CVE-2020-14544

CVE-2020-14544 affects Oracle Transportation Management (Oracle Supply Chain) with the affected version 6.4.3. The vulnerability allows a low-privilege, network-exposed attacker (via HTTP) to read a subset of data from Oracle Transportation Management. Root cause details are described in multiple...

Command injection

In iPear, the manual execution of the eval function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data files from the PC...

Design/Logic Flaw

In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ByteBufferPool twice. Because of this doub...

Introducing Imperva Cloud Data Security

We are excited to announce that our latest data security innovation is now available worldwide! Made for the cloud, Imperva Cloud Data Security CDS builds on our industry-leading application and data security solutions, providing an industry-first, complete cloud data SaaS security solution that...

Schools Already Struggled With Cybersecurity. Then Came Covid-19

A lack of dedicated funding and resources made it hard to keep data secure—and that was before classes moved almost entirely online...

CVE-2020-12016

CVE-2020-12016 affects Baxter ExactaMix EM2400 (versions 1.10, 1.11, 1.13, 1.14) and EM1200 (versions 1.1, 1.2, 1.4, 1.5). The root cause is hard-coded administrative credentials in the ExactaMix operating system, enabling an attacker with network access to gain unauthorized system access and pot...

Healthcare Enterprises Share Risk Reduction Insight

Healthcare organizations are subject to strict regulations, including data security and privacy. Three enterprises discuss risk reduction within a sector where a data leak could prove disastrous...

CVE-2020-10274

MiR robots are affected by CVE-2020-10274 in combination with CVE-2020-10273. Affected products include MiR100, MiR200, MiR250, MiR500, MiR1000 and MiR Fleet, with MiR Robot Software versions prior to 2.10.2.1 (per ICS advisory) and older firmware versions (MiR controllers prior to 2.8.1.1) per N...

Work From Home Opens New Remote Insider Threats

Employees working from home face a new world of workplace challenges. With childcare facilities mostly closed, many are juggling crying babies or barking dogs, all while tending to job responsibilities. Under those conditions mistakes happen, like sending an email – with critical internal company...

Remote Workers Pose New Security Risks

The sudden and massive shift to a work-from-home workforce has left millions of employees ill-prepared to handle the new cybersecurity challenges they face, a new study has found. Though many people had no previous work-at-home experience until this year, they were sent home to navigate the...

Unspecified Vulnerability in WinMagic SecureDoc SDDisk2k.sys

WINMAGIC SecureDoc is a data security and disk encryption solution from WINMAGIC Canada. A security vulnerability in the SDDisk2k.sys driver in WINMAGIC SecureDoc 8.5 and earlier versions, which stems from a lack of pointer validation in the IOCTL scheduler, can be exploited by a local attacker t...

Inside Microsoft Threat Protection: Mapping attack chains from cloud to endpoint

The increasing pervasiveness of cloud services in today’s work environments, accelerated by a crisis that forced companies around the globe to shift to remote work, is significantly changing how defenders must monitor and protect organizations. Corporate data is spread across multiple...

Implementing Privacy in a Real World Application

Background Whenever Personally Identifiable Information PII is involved, it is wise to encrypt it from the get go. Strong encryption coupled with need-to-know access is key to gaining the trust of your customers and protecting their privacy. And it’s often required by ever-evolving data privacy...

No Excuses: Why Brands Must Manage PII Better

Consumer retail is a major economic driver around the world. Global retail revenue was estimated at $24 trillion in 2018, split between $21.2 trillion of in-store spend and $2.8 trillion online. In fact, the outlook for brick and mortar retail pre-Covid-19 was surprisingly positive. According to ...

Recox - Master Script For Web Reconnaissance

The script aims to help in classifying vulnerabilities in web applications. The methodology RecoX is arising can spot weaknesses other than OWASP top ten. The script presents information against the target system. It gathers the information recursively over each subdomain, and IP addr for a...

Is Your AWS Data Secure and Compliant? Cloud Database Visibility in Minutes

Internal and external attackers are after your data. Regardless of where the data resides, cloud, or on-premises, you need to protect it. In some cases that data needs to be put under compliance controls. Data protection principles hold for data hosted in the cloud database as a service DBaaS. Fo...

Newly Patched SAP ASE Flaws Could Let Attackers Hack Database Servers

A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. The six flaws, disclosed by cybersecurity firm Trustwave today, reside in...

CVE-2020-11085

In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdrreadformatlist. Clipboard format data read by client or server might read data out-of-bounds. This has been fixed in 2.1.0...

In Flight Entertainment System Security

Contrary to alarmist stories in the press, it really isn’t practically possible to hack an airplane from the in-flight entertainment system IFE/IFEC. The ‘C’ adds Connectivity, so internet access Whilst earlier moving map systems did take a feed from the flight management system, particularly so...

Going dark: encryption and law enforcement

UPDATE, 05/22/2020: In the advent of the EARN IT Act, the debate on government subversion of encryption has reignited. Given that the material conditions of the technology have not changed, and the arguments given in favor of the bill are not novel, we've decided to republish the following blog...