Anatomy of a Security Super Bowl Dynasty, Part 2: The Offense

Imperva’s Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled Creating a Security Super Bowl Dynasty. In this presentation, they used examples of how teams create consistent, sustainable success in American...

EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2021-1566)

According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar...

jenkins: Path traversal vulnerability in agent names

A flaw was found in jenkins. Users with Agent/Configure permissions can choose agent names that cause an override to the global config.xml file. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

CVE-2021-23977

CVE-2021-23977 affects Firefox on Android, a time-of-check-time-of-use vulnerability allowing a malicious app to read sensitive data from other application directories. The issue is limited to Firefox for Android and does not impact other OS variants; affected versions are Firefox

Scammers, profiteers, and shady sites? It must be tax season

US tax season is upon us, a time of the year when a special kind of vermin comes crawling out of the woodwork: tax scammers! Not that their goals are any different from any other scammers. They want your hard-earned dollars in their pockets. Most of the tax-related attacks follow a few tried and...

What’s Different About Data Security in the Cloud? Almost Everything.

Well before the onset of the pandemic most organizations had a digital transformation plan in place which included migrating workloads to new modern architectures, usually a private, public, or hybrid cloud. As the challenges caused by COVID-19 became more acute, these organizations accelerated...

Code injection

Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

Cloud Data Security is Now Available in AWS Marketplace

We’re pleased to announce that Imperva Cloud Data Security is now available in the Amazon Web Services Marketplace. Database security shouldn’t be hard, so Imperva has made it simple. Imperva Cloud Data Security CDS is a SaaS solution specifically designed to secure organizations’ data stored in...

The Coronavirus Pandemic Is Widening the Cybersecurity Skills Gap

While there are undoubtedly many major challenges within the world of cybersecurity, one of the principal roadblocks to the implementation of effective data security is the lack of skilled cybersecurity practitioners. In a November 2019 report, the International Information System Security...

nodejs-dot-prop: prototype pollution

A prototype pollution flaw was found in nodejs-dot-prop. The function set could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or proto paths. The highest threat from this vulnerability is to data confidentiality and integrity as well a...

How cloud data distracts businesses from correct data security practices

By Waqas Companies are migrating to cloud-based servers to store their data. More than half of all businesses report that their data is stored in the cloud. This is a post from HackRead.com Read the original post: How cloud data distracts businesses from correct data security practices...

A playbook for modernizing security operations

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post from our new Voice of the Community blog series, Microsoft Product Marketing Manager Natalia Godyla talks with Dave Kennedy, Founder and...

CVE-2020-28645

CVE-2020-28645 affects the ownCloud Core before version 10.6. The issue, described as deleting users with certain names causing system files to be deleted, implies a vulnerability in user handling where specific usernames trigger file deletions when data directories are web-rooted. The available ...

Ensuring Security and Compliance in AWS RDS with CDS

If you use AWS RDS, your organization is part of a worldwide trend. Forward-thinking companies everywhere are embracing database-as-a-service DBaaS to help bring new applications and services to market faster, or to reduce the cost and complexity of their database operations. What isn’t changing...

2021 KuppingerCole Leadership Compass names Imperva an overall leader for Database and Big Data Security

It is my pleasure to report that in their 2021 overview of the market for Database and Big Data Security solutions, leading technology analyst KuppingerCole has identified Imperva as an Overall Leader for the first time. Imperva scored five out of five for product security, functionality,...

CVE-2020-8585

CVE-2020-8585 affects NetApp OnCommand Unified Manager Core Package before version 5.2.5. The vulnerability enables disclosure of sensitive account information to unauthorized users via PuTTY Link (plink). No exploitation details are provided in the documents; the root cause is described as an in...

Why Data Security and Privacy in the digital age are crucial

Privacy is considered a basic human right but, with so much of our personal data now ‘out there’ in cyberspace, how private can it really be? Data is everywhere, and with rising internet usage, an increase in cloud technologies, and our growing reliance on IoT devices, it continues to grow...

SQL Injection Vulnerability in Online Order Management System of Foshan Dute Software Technology Co.

Foshan Dutt Software Technology Co., Ltd, is a company specializing in the development and promotion of enterprise management software. Foshan Dutt Software Technology Co., Ltd. online order management system has a SQL injection vulnerability, which can be exploited by attackers to obtain sensiti...

Knight CMS suffers from SQL injection vulnerability (CNVD-2021-09683)

Knight CMS is based on PHP + MYSQL as the core development of a set of free + open source professional recruitment system. Knight CMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in the Website Building System of Shandong Thinking Cloud Education Technology Co.

Ltd. was established on June 02, 2003 by Shandong Imagine Cloud Education Technology Co. The company's business scope includes: software development and production, technical consulting and services; computer technology development, technology transfer; Internet information services; computer...