PCI DSS 4.0: Get Audit-Ready for the New Requirements

The Payment Card Industry Data Security Standard PCI DSS originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or sensitive...

The vulnerability of the connection application between the cloud platform and the local system via SAP Cloud Connector arises from errors in the authentication process. These errors allow attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the connection application between the cloud platform and the local system via SAP Cloud Connector is related to errors in the certificate validation process. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and integrity of the protecte...

2 Weeks Out: Evolution at RSAC 2024

Discover the latest innovations in cyber defense and Trend's expert insights on AI, data security, and emerging threats...

Are Your SaaS Backups as Secure as Your Production Data?

Conversations about data security tend to diverge into three main threads: How can we protect the data we store on our on-premises or cloud infrastructure? What strategies and tools or platforms can reliably backup and restore data? What would losing all this data cost us, and how quickly could w...

Weak Encryption

fuel/core is vulnerable to Weak Encryption. The vulnerability is due to the usage of the Crypt encryption algorithm, which potentially allows an attacker with sufficient knowledge, code, and GPU calculation power to break and potentially compromise the security of encrypted data...

CVE-2024-27839

The CVE-2024-27839 entry describes a Find My privacy vulnerability in iOS/iPadOS where a malicious app could determine a user’s current location. impact is privacy leakage; root cause relates to how location data is handled for Find My. Apple fixed this in iOS 17.5 and iPadOS 17.5. Affected produ...

Why car location tracking needs an overhaul

Across America, survivors of domestic abuse and stalking are facing a unique location tracking crisis born out of policy failure, unclear corporate responsibility, and potentially risky behaviors around digital sharing that are now common in relationships. No, we’re not talking about stalkerware...

Dell notifies customers about data breach

Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. A cybercriminal called Menelik posted the following message on the “Breach Forums” site: “The data includes 49 million customer a...

Information leakage vulnerability in Tianrui Green Shield Approval System of Xiamen Tianrui Technology Co. Ltd (CNVD-2024-25622)

Xiamen Tianrui Technology Co., Ltd. is a provider of data security products and services. An information leakage vulnerability exists in the Tianrui Green Shield Approval System of Xiamen Tianrui Technology Company Limited, which can be exploited by attackers to obtain sensitive information...

New capabilities to help you secure your AI transformation

AI is transforming our world, unlocking new possibilities to enhance human abilities and to extend opportunities globally. At the same time, we are also facing an unprecedented threat landscape with the speed, scale, and sophistication of attacks increasing rapidly. To meet these challenges, we...

CVE-2023-27347

G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

Psychotherapy practice hacker gets jail time after extorting patients, publishing personal therapy notes online

On October 30, 2020, I started a article with the words: “Hell is too nice a place for these people.” The subject of this outrage focused on the cybercriminals behind an attack on Finnish psychotherapy practice Vastaamo. Because it was a psychotherapy practice, the records contained extremely...

Wireless carriers fined $200 million after illegally sharing customer location data

After four years of investigation, the Federal Communications Commission FCC has concluded that four of the major wireless carriers in the US violated the law in sharing access to customers’ location data. The FCC fined AT&T, Sprint, T-Mobile, and Verizon a total of almost $200 million for...

SQL Injection Vulnerability in Data Leakage Protection (DLP) System of Beijing Yisaitong Technology Development Co.

Yisetong Data Leakage Protection DLP is a comprehensive data security product that integrates machine learning, big data analysis, document encryption, access control, correlation analysis, data identification and other technologies. Data Leakage Protection DLP system of Beijing Yisetong Technolo...

CVE-2023-51365

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following versions:...

TikTok comes one step closer to a US ban

The US Senate has approved a bill that would effectively ban TikTok from the US unless Chinese owner ByteDance gives up its share of the immensely popular app. Social video platform TikTok has experienced explosive growth since it first appeared in 2017, and is now said to have well over 1.5...

CISO Perspectives on Complying with Cybersecurity Regulations

Compliance requirements are meant to increase cybersecurity transparency and accountability. As cyber threats increase, so do the number of compliance frameworks and the specificity of the security controls, policies, and activities they include. For CISOs and their teams, that means compliance i...

Django Debug Mode Enabled

Django is a free and open-source Python web application framework which offers a debug mode which allows developers to get additional information to help troubleshooting their applications including stack traces on error pages, exposing variables defined in your Django settings. A remote...

Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million

The Federal Trade Commission FTC has reached a settlement with online mental health services company Cerebral after the company was charged with failing to secure and protect sensitive health data. Cerebral has agreed to an order that will restrict how the company can use or disclose sensitive...

Data Matters — The Value of Visibility in API Security

...