Application Security // Database Security
News & Commentary
Data Management Vs. Data Loss Prevention: Vive La Différence!
Todd Feinman,  President & CEO, Identity FinderCommentary
A sensitive data management strategy can include the use of DLP technology, but it also involves a comprehensive understanding of where your data is and what specifically is at risk.
By Todd Feinman President & CEO, Identity Finder, 11/25/2014
Comment3 comments  |  Read  |  Post a Comment
Don't Discount XSS Vulnerabilities
Ericka Chickowski, Contributing Writer, Dark ReadingNews
XSS flaws are more serious than you'd think.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/24/2014
Comment0 comments  |  Read  |  Post a Comment
Retailers Now Actively Sharing Cyberthreat Intelligence
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The retail industry's R-CISC has been up and running for four months now and is looking for more retailers to sign up.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/30/2014
Comment8 comments  |  Read  |  Post a Comment
VA Buckles Down On Cyber Security, Program Management
Henry Kenyon, News
Agency refocuses IT priorities on data protection, on-time project delivery to overcome past poor performance.
By Henry Kenyon , 10/30/2014
Comment0 comments  |  Read  |  Post a Comment
Facebook Automates Fight Against Hackers
Kristin Burnham, Senior Editor, InformationWeek.comNews
Here's a sneak peek into the system Facebook uses to secure your account when other websites are hacked.
By Kristin Burnham Senior Editor, InformationWeek.com, 10/17/2014
Comment18 comments  |  Read  |  Post a Comment
MBIA Breach Highlights Need For Tightened Security Ops
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Configuration change management and better monitoring could have prevented search engine indexing of sensitive financial information.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/9/2014
Comment1 Comment  |  Read  |  Post a Comment
Heartland CEO On Why Retailers Keep Getting Breached
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Robert Carr, chairman and CEO of Heartland Payment Systems, says lack of end-to-end encryption and tokenization were factors in recent data breaches.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/6/2014
Comment17 comments  |  Read  |  Post a Comment
Backoff, Dairy Queen, UPS & Retail's Growing PoS Security Problem
Sara Peters, Senior Editor at Dark ReadingNews
Retail brands are trying to pass the buck for data security to banks and franchisees, say some experts.
By Sara Peters Senior Editor at Dark Reading, 8/27/2014
Comment13 comments  |  Read  |  Post a Comment
Breach of Homeland Security Background Checks Raises Red Flags
Sara Peters, Senior Editor at Dark ReadingNews
"We should be burning down the house over this," says a GRC expert.
By Sara Peters Senior Editor at Dark Reading, 8/25/2014
Comment13 comments  |  Read  |  Post a Comment
Heartbleed Not Only Reason For Health Systems Breach
Sara Peters, Senior Editor at Dark ReadingNews
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
By Sara Peters Senior Editor at Dark Reading, 8/20/2014
Comment14 comments  |  Read  |  Post a Comment
Community Health Systems Breach Atypical For Chinese Hackers
Sara Peters, Senior Editor at Dark ReadingNews
Publicly traded healthcare organization's stock goes up as breach notifications go out.
By Sara Peters Senior Editor at Dark Reading, 8/18/2014
Comment8 comments  |  Read  |  Post a Comment
Google To Factor Security In Search Results
Thomas Claburn, Editor-at-LargeNews
Websites that don't support HTTPS connections may soon be less prominent in Google search results.
By Thomas Claburn Editor-at-Large, 8/7/2014
Comment3 comments  |  Read  |  Post a Comment
Biggest Cache of Stolen Creds Ever Includes 1.2 Billion Unique Logins
Sara Peters, Senior Editor at Dark ReadingQuick Hits
A Russian crime ring has swiped more than a billion unique username-password combinations, plus a half-million email addresses.
By Sara Peters Senior Editor at Dark Reading, 8/5/2014
Comment16 comments  |  Read  |  Post a Comment
Researcher Finds Flaws In Key Oracle Security Feature
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Famed security researcher and Oracle database expert David Litchfield next month at Black Hat USA will present details of weaknesses he discovered in a widely touted new security feature in Oracle databases.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/2/2014
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: Oracle Database Security Hacked
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Learn about newly found vulnerabilities in a key database security feature tomorrow in the next episode of Dark Reading Radio.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/1/2014
Comment2 comments  |  Read  |  Post a Comment
The Only 2 Things Every Developer Needs To Know About Injection
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
There’s no simple solution for preventing injection attacks. There are effective strategies that can stop them in their tracks.
By Jeff Williams CTO, Aspect Security & Contrast Security, 5/22/2014
Comment3 comments  |  Read  |  Post a Comment
Into The Breach: The Limits Of Data Security Technology
Ted Kobus & Pamela Jones Harbour, BakerHostetlerCommentary
When it comes to cyberdefense spending, the smart money should bet on people and compliance as much as on machines.
By Ted Kobus & Pamela Jones Harbour BakerHostetler, 5/12/2014
Comment8 comments  |  Read  |  Post a Comment
Privacy, Cybercrime Headline the Infosecurity Europe Conference
Mathew J. Schwartz,
Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.
By Mathew J. Schwartz , 5/2/2014
Comment6 comments  |  Read  |  Post a Comment
Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Attack on point-of-sale systems went on for more than six months, officials say.
By Tim Wilson Editor in Chief, Dark Reading, 4/18/2014
Comment5 comments  |  Read  |  Post a Comment
SQL Injection Cleanup Takes Two Months or More
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
A new report highlights the prevalence and persistence of SQL injection attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8551
Published: 2014-11-26
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to execute arbitrary code via crafted packets.

CVE-2014-8552
Published: 2014-11-26
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 allows remote attackers to read arbitrary files via crafted packets.

CVE-2014-1421
Published: 2014-11-25
mountall 1.54, as used in Ubuntu 14.10, does not properly handle the umask when using the mount utility, which allows local users to bypass intended access restrictions via unspecified vectors.

CVE-2014-3605
Published: 2014-11-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6407. Reason: This candidate is a reservation duplicate of CVE-2014-6407. Notes: All CVE users should reference CVE-2014-6407 instead of this candidate. All references and descriptions in this candidate have been removed to pre...

CVE-2014-6093
Published: 2014-11-25
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x before 7.0.0.2 CF29, 8.0.x through 8.0.0.1 CF14, and 8.5.x before 8.5.0 CF02 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?