Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. "An … [Read more...] about Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
data
Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts
The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the … [Read more...] about Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts
Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack
Customer engagement platform Twilio on Monday disclosed that a "sophisticated" threat actor gained "unauthorized access" using an SMS-based phishing campaign aimed at its staff to gain information on a "limited number" of accounts. The social-engineering attack was bent on stealing employee credentials, the company said, calling the as-yet-unidentified adversary … [Read more...] about Twilio Suffers Data Breach After Employees Fall Victim to SMS Phishing Attack
How to parse body text into Elastic App Search during data ingestion
Elastic App Search allows developers to bring the power of Elasticsearch to mobile apps in a pretuned search experience. When parsing body text, the App Search crawler extracts all the content from the specified website and spreads it in fields depending on the HTML tags it finds. Text within title tags are assumed as title field, anchor tags are parsed as links, and body is … [Read more...] about How to parse body text into Elastic App Search during data ingestion
Google Removes “App Permissions” List from Play Store for New “Data Safety” Section
Following the launch of a new "Data safety" section for the Android app on the Play Store, Google appears to be readying to remove the app permissions list from both the mobile app and the web. The change was highlighted by Esper's Mishaal Rahman earlier this week. The Data safety section, which Google began rolling out in late April 2022, is the company's answer to Apple's … [Read more...] about Google Removes “App Permissions” List from Play Store for New “Data Safety” Section
Search and replicate data between your Elastic Cloud and on-prem deployments
We are pleased to announce the general availability of cross-cluster search (CCS) and cross-cluster replication (CCR) for your Elasticsearch clusters across any deployment environment. Starting today, you can easily search and replicate data between Elasticsearch clusters, even when they reside in different environments, such as on-premises, public cloud, as well as hybrid and … [Read more...] about Search and replicate data between your Elastic Cloud and on-prem deployments
Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms
A widespread software supply chain attack has targeted the NPM package manager at least since December 2021 with rogue modules designed to steal data entered in forms by users on websites that include them. The coordinated attack, dubbed IconBurst by ReversingLabs, involves no fewer than two dozen NPM packages that include obfuscated JavaScript, which comes with malicious code … [Read more...] about Researchers Uncover Malicious NPM Packages Stealing Data from Apps and Web Forms
TikTok Assures U.S. Lawmakers it’s Working to Safeguard User Data From Chinese Staff
Following heightened worries that U.S. users' data had been accessed by TikTok engineers in China between September 2021 and January 2022, the company sought to assuage U.S. lawmakers that it's taking steps to "strengthen data security." The admission that some China-based employees can access information from U.S. users came in a letter sent to nine senators, which further … [Read more...] about TikTok Assures U.S. Lawmakers it’s Working to Safeguard User Data From Chinese Staff
How Anthem leverages big healthcare data to improve consumers’ lives
Challenges with healthcare data Healthcare data makes up a third of the world’s data and is projected to grow, in the next few years, at a faster pace than traditional data-rich industries like financial services and manufacturing.* The staggering data volumes in healthcare, in addition to its heterogeneity and fragmentation, represent substantial challenges to extracting data … [Read more...] about How Anthem leverages big healthcare data to improve consumers’ lives
New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing
A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University, the system "leverages an in-home hub to pre-process and minimize outgoing data in a structured and … [Read more...] about New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing