News & Commentary

Latest Content tagged with Database Security
Page 1 / 2   >   >>
Evidence in Starwood/Marriott Breach May Point to China
Quick Hits  |  12/6/2018  | 
Attackers used methods, tools previously used by known Chinese hackers.
Starwood Breach Reaction Focuses on 4-Year Dwell
News  |  12/5/2018  | 
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
Quora Breach Exposes Information of 100 Million Users
Quick Hits  |  12/4/2018  | 
The massive breach has exposed passwords for millions who didn't remember having a Quora account.
First Lawsuits Filed in Starwood Hotels' Breach
Quick Hits  |  12/3/2018  | 
Class-action suits have been filed on behalf of guests and shareholders, with more expected.
Massive Starwood Hotels Breach Hits 500 Million Guests
News  |  11/30/2018  | 
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
Incorrect Assessments of Data Value Putting Organizations at Risk
News  |  11/28/2018  | 
Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
Barclays, Walmart Join New $85M Innovation Coalition
Quick Hits  |  10/23/2018  | 
Innovation incubator Team8 recruits major partners, investors to create new products that help businesses 'thrive by security.'
Oracle Issues Massive Collection of Critical Security Updates
Quick Hits  |  10/17/2018  | 
The software updates from Oracle address a record number of vulnerabilities.
GAO Says Equifax Missed Flaws, Intrusion in Massive Breach
Quick Hits  |  9/10/2018  | 
A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.
T-Mobile Hit With Customer Information Hack
Quick Hits  |  8/24/2018  | 
Approximately 2 million users said to be affected.
Data Privacy Careers Are Helping to Close the IT Gender Gap
Commentary  |  8/20/2018  | 
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
Australian Teen Hacked Apple Network
Quick Hits  |  8/17/2018  | 
The 16-year-old made off with 90 gigs of sensitive data.
Yale Discloses Data Breach
Quick Hits  |  7/31/2018  | 
The university discloses that someone stole personal information a long time ago.
US-CERT Warns of ERP Application Hacking
News  |  7/25/2018  | 
ERP applications such as Oracle and SAP's are open to exploit and under attack, according to a new report referenced in a US-CERT warning.
HR Services Firm ComplyRight Suffers Major Data Breach
News  |  7/20/2018  | 
More than 7,500 customer companies were affected, and the number of individuals whose information was leaked is unknown.
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
News  |  5/25/2018  | 
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
Encryption is Necessary, Tools and Tips Make It Easier
News  |  5/3/2018  | 
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
12 Trends Shaping Identity Management
Slideshows  |  4/26/2018  | 
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
Serverless Architectures: A Paradigm Shift in Application Security
Commentary  |  4/9/2018  | 
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
Electric Utility Hit with Record Fine for Vulnerabilities
Quick Hits  |  3/14/2018  | 
An unnamed power company has consented to a record fine for leaving critical records exposed.
Medical Apps Come Packaged with Hardcoded Credentials
News  |  3/14/2018  | 
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
Ticking Time Bombs in Your Data Center
Commentary  |  2/7/2018  | 
The biggest security problems inside your company may result from problems it inherited.
Poor Visibility, Weak Passwords Compromise Active Directory
News  |  2/1/2018  | 
Security experts highlight the biggest problems they see putting Microsoft Active Directory at risk.
New Database Botnet Leveraged for Bitcoin Mining
News  |  12/19/2017  | 
Attackers are quietly building an attack infrastructure using very sensitive machines.
Post-Breach Carnage: Worst Ways The Axe Fell in 2017
Slideshows  |  12/11/2017  | 
Executive firings, stock drops, and class action settlements galore, this year was a study in real-world repercussions for cybersecurity lapses.
We're Still Not Ready for GDPR? What is Wrong With Us?
Commentary  |  11/17/2017  | 
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
Oracle Fixes 20 Remotely Exploitable Java SE Vulns
News  |  10/18/2017  | 
Quarterly update for October is the smallest of the year: only 252 flaws to fix! Oracle advises to apply patches 'without delay.'
Reuters: Microsoft's 2013 Breach Hit Bug Repository, Insiders Say
Quick Hits  |  10/17/2017  | 
Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.
Unstructured Data: The Threat You Cannot See
Commentary  |  10/10/2017  | 
Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Commentary  |  10/6/2017  | 
As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.
Ransomware Will Target Backups: 4 Ways to Protect Your Data
Commentary  |  10/4/2017  | 
Backups are the best way to take control of your defense against ransomware, but they need protecting as well.
Equifax CEO Retires in Wake of Breach
Quick Hits  |  9/26/2017  | 
After the company's CIO and CSO resigned Sep. 14, Chairman and CEO Richard F. Smith follows them out the door.
FBI's Freese Shares Risk Management Tips
News  |  9/26/2017  | 
Deputy Assistant Director Donald Freese advises enterprises to lead with a business case and not fear addressing the C-suite on risk management.
If Blockchain Is the Answer, What Is the Security Question?
Commentary  |  9/8/2017  | 
Like any technology, blockchain has its strengths and weaknesses. But debunking three common myths can help you cut through the hype.
GDPR Compliance Preparation: A High-Stakes Guessing Game
Commentary  |  8/24/2017  | 
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dark Reading Videos  |  8/23/2017  | 
Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
Are Third-Party Services Ready for the GDPR?
Commentary  |  8/4/2017  | 
Third-party scripts are likely to be a major stumbling block for companies seeking to be in compliance with the EU's new privacy rules. Here's a possible work-around.
8 Things Every Security Pro Should Know About GDPR
Slideshows  |  6/30/2017  | 
Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
Mobile App Back-End Servers, Databases at Risk
News  |  5/31/2017  | 
Mobile app developers'casual use of back-end technology like Elasticsearch without security-hardening puts unsuspecting enterprises at grave risk of exposure.
UK Loan Firm Wonga Suffers Financial Data Breach
Quick Hits  |  4/11/2017  | 
Customers in the UK and Poland may have had their bank account details compromised.
11 UK Charities Punished for Violating Data Privacy Law
Quick Hits  |  4/6/2017  | 
Organizations fined between 6,000 and 18,000 by UKs Information Commissioners Office.
To Attract and Retain Better Employees, Respect Their Data
Commentary  |  4/3/2017  | 
A lack of privacy erodes trust that employees should have in management.
ERP Attack Risks Come into Focus
News  |  3/16/2017  | 
New highly critical SAP vulnerability highlights dangers against critical business software.
How to Secure Hyperconverged Infrastructures & Why It Is Different
Partner Perspectives  |  2/23/2017  | 
The next-generation datacenter requires new security practices, but that doesnt mean everything we learned about datacenter security becomes obsolete.
Harvest Season: Why Cyberthieves Want Your Compute Power
Commentary  |  2/9/2017  | 
Attackers are hijacking compute power in order to pull off their other crimes.
MongoDB Attack Shows Off Cyber Extortionists' New Tricks
News  |  1/10/2017  | 
Ransomware operators are diversifying their cyber-extortion toolkit and expanding their range of targets.
The Internet Of Things: When Bigger Is Not Better
Commentary  |  12/13/2016  | 
What happens when 10,000 companies add programmability and connectivity to their products, and we increase the Internets attack surface by a million times or more?
Symantec To Buy LifeLock At $2.3 Billion
Quick Hits  |  11/22/2016  | 
Deal set to be finalized by Q1 2017 and financed by cash and $750 million of new debt.
Oracle Announces Acquisition Of Dyn
Quick Hits  |  11/22/2016  | 
Oracle says purchase of the recently DDoSed DNS service is aimed expanding the companys cloud computing platform.
Preparing For Government Data Requests After Apple Vs. FBI
Preparing For Government Data Requests After Apple Vs. FBI
Dark Reading Videos  |  10/31/2016  | 
Jennifer Granick and Riana Pfefferkorn discuss lessons learned from the Apple-FBI case, and how security pros should be prepared if government data requests hit closer to home.
Page 1 / 2   >   >>


Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...
CVE-2018-19829
PUBLISHED: 2018-12-18
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVE-2018-16884
PUBLISHED: 2018-12-18
A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system ...
CVE-2018-17777
PUBLISHED: 2018-12-18
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have acc...
CVE-2018-18921
PUBLISHED: 2018-12-18
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.