How CISOs are preparing to tackle 2022

Looking back over the last year, the security landscape has continued to experience significant change and escalation. Every day, we see the toll this is taking on organizations of all sizes as they navigate the enduring challenges of the pandemic, the expansion of the digital estate, and the...

Imperva Champions Data Privacy Week 2022

As a cybersecurity industry leader, Imperva is working with the National Cybersecurity Alliance NCA as a 2022 Data Privacy Week Champion to promote the need for businesses to prioritize data privacy and protection and the importance of individuals and companies to secure their online data. As par...

CVE-2022-21345

CVE-2022-21345 affects Oracle PeopleSoft Enterprise PeopleTools (Security) on versions 8.58 and 8.59. A low-privilege, network-accessible (HTTP) flaw could lead to unauthorized access to sensitive data. CVSSv3.1 base score 6.5 (Confidentiality). Oracle’s January 2022 CPU references fixes; apply t...

CVE-2022-21693

Onionshare (CVE-2022-21693) has a filesystem-access vulnerability where code execution within the Onionshare process can read files across the user home folder. The issue allows an adversary with a primitive filesystem access context to leak sensitive data; however, automatic exclusion of hidden ...

CVE-2022-21673

Grafana Forward OAuth Identity vulnerability (CVE-2022-21673) affects Grafana data sources with Forward OAuth Identity enabled, allowing API token holders to access data tied to the most recently logged-in user. Root cause: data sources with the Forward OAuth Identity feature enabled, OAuth enabl...

The Log4j Vulnerability Puts Pressure on the Security World

It’s not my intention to be alarmist about the Log4j vulnerability CVE-2021-44228, known as Log4Shell, but this one is pretty bad. First of all, Log4j is a ubiquitous logging library that is very widely used by millions of computers. Second, the director of the U.S. Cybersecurity & Infrastructure...

SSH Host Based Authentication

Introduction Are you an organization that manages or hosts a huge pool of resources on remote locations/servers? Well, host-based authority-validation technique is the most-suited way to manage the access and control rights related to your hardware and applications. Once implemented, this identit...

Being Naughty to See Who Was Nice: Machine Learning Attacks on Santa’s List

Editor’s note: We had planned to publish our Hacky Holidays blog series throughout December 2021 – but then Log4Shell happened, and we dropped everything to focus on this major vulnerability that impacted the entire cybersecurity community worldwide. Now that it’s 2022, we’re feeling in need of...

Analytics Are Essential for Effective Database Security

We have all heard the saying, “early detection is critical.” This is true in most aspects of our daily lives; in everything from medical diagnosis, automobile issues, a leaky roof, credit card fraud, etc. It should come as no surprise that this is especially true in the context of data security...

Why Data Security is crucial?

By Owais Sultan Whether you are working for a business, or you use the internet for personal use, protecting your data… This is a post from HackRead.com Read the original post: Why Data Security is crucial?...

Cyberattackers Hit Data of 80K Patients at Fertility Centers of Illinois

The protected health information of nearly 80,000 patients of Fertility Centers of Illinois FCI may have been pawed over by cyber intruders following a cyberattack. FCI runs four clinics across Illinois. According to the U.S. Department of Health and Human Services HHS Office for Civil Rights’ da...

What is IP sniffing?

IP sniffers, also known as packet sniffers, network analyzers, or protocol analyzers, are tools which play an essential role in the monitoring of networks, and in troubleshooting network-related issues. In essence, IP sniffing is monitoring traffic over a TCP/IP network. IP sniffers intercept the...

2021 in Review, Part 3: 5 Things Security Professionals Were Discussing this Year

Today, everyone is talking about CVE-2021-44228, and with good reason. But before that, here were five of the issues that dominated virtual “water cooler talk” in 2021: 5. Data security in the cloud Champion heavyweight boxer Mike Tyson said, “Everyone has a plan until they get punched in the...

What is SAML authentication ❓ How does it work ❓

Enterprises using various business apps have a tough time maintaining data’s secrecy and access grants as per user roles throughout the infrastructure landscape. SAML Security Assertion Markup Language shows up as a great aid at this front. Let’s see what is it, how it works, what are its...

CVE-2021-4135

A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsimmapallocelem being called. A local user could use this flaw to get unauthorized access to some data...

Relay races, batons, and techniques: How to improve your cloud security posture

In 2008, the US 4x100m relay team was the favorite to win the gold medal at the Beijing Olympics. Not a massive surprise, considering that team included the second fastest athlete in history, Tyson Gay. It was a great shock though when the team blundered on the last exchange, dropping the baton,...

Build successful data security evaluation criteria with help from your peers

When you evaluate data security products it is imperative to have the end goal in sight. If you look forward 365 days from now, what is the best way to predict how your team will use the product so that you can communicate the value that it will provide? One approach is to examine operational...

CVE-2020-16155

CVE-2020-16155 affects CPAN::Checksums package 2.12 for Perl. The root cause is that the package does not uniquely define signed data, as described in multiple sources. The available documents confirm the existence of the issue but do not provide specifics on affected products beyond this Perl mo...

What is AES Advanced Encryption Standard ❓

In any case, AES cipher is the famous framework that aids in digital encoding facts making use of a maintained 128-digit, 192-piece, or 256-cycle symmetric encryption estimate from the Advanced Encryption Standard AES, additionally called FIPS 197. The AES is a PC protection general for obtaining...

The cost of data security – it’s not just about the numbers

Organizations striving to improve their security posture often find this a multi-faceted challenge. In addition to the security product evaluation itself, security budgets are tight and justification is a necessary step. Financial language, however, is not everyone’s forte - and fiscal presentati...