UVI-2021-1000263 ataflop: potential out of bounds in do_format()

ataflop: potential out of bounds in doformat This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...

SOC 2 Type 2 Guide⚠️: Compliance and Certification — Part 1

SOC 2 Type 2 Guide⚠️: Compliance and Certification — Part 1 First part. Learn about SOC 2 compliance. Why it matters when choosing a SaaS provider. Protect your clients’ privacy Every day, the way we use the internet continues to evolve. And as a result, it’s now easier for people to access their...

Becoming resilient by understanding cybersecurity risks: Part 4—navigating current threats

In part three of this blog series on aligning security with business objectives and risk, we explored what it takes for security leaders to shift from looking at their mission as purely defending against technical attacks, to one that focuses on protecting valuable business assets, data, and...

CVE-2021-32557

It was discovered that the processreport function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks...

Microsoft recognized as a Leader in The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021

In this new world of hybrid work, organizations face an increasing volume of data, ever-evolving regulations around how that data is protected, and an evolving complexity and frequency of data security breaches. To help our customers navigate this complex data landscape, we are focused on...

Microsoft recognized as a Leader in The Forrester Wave™: Unstructured Data Security Platforms, Q2 2021

In this new world of hybrid work, organizations face an increasing volume of data, ever-evolving regulations around how that data is protected, and an evolving complexity and frequency of data security breaches. To help our customers navigate this complex data landscape, we are focused on...

CVE-2021-20389

CVE-2021-20389 affects IBM Security Guardium 11.2, where user credentials are stored in plaintext on disk and readable by a local user. Root cause: credentials are stored in clear text, enabling local access to sensitive data. Impact: potential disclosure of credentials to anyone with local acces...

Want to stay ahead of emerging threats? Here’s how.

Are you working with good information? A key question security organizations might ask themselves with regard to emerging — or imminent — threats: Are the systems we have logging the correct information? They may need that information to hunt threats or to reconstruct what an attacker did while...

The Gig Economy Creates Novel Data-Security Risks

As businesses strive to move faster and faster, many are adopting a “just-in-time” strategy of spinning up human resources on demand – a phenomenon known as the gig economy, familiar to most via Uber, Instacart or DoorDash. But it’s a concept that enterprises are embracing too – inadvertently...

Nextcloud: No admin audit log for auth tokens

There seems to be no audit trail for auth tokens. Creating tokens Revoking tokens Scope changes Renames Marking the token to be wiped Impact As auth tokens are used to access your data having a track record when they are created helps a lot. If you also take https://hackerone.com/reports/1193321...

How a positive hybrid work culture can help you to mitigate insider risk

As Vasu Jakkal recently shared, we are operating in the most sophisticated threat landscape ever seen, and coupled with the next great disruption—hybrid work—security is more challenging than ever. Protecting from external threats is only one part of the challenge, though. You also must protect...

PYSEC-2021-487

TensorFlow is an end-to-end open source platform for machine learning. An attacker can access data outside of bounds of heap allocated array in tf.rawops.UnicodeEncode. This is because the...

CVE-2021-29610

CVE-2021-29610: TensorFlow QuantizeAndDequantizeV2 accepts axis values

Sifchain: Clickjacking /framing on sensitive Subdomain

Vulnerability Name : Clickjacking /framing Vulnerability Description : Clickjacking is an interface-based attack in which user is tricked into clicking on actionable content on a hidden website by clicking on some other content in a decoy website . Vulnerable Url :...

Anhui Jingqi Network Technology Co., Ltd. website building system has SQL injection vulnerabilities

Anhui Jingqi Network Technology Co., Ltd. was founded in 2006, the company is based on the informatization in the field of civil affairs and health, around the "prevention, treatment and maintenance" to provide the service users in the big health industry chain with intelligent medical care,...

Gig Workers Being Paid $500 for Payroll Passwords

Fintech startup Argyle, a financial-services platform aimed at gig workers, is working to replace credit scores assigned by bureaus like Equifax. But closer security analysis hints that Argyle could be just the latest incarnation of an ongoing data-collection campaign, paying people to give up...

Nextcloud: Scoped apptokens can be changed by that very apptoken

I noticed that there is the possibility to limit apptokens to not be able to access the filesystem. 1. Create a new apptoken in https://server/settings/user/security 2. Click the .. of your new apptoken and make it not allowed to access the filesystem 3. Log out 4. Navigate to...

Weak password vulnerability in TRENDnet webcams

TRENDnet is one of the world's leading data networking specialists. A weak password vulnerability exists in TRENDnet webcams, which can be exploited by attackers to obtain sensitive information...

CVE-2021-28150

CVE-2021-28150 affects Hongdian H8922 3.0.5. The NVD and related sources describe an information-disclosure flaw where an unprivileged guest can read cli.conf (containing the administrator password and other sensitive data) via /backup2.cgi. The issue is triggered by accessing backup2.cgi, enabli...

Hangzhou Yiduoyun Technology Co., Ltd. website building system has SQL injection vulnerabilities

Hangzhou Yiduoyun Technology Co., Ltd. is a high-tech enterprise in Hangzhou City, which focuses on enterprise informatization service for 15 years. Hangzhou Yiduoyun Technology Co., Ltd. website building system has a SQL injection vulnerability, attackers can use the vulnerability to obtain...