Aggregator

A vulnerability identified as problematic has been detected in Aprelium Technologies Abyss Web Server up to 1.0.2. This issue affects some unknown processing of the file abyss.conf of the component Administrative Console. Performing manipulation results in information disclosure (Password). This vulnerability was named CVE-2002-0544. The attack needs to be approached locally. In addition, an exploit is available. You should upgrade the affected component.

A vulnerability classified as critical has been found in Anthill 0.1.6.1. This affects an unknown function of the file postbug.php of the component Authentication. This manipulation causes improper privilege management. This vulnerability is tracked as CVE-2002-0548. The attack is possible to be carried out remotely. No exploit exists.

Open Source CyberSOCEval, a newly launched evaluation platform, is making waves in the cybersecurity community by demonstrating how artificial intelligence can transform malware analysis and threat intelligence. Developed by a group of independent security researchers, CyberSOCEval combines advanced machine learning models with real-world malware samples to offer organizations a clear view of how AI tools […]

The post Open Source CyberSOCEval Sets New Benchmark for AI in Malware Analysis and Threat Intelligence appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

文章指出，企业因网络安全工具过多而面临风险增加和效率降低的问题。通过整合分散工具到统一平台，可简化操作、提升可见性和保护能力。数据安全平台化成为应对复杂威胁的关键策略。

Improve Your Cyber Resilience with Data Security Platformization
madhav
Tue, 09/16/2025 - 05:14

Data Security

Lynne Murray | Director of Product Marketing for Data Security
More About This Author >

Today’s organizations are drowning in the growth of many different cybersecurity tools—an unintended consequence of trying to keep up with an evolving threat landscape. Security tool sprawl has become the norm, when separate tools for each type of security task are cobbled together over time in an attempt to defend expanding networks. But now, could this fragmented approach be doing more harm than good?

According to a recent study conducted by IBM Institute of Business Value, organizations juggle an average of 83 different security solutions from 29 vendors. It’s unnecessary convolution and risk. More tools equal more threats; every integration is a potential point of entry for bad actors.

Source: IBM Institute of Business Value

A patchwork of disconnected point solutions creates dangerous vulnerabilities—many of them complete blind spots. In these environments, it’s not a matter of “if” a cyber event will happen, but "when." This creates a ripe environment for bad actors and Gen AI attacks to leapfrog existing defense systems.

What Does this Mean for Data-centric Security?

For these reasons, Omdia’s 2024 Decision Maker Survey shows that 82% of respondents changed their overall approach to data security in the past 12 months. Omdia’s research reveals that these changes involve addressing siloed tools and vendor consolidation.

Organizations using different tools throughout the organization to detect and contain threats are much less effective due to:

• Longer detection and response times
• Increased costs and operational strain
• Inconsistent policies and enforcement
• Greater potential for error and misconfiguration
• Poor audit and compliance readiness

As attacks grow faster and more sophisticated, relying on siloed, overlapping tools only increases risk. The operational burden is skyrocketing for organizations managing dozens of disparate interfaces, alerts, and reports.

Data Security Platformization: A Smarter Strategy

“Organizations are recognizing that relying exclusively on native cloud-based or legacy on-premises data protection systems, which are often siloed and lack the integration needed for rapid workflow processing is inadequate for defending against today’s advanced threat landscape,” according to Adam Strange, Principal Analyst, Omdia Research.

Instead, organizations can resolve the risk associated with tool sprawl with a data security platform. By consolidating fragmented tools into a single, unified ecosystem, a data security platform simplifies operations, strengthens protection, and improves visibility.

Per the Omdia report, the top reasons for moving towards a data security platform are:

• The need for scalability and flexibility (43%)
• Improvements in the total cost of ownership (40%)
• Better-centralized management (40%)
• The need to reduce complexity (37%)

Simplify, Clarify, and Strengthen

Fundamentally, security tool sprawl creates complexity, making it difficult to integrate and manage a multitude of tools effectively. In turn, this hinders cyber threat detection and mitigation, weakening an organization’s defenses.

In contrast, data security platformization embodies a “less is more” approach, establishing a streamlined, efficient platform using fewer components and providing centralized management and unified visibility across different attack vectors.

In data security, simplicity provides clarity. By reducing complexity, a data security platform creates a more defensible and more resilient cyber posture.

Easing the Security Talent Crunch

Complexity also impacts security teams. The gap in the global cybersecurity workforce is massive and growing, estimated in 2024 at 4 million professionals and increasing 19% year-over-year. Security tool sprawl increases the strain on these resources.

While executives are looking at specific spending areas of cybersecurity, Omdia’s research shows data security as one of the leading areas for investment in 2025. 73% of executives are expecting an estimated 15% increase in available budgets to fund new projects, a large proportion of which will be involving larger-scale platforms or integrated, multi-functional propositions.

A data security platform provides much-needed relief to overburdened security personnel who are in short supply, requiring fewer resources and less time for security operations and compliance controls.

Built for Scale: Flexibility and Agility

The data security landscape is constantly evolving, mandating a robust, future-forward solution. As such, the need for scalability and flexibility is the top reason for organizations’ adopting a data security platform.

Data protection must be scalable and future-ready, and fragmented controls cannot meet the needs of modern, hybrid infrastructure. An estimated 94% of all companies worldwide use cloud computing in their operations, making hybrid infrastructures the new and pervasive reality.

Omdia considers a data security platform critical to gaining visibility and control over data security, particularly in cloud environments. Control capabilities must be unified and strengthened for flexibility, scalability, and agility, seamlessly extending across on-premises and cloud environments.

Consistent Policies and Compliance

Data security platforms also help resources and organizations by unifying protection policies and enforcement across dissimilar controls. As such, platforms safeguard against errors and misconfiguration, making them a critical requirement for effective risk mitigation.

The 2025 Thales Data Threat Report found that policies and compliance matter greatly. A majority, 78%, of enterprises that failed audits had a breach history, versus just 21% of those that passed compliance.

Additionally, data security platforms serve organizations using hundreds of data stores and cloud repositories to reduce data breaches, data risks, and compliance incidents.

Why Data Security Platformization is a Strategic Imperative

Data security platforms secure data end-to-end across both on-premises and cloud-based data repositories. In data security, there is little room for error, misalignment, and misconfiguration--characteristics inherent in disparate security tools. A unified data security platform offers comprehensive insights into the “who, what, when, where, how, and should” aspects of data security, closing gaps that attackers exploit.

A data security platform combines critical functions such as data discovery and classification, policy definition and enforcement, key management, encryption, and tokenization and masking. This enables the aggregation of data protection requirements of an organization into a single solution and addresses gaps in both traditional data security approaches left by perimeter security and native data security approaches.

Future data protection lies in platformization, and real-world use cases consistently demonstrate its significant advantage over the prevalent alternative, security tool sprawl. It’s time. Organizations must adopt a unified, consistent, and wider-reaching approach to data security, ultimately enhancing organizational well-being.

Related Resources

Read the white paper: Future Proofing Your Data Security

Get your copy: Thales 2025 Data Threat Report

Learn more about: Thales Data Security Platform

Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"mainEntityOfPage": {
"@type": "WebPage",
"@id": "https://cpl.thalesgroup.com/blog/data-security/data-security-platformization-cyber-resilience"
},
"headline": "Strengthen Cyber Resilience with Data Security Platformization",
"description": "Learn how data security platformization reduces tool sprawl, strengthens cyber defenses, simplifies compliance, and builds resilience across hybrid environments.",
"image": "",
"author": {
"@type": "Person",
"name": "Lynne Murray",
"url": "https://cpl.thalesgroup.com/blog/author/lmurray"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
},
"datePublished": "2025-09-15",
"dateModified": "2025-09-15"
} studio THALES BLOG Improve Your Cyber Resilience with Data Security Platformization

How platformization transforms fragmented security tools into a strategic strength

The post Improve Your Cyber Resilience with Data Security Platformization appeared first on Security Boulevard.

Как платформа меняет профиль трафика и почему iOS, Android, Windows, macOS и Linux детектируются по-разному.

A vulnerability, which was classified as critical, has been found in Gcf Dynamic Guestbook 3.0. Affected is an unknown function. Performing manipulation of the argument gbdaten results in improper privilege management. This vulnerability is cataloged as CVE-2002-0550. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Gcf Dynamic Guestbook 3.0. Affected by this vulnerability is an unknown functionality. Executing manipulation can lead to basic cross site scripting. This vulnerability is registered as CVE-2002-0551. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in Melange Chat System 2.02 and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to memory corruption. This vulnerability is documented as CVE-2002-0552. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in Deep Forest Software Quik-Serv Webserver 1.1B. It has been rated as problematic. Impacted is an unknown function of the component URL Handler. Performing manipulation results in path traversal. This vulnerability is known as CVE-2002-0556. Remote exploitation of the attack is possible. No exploit is available.

Clean Links is a handy app that shows you exactly where a link will take you before you click it. It strips out trackers, expands shortened URLs, and helps you avoid scams while saving you time and frustration. The best part? There’s no sign-up or account required. Clean Links is completely free and works on iPhone, iPad, and Mac. You can use it to clean up tracking parameters, scan and resolve links, generate QR codes, … More →

The post Product showcase: Clean Links exposes what’s hiding behind a QR code appeared first on Help Net Security.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-09-16, 2 days ago. The vendor is given until 2026-01-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-09-16, 2 days ago. The vendor is given until 2026-01-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-09-16, 2 days ago. The vendor is given until 2026-01-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Zero Day Initiative' was reported to the affected vendor on: 2025-09-16, 2 days ago. The vendor is given until 2026-01-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.3 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Kolja Grassmann (Neodyme AG)' was reported to the affected vendor on: 2025-09-16, 2 days ago. The vendor is given until 2026-01-14 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

研究人员发现针对npm registry的软件供应链攻击，影响40多个包。恶意脚本bundle.js被注入到受感染包中，用于扫描开发者机器上的敏感信息（如GitHub令牌、NPM令牌、AWS密钥）并将其传输到攻击者控制的服务器。该攻击还可利用GitHub Actions在存储库中创建持久化工作流以持续窃取数据。同时，Rust生态系统也遭遇钓鱼邮件攻击，模仿crates.io诱导用户泄露GitHub凭证。

Cybersecurity researchers have flagged a fresh software supply chain attack targeting the npm registry that has affected more than 40 packages that belong to multiple maintainers. "The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling

A vulnerability was found in JFFNMS Just For Fun Network Management System 0.8.3. It has been declared as problematic. This vulnerability affects the function phpinfo of the file admin/adm/test.php. The manipulation results in basic cross site scripting. This vulnerability is known as CVE-2007-3191. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability marked as critical has been reported in Jetbox CMS 2.1. The affected element is an unknown function of the file formmail.php. The manipulation leads to an unknown weakness. This vulnerability is referenced as CVE-2007-1898. Remote exploitation of the attack is possible. Furthermore, an exploit is available.