Application Security // Database Security
News & Commentary
Backoff, Dairy Queen, UPS & Retail's Growing PoS Security Problem
Sara Peters, Senior Editor at Dark ReadingNews
Retail brands are trying to pass the buck for data security to banks and franchisees, say some experts.
By Sara Peters Senior Editor at Dark Reading, 8/27/2014
Comment0 comments  |  Read  |  Post a Comment
Breach of Homeland Security Background Checks Raises Red Flags
Sara Peters, Senior Editor at Dark ReadingNews
"We should be burning down the house over this," says a GRC expert.
By Sara Peters Senior Editor at Dark Reading, 8/25/2014
Comment12 comments  |  Read  |  Post a Comment
Heartbleed Not Only Reason For Health Systems Breach
Sara Peters, Senior Editor at Dark ReadingNews
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
By Sara Peters Senior Editor at Dark Reading, 8/20/2014
Comment12 comments  |  Read  |  Post a Comment
Community Health Systems Breach Atypical For Chinese Hackers
Sara Peters, Senior Editor at Dark ReadingNews
Publicly traded healthcare organization's stock goes up as breach notifications go out.
By Sara Peters Senior Editor at Dark Reading, 8/18/2014
Comment8 comments  |  Read  |  Post a Comment
Google To Factor Security In Search Results
Thomas Claburn, Editor-at-LargeCommentary
Websites that don't support HTTPS connections may soon be less prominent in Google search results.
By Thomas Claburn Editor-at-Large, 8/7/2014
Comment3 comments  |  Read  |  Post a Comment
Biggest Cache of Stolen Creds Ever Includes 1.2 Billion Unique Logins
Sara Peters, Senior Editor at Dark ReadingQuick Hits
A Russian crime ring has swiped more than a billion unique username-password combinations, plus a half-million email addresses.
By Sara Peters Senior Editor at Dark Reading, 8/5/2014
Comment15 comments  |  Read  |  Post a Comment
Researcher Finds Flaws In Key Oracle Security Feature
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Famed security researcher and Oracle database expert David Litchfield next month at Black Hat USA will present details of weaknesses he discovered in a widely touted new security feature in Oracle databases.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/2/2014
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: Oracle Database Security Hacked
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Learn about newly found vulnerabilities in a key database security feature tomorrow in the next episode of Dark Reading Radio.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/1/2014
Comment2 comments  |  Read  |  Post a Comment
The Only 2 Things Every Developer Needs To Know About Injection
Jeff Williams, CTO, Contrast SecurityCommentary
There’s no simple solution for preventing injection attacks. There are effective strategies that can stop them in their tracks.
By Jeff Williams CTO, Contrast Security, 5/22/2014
Comment3 comments  |  Read  |  Post a Comment
Into The Breach: The Limits Of Data Security Technology
Ted Kobus & Pamela Jones Harbour, BakerHostetlerCommentary
When it comes to cyberdefense spending, the smart money should bet on people and compliance as much as on machines.
By Ted Kobus & Pamela Jones Harbour BakerHostetler, 5/12/2014
Comment8 comments  |  Read  |  Post a Comment
Privacy, Cybercrime Headline the Infosecurity Europe Conference
Mathew J. Schwartz,
Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.
By Mathew J. Schwartz , 5/2/2014
Comment6 comments  |  Read  |  Post a Comment
Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Attack on point-of-sale systems went on for more than six months, officials say.
By Tim Wilson Editor in Chief, Dark Reading, 4/18/2014
Comment5 comments  |  Read  |  Post a Comment
SQL Injection Cleanup Takes Two Months or More
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
A new report highlights the prevalence and persistence of SQL injection attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
What Is The FIDO Alliance?
Dark Reading, CommentaryVideo
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
By Dark Reading , 4/2/2014
Comment0 comments  |  Read  |  Post a Comment
Finally, Plug & Play Authentication!
Phillip M. Dunkelberger, President & CEO, Nok Nok LabsCommentaryVideo
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Attackers Hit Clearinghouse Selling Stolen Target Data
Mathew J. Schwartz, News
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
By Mathew J. Schwartz , 3/18/2014
Comment4 comments  |  Read  |  Post a Comment
Attackers Hit Clearinghouse Selling Stolen Target Data
Mathew J. Schwartz, News
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
By Mathew J. Schwartz , 3/18/2014
Comment4 comments  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
The Case For Browser-Based Access Controls
Garret Grajek, CTO & COO, SecureAuthCommentary
Is "browser-ized" security a better defense against hackers than traditional methods? Check out these two examples.
By Garret Grajek CTO & COO, SecureAuth, 3/7/2014
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6335
Published: 2014-08-26
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and ...

CVE-2014-0480
Published: 2014-08-26
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attackers to conduct phishing attacks via a // (slash slash) in a URL, which triggers a scheme-relative URL ...

CVE-2014-0481
Published: 2014-08-26
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generation process when a file with a conflicting name is uploaded, which allows remote attackers to cause a d...

CVE-2014-0482
Published: 2014-08-26
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.RemoteUserBackend backend, allows remote authenticated users to hijack web sessions via vectors relate...

CVE-2014-0483
Published: 2014-08-26
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a to_field ...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.