How Cloud-Based Automation Can Keep Business Operations Secure

The massive data breach at Capital One – America's seventh-largest bank, according to revenue – has challenged many common assumptions about cloud computing for the first time. Ironically, the incident, which exposed some 106 million Capital One customers' accounts, has only reinforced the belief...

Understanding CCPA: It's Time to Action a Plan for Compliance

Notice to all procrastinators: The final countdown to the California Consumer Privacy Act CCPA has begun. On January 1, 2020, companies or organizations that do business in California will be required to comply with the state's strict new privacy legislation that establishes a legal and enforceab...

Authentication flaw

An exploitable authentication bypass vulnerability exists in the Bluetooth Low Energy BLE authentication module of YI M1 Mirrorless Camera V3.2-cn. An attacker can send a set of BLE commands to trigger this vulnerability, resulting in sensitive data leakage e.g., personal photos. An attacker can...

CEO 'Deep Fake' Swindles Company Out of $243K

In the first known case of successful financial scamming via audio deep fakes, cybercrooks were able to create a near-perfect impersonation of a chief executive’s voice – and then used the audio to fool his company into transferring $243,000 to their bank account. A deep fake is a plausible video...

TGI Fridays Delivers Customer Indigestion Over Data Exposure

Customers of TGI Fridays Australia were “strongly recommended” to change their MyFridays membership rewards program passwords. According to an email sent to customers this week, the company had inadvertently left sensitive loyalty program data exposed on the internet. News of the leaky server...

Ways to Help Keep Your Business Systems Secure

By Owais Sultan Keeping data and information secure is one of the biggest problems businesses face. Cybercrime is a big issue for many because of the amount of personal data they hold regarding their customers. This is a post from HackRead.com Read the original post: Ways to Help Keep Your Busine...

How to Prepare for Misconfigurations Clouding the Corporate Skies

Cloud-based storage and infrastructure provides myriad benefits for any organization, like letting them avoid the costs of expensive hardware and granting them quick access to infrastructure as needed. Companies can use cloud services for minutes or years, depending on their needs. However, there...

A week in security (August 12 – 18)

Last week on Malwarebytes Labs, we took a look at the potential pitfalls of facial recognition technology, looked at ways domestic abuse survivors can secure their data, and explored the education threat landscape. We also kicked off a series looking at the Hidden Bee infection chain, and put...

Design/Logic Flaw

CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields...

NetApp Data ONTAP (7-Mode) < 8.2.5P3 Multiple Vulnerabilities (ntap-20190801-0001)(ntap-20190801-0002)(ntap-20190802-0002)

The version of NetApp Data ONTAP running on the remote host is prior to 8.2.5P3. It is, therefore, affected by multiple vulnerabilities: - An information disclosure vulnerability exists in NetApp Data ONTAP. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive...

globalpublicity.co.uk Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-930213 Security Researcher g0bl1nsec Helped patch 3768 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting globalpublicity.co.uk...

CVE-2019-14749

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. CSV aka Formula injection exists in the export spreadsheets functionality. These spreadsheets are generated dynamically from unvalidated or unfiltered user input in the Name and Internal Notes fields in the Users tab, and...

CVE-2019-10099

CVE-2019-10099 affects Apache Spark deployments running versions prior to 2.3.3. In certain scenarios, Spark could write user data to local disk unencrypted despite spark.io.encryption.enabled=true. The issue encompasses cached blocks written to disk (controlled by spark.maxRemoteBlockSizeFetchTo...

Sponsored Podcast: The Operationalization of Data With a Purpose

Security, intel and fraud teams are swimming in data. Data is not the problem, but operationalizing and making use of the data we have is. This podcast is sponsored by SpyCloud Taking this one step further is making use of the data with a purpose, specifically, to interrupt the criminal lifecycle...

Nation-State Actors Go All-In on Mobile Malware

APTs, including a range of nation-state groups operating in China, North Korea, Pakistan and Russia, are shifting their malware development focus to target mobile users for intelligence gathering, financial gain and disruption of national rivals. That’s according to CrowdStrike’s Mobile Threat...

Windows Server 2008 End of Support: Are you Prepared?

On July 14th, 2015, Microsoft’s widely deployed Windows Server 2003 reached end of life after nearly 12 years of support. For millions of enterprise servers, this meant the end of security updates, leaving the door open to serious security risks. Now, we are fast approaching the end of life of...

IRS Reminds Tax Professionals: Create a Data Security Plan

The Internal Revenue Service IRS has issued a news release reminding professional tax preparers that they are required by law to have a written data security plan. Creating and maintaining a data security plan ensures that tax professionals are reviewing their data security protections and...

CVE-2019-2843

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low...

CVE-2019-2818

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 11.0.3 and 12.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

CVE-2019-2786

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE subcomponent: Security. Supported versions that are affected are Java SE: 8u212, 11.0.3 and 12.0.1; Java SE Embedded: 8u211. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...