NICER Protocol Deep Dive: Internet Exposure of etcd

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

Shifting from Network Security to Data Security

The world-wide events of 2020 have meant that organisations have had to simply react and adapt. More data is being moved to the cloud, applications are built in cloud environments, and more and more databases are being used to support the shift in the way we work. 59% of enterprises believe their...

CVE-2020-26838

SAP BW/ BW4HANA are affected by a code-injection vulnerability (CVE-2020-26838) that can be exploited by an authenticated attacker with high developer privileges through a crafted request to execute OS commands. Affected versions include SAP Business Warehouse (700, 701, 702, 731, 740, 750, 751, ...

CVE-2020-5799

The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data...

Ransomware attack disrupts Metro Vancouver’s payment systems

By Deeba Ahmed The payments systems remained ineffective for three days after the ransomware attack, but payment data is safe, claims TransLink. This is a post from HackRead.com Read the original post: Ransomware attack disrupts Metro Vancouvers payment systems...

File-sharing and cloud storage sites: How safe are they?

There it is again—that annoying message that pops up when your email client informs you that a file is too big to attach. Those of us that are confronted with this problem on a regular basis—and those of us that want to attach files that could get picked up by anti-malware scanners along the...

Kmart, Latest Victim of Egregor Ransomware – Report

Retail stalwart Kmart has suffered a ransomware attack at the hands of the Egregor gang, according to a report. The incident has encrypted devices and servers connected to the company’s networks, knocking out back-end services, according to BleepingComputer. The outlet obtained the purported rans...

7 Simple Ways to Make Your Android Phone More Secure

Here's how to lock down your data and stop others from snooping on your personal information...

Virtual Hackathon Generates Next Generation of Imperva Innovation

“How do we run a global hackathon amid a global pandemic?” That was my first thought when I began planning the 2020 Imperva Hackathon earlier this year. While the event is designed to foster innovation and uncover new ideas, in a global company like ours it’s also about making new friends and...

2021 Healthcare Cybersecurity Priorities: Experts Weigh In

Healthcare cybersecurity is in triage mode. As systems are stretched to the limits by COVID-19 and technology becomes an essential part of everyday patient interactions, hospital and healthcare IT departments have been left to figure out how to make it all work together, safely and securely. Most...

Logic Flaw Vulnerability in the Account Appeal Function of the Identity Management System of Lianyi Technology Co.

As the security authentication and authorization center of the digital campus, the identity management system provides a series of comprehensive authentication, authorization control and management tools to provide all-round and multi-level licensing, control and management of data access and use...

GaussDB Kernel: Configuring the SSL Protocol

The SSL protocol improves data security and integrity for network communications. You are strongly advised to use SSL for TCP or IP connections when using the database. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

Robot Vacuums Suck Up Sensitive Audio in ‘LidarPhone’ Hack

Researchers have uncovered a new attack that lets bad actors snoop in on homeowners’ private conversations – through their robot vacuums. The vacuums, which utilize smart sensors in order to autonomously operate, have gained traction over the past few years. The attack, called “LidarPhone” by...

CVE-2020-28924

CVE-2020-28924 affects rclone prior to 1.53.3. The issue stems from using a weak random number generator in the password generator, producing low-entropy passwords deterministically tied to the startup time. Attack surface includes encryption in the crypt backend, enabling potential password gues...

Safeguard Identity Data at the Source

Leverage Identity Cloud's built-in tooling to safeguard your customers' data from unnecessary exposure When your customers create an account on your website or application, they are entrusting their valuable information with you in order to establish a relationship. To maintain that relationship,...

TYPO3 cross-site scripting vulnerability (CNVD-2021-26150)

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Typo3 Association. TYPO3 suffers from a cross-site scripting vulnerability that originates from insufficient processing of user-supplied data in the system extension Fluid typo3 / cms-fluid when...

Safeguard Identity Data at the Source

When your customers create an account on your website or application, they are entrusting their valuable information with you in order to establish a relationship. To maintain that relationship, they need to have faith that you will protect their information...

Systemic non-compliance: the root cause of pain for healthcare organizations

Recently, I was fortunate enough to experience the joys of becoming a father as my wife and I welcomed our first child into the world. It was one of the most beautiful experiences of my life and Im grateful for the advances we have made in modern medicine and technology. I mention this personal...

RUSTSEC-2020-0151 Generators can cause data races if non-Send types are used in their generator functions

The Generator type is an iterable which uses a generator function that yields values. In affected versions of the crate, the provided function yielding values had no Send bounds despite the Generator itself implementing Send. The generator function lacking a Send bound means that types that are...

Scams Ramp Up Ahead of Black Friday Cybercriminal Craze

The number of online holiday shoppers this year is expected to skyrocket due to the pandemic – and consequently, consumers can expect an onslaught of scams, phishing attacks and other malicious activities. The risk of infection is driving consumers to shop from the safety of their homes, rather...