vSphere Replication, a VMware vSphere component, is a virtual machine replication engine designed for data protection and disaster recovery. VMware has told customers that several versions of the product are affected by a high-severity (important) command injection vulnerability that can be exploited by a hacker with admin privileges to execute shell commands on the underlying…

As organizations prioritize digital transformation, they are moving services to the cloud at a rapid clip. Yet when making this shift, many companies fail to make the necessary updates to their security programs and solutions to protect the new cloud perimeter. Rather than redesigning their security infrastructure for the cloud, many organizations are simply wrapping…

Research conducted by Alissa Knight, partner at marketing agency Knight Ink, on behalf of mobile API threat protection firm Approov showed that the applications are to API attacks that unauthorized parties could leverage to access protected health information (PHI) and personally identifiable information (PII). With people increasingly relying on mHealth apps during the COVID-19 pandemic,…

The EU’s 27 member states approved a proposal that was stuck since 2017, with countries split between those wanting strict privacy online and others wanting to give leeway to law enforcement and advertisers. Portugal, which currently holds the EU’s rotating presidency, submitted a compromise proposal that was approved by qualified majority at a meeting in…

Tracked as CVE-2021-21477 and featuring a CVSS score of 9.9, the critical issue could be abused for remote code execution, SAP explains in its advisory. The vulnerability impacts SAP Commerce if the rule engine extension is installed. Meant to define and execute rules to manage decision-making scenarios, the rule engine uses a ruleContent attribute offering…

In its advisory for the vulnerability — the bug currently does not have a CVE identifier — Mozilla described it as a “buffer overflow in depth pitch calculations for compressed textures.” The issue, reported by researchers Abraruddin Khan and Omair through Trend Micro’s Zero Day Initiative (ZDI), apparently only impacts Firefox running on Windows —…