More than half of the world’s websites use Google Analytics to help their owners understand the behavior of users. The software, which deploys cookies to track user behavior, costs nothing in cash terms — though the vast trove of data helps to fuel Google’s massive profits. However, in 2020 the framework overseeing how personal data…

Business planning SaaS (software-as-a-service) software maker Anaplan is being acquired by private equity firm Thoma Bravo for $10.7 billion. Founded in the UK and now based in San Francisco, Anaplan offers cloud-based finance and planning software and counts almost 2,000 customers worldwide, including Coca-Cola, Shell, Thomas Cook and VMware. The company went public in 2018,…

Microsoft today issued security updates for 71 software vulnerabilities, three of which were critical and one that has a known proof-of-concept available in the public domain. Among the most notable flaws fixed today by Microsoft are: CVE-2022-23277 Microsoft Exchange Server Remote Code Execution Vulnerability This is a critical bug that could allow an attacker who…

If there existed a prize for the most pervasive, critical, and least-known middleware technology, the Data Distribution Service (DDS) standard would certainly win it. When we first presented the results of this research at the Black Hat Europe Briefings, the audience appeared to be completely unaware (embarrassed, even) that the DDS drives railways, autonomous cars,…

Designed to harvest real-time metrics from various endpoints, Prometheus enables organizations to keep a close eye on systems’ state, network usage, and the like. Close to 800 cloud-native platforms, including Slack and Uber, leverage the solution. In January 2021, Prometheus added support for Transport Layer Security (TLS) and basic authentication, to prevent access to the…

The Silicon Valley giant had last month said iPhones and iPads would soon start detecting images containing child sexual abuse and reporting them as they are uploaded to its online storage in the United States. However, digital rights organizations quickly noted the tweaks to Apple’s operating systems create a potential “backdoor” into gadgets that could…

As part of its scheduled Patch Tuesday release, Adobe released fixes for 29 documented security vulnerabilities, some serious enough to expose users to code execution, security feature bypass, and privilege escalation attacks. The Adobe Magento patch lists 26 CVEs with severity ratings ranging from critical to important, according to an advisory from San Jose, Calif….

According to Atlassian, security researcher Harrison Neal discovered that Jira Data Center — including Software Data Center and Core Data Center — and Jira Service Management Data Center software development products are affected by a critical flaw related to missing authentication for the Ehcache RMI network service. An attacker who can connect to this service…

SolarWinds had previously traced the origins of the hack to the fall of 2019 but now believes that hackers were doing “very early recon activities” as far back as the prior January, according to Sudhakar Ramakrishna, the company’s president and CEO. “The tradecraft that the attackers used was extremely well done and extremely sophisticated, where…

In today’s high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain visibility and control over their environments. Rather than invest their time in critical activities, teams are overwhelmed by gaps in…