Importance of Application Security and Customer Data Protection to a Startup

When you are a startup, there are umpteen things that demand your attention. You must give your hundred percent probably even more! to work effectively and efficiently with the limited resources. Understandably, the application security importance may be pushed at the bottom of your things-to-do...

CVE-2021-1135

CVE-2021-1135 concerns Cisco Data Center Network Manager (DCNM) REST API vulnerabilities. The issue arises from an incorrect denylist comparison in a REST API path, enabling an authenticated, remote attacker to view, modify, or delete data without proper authorization. Affected DCNM versions prio...

CVE-2021-2119

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

CVE-2021-2110

CVE-2021-2110 affects Oracle Argus Safety (Letters component) with affected version 8.2.2. The Red Hat/NVD entries confirm a network-accessible issue exploitable by a low-privileged attacker over HTTP, leading to unauthorized read access to a subset of Oracle Argus Safety data (confidentiality im...

Oracle Food and Beverage Applications 安全漏洞

Oracle Hospitality Reporting and Analytics is a web-based application that centralizes point-of-sale POS data to provide operational and analytical insights into business operations and improve efficiency by delivering information to all roles within an organization. An unspecified vulnerability...

Cloud Attacks Are Bypassing MFA, Feds Warn

The Feds are warning that cybercriminals are bypassing multi-factor authentication MFA and successfully attacking cloud services at various U.S. organizations. According to an alert issued Wednesday by the Cybersecurity and Infrastructure Security Agency CISA, there have been “several recent...

Backdoor.Win32.NinjaSpy.c Remote Stack Buffer Overflow

Discovery / credits: malvuln - Malvuln.com c 2021 Original source: https://malvuln.com/advisory/6eece319bc108576bd1f4a8364616264.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.NinjaSpy.c Vulnerability: Remote Stack Buffer Overflow Description: The specimen drop...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

Default configuration

An issue was discovered in Veritas Desktop and Laptop Option DLO before 9.4. On start-up, it loads the OpenSSL library from /ReleaseX64/ssl. This library attempts to load the /ReleaseX64/ssl/openssl.cnf configuration file, which does not exist. By default, on Windows systems, users can create...

Forcepoint and Microsoft: Risk-based access control for the remote workforce

This blog post is part of the Microsoft Intelligence Security Association MISA guest blog series. Learn more about MISA here. Adopting cloud-based services as part of an organization’s digital transformation strategy is no longer optional, its a necessity. Last year, only 18 percent of the...

CVE-2020-35898

An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...

Rust Resource Management Error Vulnerability

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in actix-service crate before 1.0.6 for Rust, where the Cell implementation allows obtaining multiple mutable references to the same data...

The Advantages and Risks of Serverless Computing

Organizations are increasingly embracing serverless computing for its convenience and cost-effectiveness. But many IT teams are blindly embracing this innovation in cloud technology without consulting their security peers. As a result, we can expect to see a growing number of cyber-attacks in thi...

Eavesdropping on Phone Taps from Voice Assistants

The microphones on voice assistants are very sensitive, and can snoop on all sorts of data: In Hey Alexa what did I just type? we show that when sitting up to half a meter away, a voice assistant can still hear the taps you make on your phone, even in presence of noise. Modern voice assistants ha...

Telemed Poll Uncovers Biggest Risks and Best Practices

Healthcare organizations have gone virtual during the COVID-19 pandemic, just like the rest of us – with the use of telehealth services becoming the go-to format for med checks, routine consultations and therapist visits. But how safe are these services when it comes to patient data? In an...

CVE-2020-26251

Open Zaak (version prior to 1.3.3) had a wide-open CORS policy allowing any client, which could enable cross-origin scripts to access the API. The CVE notes that Open Zaak 1.3.3 disables CORS by default, with opt-in possible via environment variables. The publicly provided documents state that ex...

Air-Gap Attack Turns Memory Modules into Wi-Fi Radios

Super-secure air-gapped computers are vulnerable to a new type of attack that can turn a PC’s memory module into a modified Wi-Fi radio, which can then transmit sensitive data at 100 bits-per-second wirelessly to nearly six feet away. Noted air-gap researcher Mordechai Guri created the...

CVE-2020-17437

CVE-2020-17437 affects uIP 1.0 (used in Contiki 3.0 and similar) where the TCP Urgent flag and Urgent pointer are not properly bounded. When urgent data is ignored, code uses the Urgent pointer as an offset to separate urgent data, but the offset length isn’t checked, allowing the data pointer to...

Governance Considerations for Democratizing Your Organization's Data in 2021

With the continuing rise of IoT devices, mobile networks, and digital channels, companies face a lot of pressure to generate meaningful and actionable insights from the wealth of data they capture. Gartner Research lists data democratization as one of the top strategic technology trends to watch...

Governance Considerations for Democratizing Your Organization's Data in 2021

With the continuing rise of IoT devices, mobile networks, and digital channels, companies face a lot of pressure to generate meaningful and actionable insights from the wealth of data they capture. Gartner Research lists data democratization as one of the top strategic technology trends to watch...