openGauss: Configuring the SSL Protocol

The SSL protocol improves data security and integrity for network communications. You are strongly advised to use SSL for TCP or IP connections when using the database. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright ...

Toymaker Mattel Hit by Ransomware Attack

Top toymaker Mattel revealed it was a victim of a ransomware attack that successfully encrypted some data and temporarily crippled a limited number of business functions. The disclosure was part of a U.S. Securities Exchange Commission SEC disclosure filed in late October. Mattel reported the...

Code42 Incydr Series: Why Most Companies Can’t Stop Departing Employee Data Theft

Here’s the single clearest sign of insider risk: an employee’s resignation letter. A 2019 study found that 72% of employees take company data when they leave, according to Infosecurity Magazine. Fortunately, you don’t need fancy technology to figure out who these risky users are — they tell you!...

Unauthorized Access Vulnerability in the Threat Awareness Platform of Beijing Weibu Online Technology Co.

Beijing MicroStep Online Technology Co., Ltd. provides threat detection products and services, and is committed to becoming a threat discovery and response expert for enterprise customers. An unauthorized access vulnerability exists in the threat awareness platform of Beijing MicroStep Online...

CVE-2019-4349

IBM Maximo Anywhere 7.6.2.x and 7.6.3.x support on deprecated Android OS versions can expose confidentiality and integrity of the service. The vulnerability arises from installing Maximo Anywhere on a non-recommended OS (Android API level 14), with a CVSS base score of 3.5 (LOW). Affected product...

Back to the future: What the Jericho Forum taught us about modern security

Some of the earliest formal work on what we now call Zero Trust started around in a security consortium known as the Jericho Forum which later merged into The Open Group Security Forum. This started as a group of like-minded CISOs wrestling with the limitations of the dominant and unquestioned...

Code42 Incydr Series: Secure data in the age of remote work

As 2020 began, security leaders were already abuzz about the data security for the growing remote workforce. Fast forward to today, and nearly half of the U.S. labor force is now WFH full time. A recent study by OpenVPN shows 90% of IT and Security pros believe that remote workers are not secure ...

Vastaamo Breach: Hackers Blackmailing Psychotherapy Patients

Cybercriminals have hacked the systems of psychotherapy giant Vastaamo – and are now reaching out to therapy patients, threatening to dump their patient files if they do not pay a ransom. Finland-based Vastaamo, which has more than 40,000 psychotherapy patients, said on its website that its...

Oracle Database Server Vault component unauthorized access vulnerability

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. An unauthorized access vulnerability exists in the Oracle Database Server Database Vaul...

CVE-2020-14856

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2020-14886

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

Design/Logic Flaw

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: Logging. Supported versions that are affected are 5.5 and 5.6. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

CVE-2020-14863

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite component: Print Server. Supported versions that are affected are 12.1.1 - 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One...

Life post-acquisition: A people-centric plan to get you total data security a lot faster

Getting acquired can be an emotional rodeo. Some days are crazy excitement and others are heartache over the unknowns ahead. It’s natural – we’re human. I remember years ago sitting in a doctor’s office staring at a poster about the “10 most stressful life events” and “starting a new job” was 4...

kernel: net: bluetooth: information leak when processing certain AMP packets

An information leak flaw was found in the way Linux kernel’s Bluetooth stack implementation handled initialization of stack memory when handling certain AMP Alternate MAC-PHY Manager Protocol packets. This flaw allows a remote attacker in an adjacent range to leak small portions of stack memory o...

CVE-2020-16921

An information disclosure vulnerability exists in Text Services Framework when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow a...

Unspecified Vulnerability in Unisys Stealth (core)

The unisys stealthcore is a firewall from Unisys. This firewall is easy to configure and expand, can be upgraded by micro-segmentation, and fully protects internal data security. A security vulnerability exists in Unisys Stealthcore versions prior to 4.0.134 that stems from storing passwords in a...

Lock and Code S1Ep17: Journalism’s role in cybersecurity with Alfred Ng and Seth Rosenblatt

Most everything about cybersecurity—the threats, the vulnerabilities, the breaches and the blunders—doesnt happen in a vacuum. And the public doesn’t learn about those things because threat actors advertise their exploits, or because companies trumpet their lackluster data security practices. No,...

Fitbit Spyware Steals Personal Data via Watch Face

A wide-open app-building API would allow an attacker to build a malicious application that could access Fitbit user data, and send it to any server. Kev Breen, director of cyber threat research for Immersive Labs, created a proof-of-concept for just that scenario, after realizing that Fitbit...

Ransomware Attacks Targeting Healthcare Surge: VMware Carbon Black experts Weigh in

Targeted, sophisticated, and costly – over the past month, several high-profile ransomware attacks have been reported with a specific focus on some of the largest healthcare providers across the world1. With the recent surge in telemedicine adoption due to the COVID-19 as well as the growth of...