translation and Processing In a previous post, we discussed the data engineering challenge of scaling security. Analyzing the volume and variety of data required by a cybersecurity application isn’t an easy process, so we are always looking for innovati...
How much personalization is too much?
This story originally ran in The Parallax on January 25, 2019, and was written by Dan Tynan. In 2012, when Target used data analytics to identify customers who were expecting a baby, then mailed them coupons for maternity clothing and nursery furniture, it inadvertently revealed a teenage girl’s...
Why Election Trust is Dwindling in a Post-Cambridge Analytica World
LONDON, UK – The 2018 Facebook-Cambridge Analytica incident opened the world’s eyes to how much private user data was being collected, shared and sold. But experts worry that future ramifications of this scandal go way beyond Facebook and have created distrust in the election process as a whole...
Broadcast Operations Control Center (BOCC): Enabling OTT Broadcast Operations
So, what is the BOCC? Simply put, Akamai runs a state-of-the-art Broadcast Operations Control Centre, the BOCC, to help ensure smooth and seamless end-user play-back experience for live OTT Over the Top and linear video delivered through Akamai Media Delivery Solutions. To phrase it more...
Google Launches Backstory — A New Cyber Security Tool for Businesses
Google's one-year-old cybersecurity venture Chronicle today announced its first commercial product, called Backstory, a cloud-based enterprise-level threat analytics platform that has been designed to help companies quickly investigate incidents, pinpoint vulnerabilities and hunt for potential...