Multiple Imperva Products Earn 2022 Fortress Cyber Security Awards

In June, the Business Intelligence Group announced that three Imperva products have earned the 2022 Fortress Cyber Security Awards. The mission of this prestigious award program is to identify and reward leading companies and products globally that are successfully keeping data and electronic...

EFB ePIL. Pinching passenger PII from pilots

TL;DR The Passenger Information List PIL is often now available on EFBs and crew devices. It stores information such as passenger names, seat numbers, and customer services information. Digital versions of the PIL enable crew to offer more bespoke customer service Information on a PIL is differen...

CVE-2022-31134 Zulip Server public data export contains attachments that are non-public

Zulip is an open-source team collaboration tool. Zulip Server versions 2.1.0 above have a user interface tool, accessible only to server owners and server administrators, which provides a way to download a "public data" export. While this export is only accessible to administrators, in many...

KuppingerCole rates Microsoft as outstanding in functionality for secure collaboration

We are excited to share that Microsoft has been rated "Outstanding in Functionality" in the KuppingerCole Market Compass for Secure Collaboration, May 2022. Microsoft was also the only company to be awarded the highest possible score of "Strong Positive" in all five categories: security,...

The Benefits of Including Static Data Masking in Your Security Arsenal

Static data masking SDM is defined as, “The act of permanently replacing sensitive data at rest with a realistic fictional equivalent for the purpose of protecting data from unwanted disclosure.” Industry analysts characterize SDM as a must-have data protection layer capable of protecting large...

CVE-2022-27549

HCL Launch may store certain data for recurring activities in a plain text format...

CVE-2022-27549

CVE-2022-27549 affects HCL Launch. The vulnerability is an information-disclosure issue where data for recurring activities may be stored in plain text, exposing sensitive information and impacting confidentiality. Reported in multiple sources (NVD entry and CNVD/CNNVD references), with CVSS metr...

TikTok Assures U.S. Lawmakers it's Working to Safeguard User Data From Chinese Staff

Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security." The admission that some China-based employees can access...

4 breakthrough ideas for compliance and data security

Compliance management will never be easy, but there are ways to make it simpler and more transparent. Every year, organizations confront a growing volume and diversity of data and ever-evolving industry and government regulations. But the answer to more data, more devices, and more regulations...

Determining “Need to share vs. Need to know” is a Cornerstone of a Data Protection Strategy

There is a paradox that lies at the heart of data security. Data itself only has real value if an organization can share it with stakeholders that need it to perform their roles. However, the more widely an organization shares data the greater the risks of the data being compromised. Data securit...

MAL-2022-2338 Malicious code in data-mil-thor-ww1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8053d089451ed8507fbeeb5bab186384aa4650ed7d7b11facc30681356ae26ef Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Internet Safety Month: 7 tips for staying safe online while on vacation

Going on vacation has never been more talked about and anticipated. I mean—for many of us, its been a while. But before you get lost in dreamy thoughts of sun, sea, and sand, you might want to set aside some time to plan on how to keep your devices, and your data, safe while you are relaxing Your...

How to Password Protect Any File

Put a digital lock on your most important data...

CVE-2022-29948

CVE-2022-29948 affects Lepin EP-KP001 (KP001_V19) USB flash drive. The root cause is insecure hardware design allowing an attacker to bypass password authentication by replacing the device’s microcontroller with one controlled by the attacker, whose passcode is known. This enables unlocking the e...

Connected Healthcare: A Cybersecurity Battlefield We Must Win

Connected Healthcare: A Cybersecurity Battlefield We Must Win By Charles McFarland · June 6, 2022 We are commonly taught to prioritize the most critical, severe, or impactful tasks when trying to conquer a list of intimidating problems. Yet, how is this possible when presented with two tasks of...

The Cybersecurity CIA Triad: What You Need to Know as a WordPress Site Owner

One of the core concepts of cybersecurity is known as the CIA Triad. There are three pillars to the triad, with each pillar being designed to address an aspect of securing data. These three pillars are Confidentiality, Integrity, and Availability. The Confidentiality pillar is intended to prevent...

Twitter Fined $150 Million for Misusing Users' Data for Advertising Without Consent

Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission FTC to settle allegations that it abused non-public information collected for security purposes to serve targeted ads. In addition to the monetary penalty...

CVE-2022-22127

Tableau Server (Local Identity Store) is affected by a broken access control vulnerability (CVE-2022-22127). A malicious site administrator can change passwords for users across different sites hosted on the same Tableau Server, enabling unauthorized access to data. Affected versions include 2020...

IBM InfoSphere BigInsights Invalid Input Vulnerability

Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data...

380K Kubernetes API Servers Exposed to Public Internet

More than 380,000 Kubernetes API servers allow some kind of access to the public internet, making the popular open-source container-orchestration engine for managing cloud deployments an easy target and broad attack surface for threat actors, researchers have found. The Shadowserver Foundation...