Customers of Oracle subsidiary NetSuite’s ERP offering may be unaware that their custom record types grant unauthenticated access to sensitive data readily consumable via NetSuite’s APIs.

A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access.

The combination of policy-based access controls and security monitoring provides a robust defense strategy that can significantly minimize the risk of data breaches.

• Protecting The Data: Use strong data security controls like encryption, access control and compliance monitoring to safeguard training datasets.