Application Security // Database Security
News & Commentary
New Free Tool Stops Petya Ransomware & Rootkits
Sara Peters, Senior Editor at Dark ReadingNews
Meanwhile, Locky puts ransomware on the Check Point Top Three Global Malware List for the first time ever.
By Sara Peters Senior Editor at Dark Reading, 10/20/2016
Comment1 Comment  |  Read  |  Post a Comment
Database Breaches: An Alarming Lack Of Preparedness
John Moynihan, President, Minuteman GovernanceCommentaryy
It's no secret that databases are fertile ground for malicious activities. Here's how a seven-step process for monitoring known harbingers of an imminent attack can help reduce the risk.
By John Moynihan President, Minuteman Governance, 10/10/2016
Comment3 comments  |  Read  |  Post a Comment
Ex-Cardinal Exec Jailed For Hacking Astros
Dark Reading Staff, Quick Hits
Christopher Correa gets 46 months for unlawful access of rivals database and downloading confidential details.
By Dark Reading Staff , 7/20/2016
Comment1 Comment  |  Read  |  Post a Comment
Ubuntu Forums Database Hacked
Dark Reading Staff, Quick Hits
Canonical probe reveals user account details of 2 million stolen, passwords safe.
By Dark Reading Staff , 7/19/2016
Comment5 comments  |  Read  |  Post a Comment
5 Tips For Making Data Privacy Part Of The Companys Culture
Steve Zurier, Freelance WriterNews
Common sense steps organizations can take to protect corporate data.
By Steve Zurier Freelance Writer, 6/22/2016
Comment0 comments  |  Read  |  Post a Comment
Cloud Apps Just As Secure As On-Premise Apps, Say InfoSec Pros
Sara Peters, Senior Editor at Dark ReadingNews
Unfortunately, 75% of cloud apps will still fall afoul of the new EU General Data Protection Regulation, according to new studies.
By Sara Peters Senior Editor at Dark Reading, 6/9/2016
Comment0 comments  |  Read  |  Post a Comment
Stop Building Silos. Security Is Everyones Problem
Robert Reeves, CTO & Co-Founder, DaticalCommentaryy
Yes, its true that the speed of DevOps has made security more difficult. But that doesnt mean accelerated release cycles and secure applications have to be mutually exclusive.
By Robert Reeves CTO & Co-Founder, Datical, 4/29/2016
Comment2 comments  |  Read  |  Post a Comment
Malware At Root Of Bangladesh Bank Heist Lies To SWIFT Financial Platform
Sara Peters, Senior Editor at Dark ReadingNews
Customized malware hid $81 million of wire transfers until the money had been safely laundered.
By Sara Peters Senior Editor at Dark Reading, 4/25/2016
Comment1 Comment  |  Read  |  Post a Comment
10 Tips for Securing Your SAP Implementation
Sean Martin, CISSP | President, imsmartin
Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.
By Sean Martin CISSP | President, imsmartin, 4/23/2016
Comment0 comments  |  Read  |  Post a Comment
Databases Remain Soft Underbelly Of Cybersecurity
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Most enterprises still don't continuously monitor database activity.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/21/2016
Comment0 comments  |  Read  |  Post a Comment
EU Privacy Officials Push Back On Privacy Shield
Sara Peters, Senior Editor at Dark ReadingNews
Better than Safe Harbor, but not good enough. Should we care what they think?
By Sara Peters Senior Editor at Dark Reading, 4/13/2016
Comment1 Comment  |  Read  |  Post a Comment
7 Lessons From The Panama Papers Leak
Sara Peters, Senior Editor at Dark ReadingNews
Hopefully your organization isn't hiding as many dark secrets as Mossack Fonseca, but the incident still brings helpful hints about data security, breach response, and breach impact.
By Sara Peters Senior Editor at Dark Reading, 4/5/2016
Comment3 comments  |  Read  |  Post a Comment
Modern Web Apps: Not The Risk They Used To Be (Theyre Worse!)
Ilia Kolochenko, CEO, High-Tech BridgeCommentaryy
Even a tiny Web application without a single byte of confidential data can expose your corporate crown jewels to cybercriminals.
By Ilia Kolochenko CEO, High-Tech Bridge, 2/26/2016
Comment2 comments  |  Read  |  Post a Comment
Survey: When Leaving Company, Most Insiders Take Data They Created
Sara Peters, Senior Editor at Dark ReadingNews
Most employees believe they own their work, and take strategy documents or intellectual property with them as they head out the door.
By Sara Peters Senior Editor at Dark Reading, 12/23/2015
Comment15 comments  |  Read  |  Post a Comment
6 Critical SAP HANA Vulns Can't Be Fixed With Patches
Sara Peters, Senior Editor at Dark ReadingNews
Onapsis releases 21 SAP HANA security advisories, including some Trexnet vulnerabilities that require upgrades and reconfigurations.
By Sara Peters Senior Editor at Dark Reading, 11/9/2015
Comment0 comments  |  Read  |  Post a Comment
15-Year-Old Arrested For TalkTalk Attack
Sara Peters, Senior Editor at Dark ReadingNews
U.K. police collar Northern Ireland youth for questioning, while security industry tries to make sense of confusing information out of TalkTalk CEO.
By Sara Peters Senior Editor at Dark Reading, 10/26/2015
Comment18 comments  |  Read  |  Post a Comment
Defending & Exploiting SAP Systems
Sara Peters, Senior Editor at Dark ReadingCommentaryyVideo
Juan Pablo Perez-Etchegoyen, CTO of Onapsis, joins the Dark Reading News Desk at Black Hat to discuss the technological and organizational challenges of SAP security.
By Sara Peters Senior Editor at Dark Reading, 10/7/2015
Comment2 comments  |  Read  |  Post a Comment
Another Healthcare Insurer, Excellus BCBS, Hit With Mega-Breach
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Excellus Blue Cross Blue Shield and parent company Lifetime Healthcare Companies join ranks of Anthem and Premera after breach that may have exposed more than 10 million patient records.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 9/10/2015
Comment0 comments  |  Read  |  Post a Comment
RiskIQ's Arian Evans Talks Up Hunting Down Digital Assets
Dark Reading Staff, CommentaryyVideo
You can't protect what you can't find. Arian Evans, vice president of product marketing for RiskIQ, joins the Dark Reading News Desk at Black Hat to explain how to discover all your assets.
By Dark Reading Staff , 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Data Protection: The 98 Percent Versus The 2 Percent
Jeff Schilling, Chief of Operations and Security, ArmorCommentaryy
Four steps for defending your most sensitive corporate information from the inside out.
By Jeff Schilling Chief of Operations and Security, Armor, 8/11/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
The Top Cybersecurity Risks And How Enterprises Are Responding
The Top Cybersecurity Risks And How Enterprises Are Responding
The information security landscape is a constantly shifting risk environment. Today's IT security department must manage both internal and external threats' ranging from malware to mobile device vulnerabilities, to cloud security and ransomware. Download the Dark Reading 2016 Strategic Security Survey to gain insight into how security professionals view these risks, and how they are addressing them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.