CVE-2023-0487 My Sticky Elements < 2.0.9 - Admin+ SQLi

The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection exploitable by high privilege users such as admin...

TikTok probed over child privacy practices

The privacy protection authorities for Canada, Quebec, British Columbia, and Alberta have announced they will start an investigation into TikTok's privacy practices, especially in relation to its younger users. The investigation will include whether the company obtained valid and meaningful conse...

Cybersecurity health and how to stay ahead of attackers with Linda Grasso

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Community Voices blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Linda Grasso, the...

Breaking the Security "Black Box" in DBs, Data Warehouses and Data Lakes

Security teams typically have great visibility over most areas, for example, the corporate network, endpoints, servers, and cloud infrastructure. They use this visibility to enforce the necessary security and compliance requirements. However, this is not the case when it comes to sensitive data...

Breaking the Security "Black Box" in DBs, Data Warehouses and Data Lakes

Security teams typically have great visibility over most areas, for example, the corporate network, endpoints, servers, and cloud infrastructure. They use this visibility to enforce the necessary security and compliance requirements. However, this is not the case when it comes to sensitive data...

Improper access control

LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device...

Dell Alienware Command Center Input Validation Error Vulnerability

Dell Alienware Command Center is a series of gaming laptops from Dell, U.S.A. An input validation error vulnerability exists in Dell Alienware Command Center version 5.5.37.0 and prior, which stems from incorrect validation of user input. An attacker could use this vulnerability to send malicious...

Introducing Adaptive Protection in Microsoft Purview—People-centric data protection for a multiplatform world

At Microsoft, we never stop working to protect you and your data. If the evolving cyberattacks over the past three years have taught us anything, it’s that threat actors are both cunning and committed. At every level of your enterprise, attackers never stop looking for a way in. The massive...

SaaS in the Real World: Who's Responsible to Secure this Data?

When SaaS applications started growing in popularity, it was unclear who was responsible for securing the data. Today, most security and IT teams understand the shared responsibility model, in which the SaaS vendor is responsible for securing the application, while the organization is responsible...

Design/Logic Flaw

IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504...

CVE-2023-23624 Discourse's exclude_tags param could leak which topics had a specific hidden tag

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...

CVE-2023-0463

CVE-2023-0463 affects Devolutions Remote Desktop Manager 2022.3.29–2022.3.30. The root cause is that the force offline MFA prompt setting is not respected when switching to offline mode, allowing a user to save sensitive data on disk. Impact: local compromise of data confidentiality, integrity, a...

Digital event highlights new features in Microsoft Purview

Keeping your company and customer data secure has never been more complex. With multiple clouds, legacy on-premises systems, and numerous devices, it can be hard to keep track of what data you have and where it lives. On top of that, ever-changing employee roles make managing who has access to wh...

Design/Logic Flaw

Vulnerability in the Oracle Communications BRM - Elastic Charging Engine product of Oracle Communications Applications component: Customer, Config, Pricing Manager. Supported versions that are affected are 12.0.0.3.0-12.0.0.7.0. Easily exploitable vulnerability allows high privileged attacker wit...

Oracle Hospitality Reporting and Analytics 安全漏洞

Oracle Hospitality Reporting and Analytics is an Oracle platform for hotels that generates reports for analyzing operational data. Oracle Hospitality Reporting and Analytics has a security vulnerability that can be exploited by an attacker to cause unauthorized creation, deletion, or modification...

Gartner® Report: Questions to Ask When Selecting an MDR Provider

Measuring against the right criteria The “right” criteria is whatever works to further your security organization’s specific needs in detection and response D&R. There’s only so much budget to go around—and successfully obtaining a significant year-over-year increase can be rare. The last thing...

Is the FSI innovation rush leaving your data and application security controls behind?

Fuelled by rising consumer expectations for innovative services and easy real-time access to financial products and information, financial services industries FSI and fintech organizations are racing to out-innovate each other and capture market share. The sizeable growth of investments into the...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to buffer overflow in OpenSSL (CVE-2021-3711).

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to buffer overflow in OpenSSL, caused by improper bounds checking by the EVPPKEYdecrypt function within implementation of the SM2 decryption. CVE-2021-3711. OpenSSL is used as part of the base image included in...

Kibana 7.8.0 < 7.15.2 Multiple Vulnerabilities

According to its self-reported version number, the Kibana application running on the remote host is 7.8.0 prior to 7.15.2. It is, therefore, affected by : - Path Traversal on Windows operating systems specifically CVE-2021-37938 - Information Disclosure in Kibana's JIRA connector & IBM Resilient...

PT-2023-9845

Name of the Vulnerable Software and Affected Versions Windows BitLocker affected versions not specified Description A security-feature bypass issue exists in the Windows BitLocker component caused by a race condition, which occurs when multiple processes attempt to access the same resource...