1181 matches found
Today’s File Security is So ’80s, Part 3: Dynamic Peer Groups – 3 Examples from Customer Data
In the first two parts of this series, we discussed why permissions management, the traditional approach to file security, no longer works and introduced a new approach to file security that leverages machine learning to build dynamic peer groups based on how users actually access files. In this...
Database of Over 198 Million U.S. Voters Left Exposed On Unsecured Server
Information on more than 198 Million United States citizens, that's over 60% of the US population, was exposed in what's believed to be the largest ever known exposure of voter-related to date. This blunder was caused by Deep Root Analytics DRA, a data analytics firm employed by the US Republican...
5 Questions to Ask Your CISO about the GDPR
The European General Data Protection Regulation GDPR comes into force on May 25, 2018, and it will have a huge impact on the way businesses store and collect personal information belonging to those located in the European Union EU. The regulation applies to all businesses that hold and process da...
WannaCry Highlights Major Security Shortcomings Ahead of GDPR D-Day
For all the panic it caused, WannaCry looks finally to have been contained by organisations round the globe. But this isn’t the time to forget about it and move on. There are valuable lessons to be learned about this attack, why it was so successful and what can be done to prevent it happening...
Top 5 GDPR Myths: Get the Facts
The General Data Protection Regulation GDPR has been garnering much attention since its formal adoption in April 2016. With the effective date of May 25, 2018 fast approaching, some popular myths have emerged surrounding the regulation. In this blog post, we’ll examine and debunk a few of the mos...
China Construction Bank's Android app suffers from weak certificate validation vulnerability
China Construction Bank Android APP is the mobile application product of China Construction Bank. China Construction Bank Android APP suffers from a weak certificate validation vulnerability, as the X509TrustManager validation function does not validate the server-side certificate. An attacker ca...
Brave Status Bar Obfuscation Vulnerability
Brave is a Web browser product from Brave Software, Inc. in the United States. A status bar obfuscation vulnerability exists in Brave version 0.12.4, which may unintentionally redirect to a malicious website. An attacker can exploit this vulnerability to redirect users to malicious websites,...
AIO AIO in-car Android App CAPTCHA has design flaws
Shenzhen Dudu Intelligent Technology Co., Ltd. is an innovative technology enterprise focusing on intelligent in-vehicle systems, high-end in-vehicle wearable devices and the construction of car networking ecosystem. AIO AIO in-vehicle Android App verification code has design flaws, attackers can...
CVE-2017-5685
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information...
CVE-2017-5684
The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core processors prior to version CC047 may allow an attacker with physical access to the system to gain access to personal information...
CVE-2017-5686
The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version SY0059 may allow may allow an attacker with physical access to the system to gain access to personal information...
Arbitrary Password Reset Vulnerability in Chickie's Travel Android App
Chickie Mobility Android App is an app that provides public bike rental services. There is an arbitrary password reset vulnerability in Qiqi Travel Android APP. It allows an attacker to reset another person's password simply by knowing their cell phone number, and can view any other person's...
IRS Releases Tax-Time Guide
The Internal Revenue Service IRS has released tax-time advice intended to help the public protect their personal and financial data and computers. Recommendations include using strong passwords, backing up files, and using robust security software to help block malware and viruses. Users and...
LocalTapiola: XSS on 3rd party service Localtapiola is using
Basic report information Summary: Localtapiola is using careers.fi service to job applicants at http://www.lahitapiola.fi/tietoa-lahitapiolasta/toihin-meille/avoimet-tyopaikat/haemme-juuri-nyt Description: XSS on 3rd party careers.fi job service which may lead loss of personal data for the...
CVE-2016-6090
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service...
Design/Logic Flaw
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service...
CVE-2016-6090
IBM WebSphere Commerce contains an unspecified vulnerability that could allow disclosure of user personal data, performing of unauthorized administrative operations, and potentially causing a denial of service...
Update — Hacker Claims to Have Hacked the FBI, But It Wasn't
Update: A hacker yesterday claimed to have hacked the FBI's website running on Plone CMS, but it seems it wasn't hacked using any zero-day vulnerability in Plone. We contacted Plone security team and updated this story see below with official statements. A hacker, using Twitter handle CyberZeist,...
CVE-2016-6910
The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The vulnerable system app giv...
Over 1 Billion Mobile App Accounts can be Hijacked Remotely with this Simple Hack
Security researchers have discovered a way to target a huge number of Android and iOS apps that could allow them to remotely sign into any victim's mobile app account without any knowledge of the victim. A group of three researchers – Ronghai Yang, Wing Cheong Lau, and Tianyu Liu – from the Chine...