2354 matches found
Impact of Meltdown and Spectre on Akamai
Overview On Wednesday, January 3rd, researchers from Google Project Zero, Cyberus Technology, Graz University of Technology, and other organizations released details about a pair of related vulnerabilities, dubbed Meltdown and Spectre. These vulnerabilities appear to affect all modern processors...
Three Reasons Why GDPR Encourages Pseudonymization
The General Data Protection Regulation GDPR is the European Union’s new data regulation designed to provide individuals with rights and protections over their personal data that is collected or created by businesses or government entities. It unifies data protection regulation across all member...
Forever 21 Confirms Security Breach Exposed Customer Credit Card Details
First notified in November of a data breach incident, popular clothing retailer Forever 21 has now confirmed that hackers stole credit card information from its stores throughout the country for several months during 2017. Although the company did not yet specify the total number of its customers...
Critical "Same Origin Policy" Bypass Flaw Found in Samsung Android Browser
A critical vulnerability has been discovered in the browser app comes pre-installed on hundreds of millions of Samsung Android devices that could allow an attacker to steal data from browser tabs if the user visits an attacker-controlled site. Identified as CVE-2017-17692, the vulnerability is Sa...
Nissan Finance Canada Suffers Data Breach — Notifies 1.13 Million Customers
It's the last month of this year, but possibly not the last data breach report. Nissan warns of a possible data breach of personal information on its customers who financed their vehicles through Nissan Canada Finance and INFINITI Financial Services Canada. Although the company says it does not...
Imperva’s Top 10 Blogs of 2017
I recently took a step back to review all the content we shared in 2017 on the Imperva blog. We covered a broad range of topics including data security, cloud migration, application and API security, AI and machine learning, cybersecurity research, GDPR, insider threats and more. We were busy!...
Women in Tech and Career Spotlight: Shiri Margel
This month we’ll be closing out our series featuring women in tech at Imperva. While I work closely with many of the women we’ve spotlighted, I’ve found learning more about their backgrounds so interesting—I hope you have too! Continuing in the series, I spoke with Shiri Margel, team lead in the...
Database Security at Cloud Scale
The biggest challenge to data security is the sheer volume and pace of data growth. More so even than the shift from relational data to unstructured or the migration of data to the cloud. “Cloud scale” is usually used to refer to technical items like data center size and operations or networks an...
Is Your DJI Drone a Chinese Spy? Leaked DHS Memo Suggests
The United States Department of Homeland Security DHS has recently accused Da-Jiang Innovations DJI, one of the largest drone manufacturers, of sending sensitive information about U.S. infrastructure to China through its commercial drones and software. A copy memo from the Los Angeles office of t...
Open-Xchange: [IDOR] Deleting other people's tasks
Description When creating tasks each task is assigned with an id value. Using this id it's possible to delete any task created in the same instance even if you don't actually have access to viewing or editing the task. Steps to Reproduce 1 Login to https://sandbox.open-xchange.com/ with user1 2...
Build-Your-Own Data Masking. Yes or No?
A lot of organizations are taking great strides to protect their sensitive data with a multi-layered strategy—one that includes data masking. We’ve even seen many tackling this critical data security component in DIY fashion, often tasking one resource with developing and implementing scripts to...
CVE-2017-1000246
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data...
Code injection
Vulnerability in the Oracle Tuxedo component of Oracle Fusion Middleware subcomponent: Core. Supported versions that are affected are 11.1.1, 12.1.1, 12.1.3 and 12.2.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via Jolt to compromise Oracle Tuxedo...
GDPR Talk Dominates Barcelona’s PCI DSS Community Conference
Recently, I returned from the European PCI DSS community conference in Barcelona. As always, the conference featured analysis of current hot topics within the PCI community and was helpful for any security professional looking to learn about the latest advancements in data security and protection...
New Research in Invisible Inks
It's a lot more chemistry than I understand: Invisible inks based on "smart" fluorescent materials have been shining brightly if only you could see them in the data-encryption/decryption arena lately.... But some of the materials are costly or difficult to prepare, and many of these inks remain...
NQ Contacts Backup&Restore Access Gain Vulnerability
NQ Contacts Backup&Restore application for Android is a set of data backup and recovery software based on Android platform. A security vulnerability exists in version 1.1 of the NQ Contacts Backup&Restore application for Android, which originates from the program's use of an RC4 static key. The...
Malicious Chrome Extension Steals Data Posted to Any Website
Malicious browser extensions continue to bear fruit for hackers who have been using them to spread banking malware and adware, and hijacking popular add-ons to spread other nasty code. The latest abuse involves a Google Chrome extension being spread in phishing emails that steals any data posted...
dll hijacking vulnerability in Yisetron Data Security Guard
Yisetong Data Security Guard is a security product that specializes in preventing your private data assets from being illegally stolen or used by others in the process of sharing and storing. A dll hijacking vulnerability exists in Yisetone Data Safeguard. The vulnerability is due to an unsafe...
Monitor More, Worry Less. Outpace Threats With Machine Learning.
In the past two years, enterprises have created more data than has been created in the entire history of humankind. At scale, securing this amount of data requires a re-think of how we grant and revoke access to sensitive files and, more importantly, how we identify and track the inevitable acces...
Oracle Java SE Security Updates (oct2017-3236626) 02 - Linux
Oracle Java SE is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...