PostgreSQL Server Security Primer
PostgreSQL or simply referred to as Postgres has had a very colorful history. It began in 1986 as a POSTGRES project led by Professor Michael Stonebraker, which was sponsored by Defense Advanced Research Projects Agency (DARPA), the Army Research Office (ARO), the National Science Foundation (NSF), and ESL, Inc. Postgres95 was released in 1994 for general use on the web which included support for SQL language interpretation. In 1996, Postgres95 was officially renamed t…
Lei Geral de Proteção de Dados Pessoais (LGPD Compliance) – What You Need to Know About Brazil’s National Data Privacy Regulation
It can be difficult to keep up with all the data privacy regulations across the globe, and failure to comply can result in heavy fines and other punishments. This growth of global data privacy laws represents major progress for consumer rights and gives organizations who comply a chance to earn trust from their customers.
This brings us to the most recent major data privacy law to go into effect – Brazil’s Lei Geral de Proteção de Dados Pessoais (LGPD). Originally the regulation was set to…
Understanding Effective Access in SQL Server
Microsoft SQL Server is the third most popular Relational Database Management System (RDBMS) as of September 2020 according to DB-Engines ranking. It is also the most confusing RDBMS when it comes to database security compared to other popular RDBMS systems, such as Oracle, PostgreSQL, etc. Having worked with Oracle for a very long time, I found SQL Server security very confusing when I started working with it for the first time. Part of the complication stems from the fact …
Scanning for Sensitive Data in Snowflake with Stealthbits AnyData
Having multiple public/private clouds and data repositories has become ubiquitous in professional environments. For most, gone are the days of storing all data on local filers or even in a limited set of online repositories. The reality is that each organization’s sensitive data is being stored in many cloud databases, object storage repos, SMB implementations, version control, CRM software, and more.
These days the list seems to be never-ending – Azure Storage, GitHub, Snowflake, Salesfor…
Top Data Breaches of 2020
This year has been a year like no other, with what seems to be a never-ending and always evolving set of headlines. At a glance, we’ve seen the evolution of the Coronavirus pandemic, the ongoing wildfires across not only the country but the world, the death of a basketball legend, Brexit finally coming to fruition, a civil rights uprising, and so much more.
The state of cybersecurity this year has had just as many ups and downs. While research done by the&nb…
What is the California Privacy Rights Act?
Just days before the enforcement of the California Consumer Privacy Act (CCPA) began on July 1st, 2020, the California Privacy Rights Act (CPRA) received enough signatures to qualify to be on the November ballot. This ballot initiative, also referred to as Prop 24, was drafted by the non-profit organization Californians for Consumer Privacy, and looks to extend and clarify several of the provisions in existing California privacy law. If this measure is approved, it w…
Where do My Files Sent Using Teams Chat Go?
Do you know what happens when you share a file via a Microsoft Team’s – Team Chat? That file is not just saved in the Teams chat but is also uploaded to either SharePoint or OneDrive depending if the chat was directly with another person or with a Team. In this blog, we will cover the locations that you can access shared files for future use.
OneDrive:
When sharing a file directly with another person using the Teams chat, the file you send is uploaded to both you and your target user’s …
SERVER (UN)TRUST ACCOUNT
Active Directory persistence through userAccountControl manipulation
I’ve been doing some research on group Managed Service Accounts (gMSAs) recently and reading the MS-SAMR protocol specification for some information. I happened to stumble across some interesting information in the userAccountControl section which made us drop what we were doing to test it:
Figure 1 – Part of the userAccountControl section of the MS-SAMR specification
Effectively, when the UF_SERVER_TRUST_…
ProTip: How to Setup User Activity & Server Logon Scan in StealthAUDIT for Oracle
Now that you have been using StealthAUDIT for Oracle for a while, you might be wondering how to squeeze more value out of the product by enhancing the information it is collecting and reporting on.
StealthAUDIT for Oracle relies on the Oracle Traditional Auditing or Unified Auditing capabilities to collect and report on user activity, as well as successful or unsuccessful server or database logon activity. Neither Traditional Auditing nor …
What is a Data Protection Impact Assessment (DPIA)?
Article 35 of the EU General Data Protection Regulation (GDPR) describes the requirement for organizations to “carry out an assessment of the impact of the envisaged processing operations on the protection of personal data”. This process referred to as a Data Protection Impact Assessment (DPIA), is an integral component of the GDPR, and if not carried out when required, can leave an organization open to enforcement action such as potentially steep fines.
In this blog…
