Application Security // Database Security
News & Commentary
Ex-Cardinal Exec Jailed For Hacking Astros
Dark Reading Staff, Quick Hits
Christopher Correa gets 46 months for unlawful access of rivals database and downloading confidential details.
By Dark Reading Staff , 7/20/2016
Comment1 Comment  |  Read  |  Post a Comment
Ubuntu Forums Database Hacked
Dark Reading Staff, Quick Hits
Canonical probe reveals user account details of 2 million stolen, passwords safe.
By Dark Reading Staff , 7/19/2016
Comment3 comments  |  Read  |  Post a Comment
5 Tips For Making Data Privacy Part Of The Companys Culture
Steve Zurier, Freelance WriterNews
Common sense steps organizations can take to protect corporate data.
By Steve Zurier Freelance Writer, 6/22/2016
Comment0 comments  |  Read  |  Post a Comment
Cloud Apps Just As Secure As On-Premise Apps, Say InfoSec Pros
Sara Peters, Senior Editor at Dark ReadingNews
Unfortunately, 75% of cloud apps will still fall afoul of the new EU General Data Protection Regulation, according to new studies.
By Sara Peters Senior Editor at Dark Reading, 6/9/2016
Comment0 comments  |  Read  |  Post a Comment
Stop Building Silos. Security Is Everyones Problem
Robert Reeves, CTO & Co-Founder, DaticalCommentary
Yes, its true that the speed of DevOps has made security more difficult. But that doesnt mean accelerated release cycles and secure applications have to be mutually exclusive.
By Robert Reeves CTO & Co-Founder, Datical, 4/29/2016
Comment2 comments  |  Read  |  Post a Comment
Malware At Root Of Bangladesh Bank Heist Lies To SWIFT Financial Platform
Sara Peters, Senior Editor at Dark ReadingNews
Customized malware hid $81 million of wire transfers until the money had been safely laundered.
By Sara Peters Senior Editor at Dark Reading, 4/25/2016
Comment1 Comment  |  Read  |  Post a Comment
10 Tips for Securing Your SAP Implementation
Sean Martin, CISSP | President, imsmartin
Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.
By Sean Martin CISSP | President, imsmartin, 4/23/2016
Comment0 comments  |  Read  |  Post a Comment
Databases Remain Soft Underbelly Of Cybersecurity
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Most enterprises still don't continuously monitor database activity.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/21/2016
Comment0 comments  |  Read  |  Post a Comment
EU Privacy Officials Push Back On Privacy Shield
Sara Peters, Senior Editor at Dark ReadingNews
Better than Safe Harbor, but not good enough. Should we care what they think?
By Sara Peters Senior Editor at Dark Reading, 4/13/2016
Comment1 Comment  |  Read  |  Post a Comment
7 Lessons From The Panama Papers Leak
Sara Peters, Senior Editor at Dark ReadingNews
Hopefully your organization isn't hiding as many dark secrets as Mossack Fonseca, but the incident still brings helpful hints about data security, breach response, and breach impact.
By Sara Peters Senior Editor at Dark Reading, 4/5/2016
Comment3 comments  |  Read  |  Post a Comment
Modern Web Apps: Not The Risk They Used To Be (Theyre Worse!)
Ilia Kolochenko, CEO, High-Tech BridgeCommentary
Even a tiny Web application without a single byte of confidential data can expose your corporate crown jewels to cybercriminals.
By Ilia Kolochenko CEO, High-Tech Bridge, 2/26/2016
Comment2 comments  |  Read  |  Post a Comment
Survey: When Leaving Company, Most Insiders Take Data They Created
Sara Peters, Senior Editor at Dark ReadingNews
Most employees believe they own their work, and take strategy documents or intellectual property with them as they head out the door.
By Sara Peters Senior Editor at Dark Reading, 12/23/2015
Comment15 comments  |  Read  |  Post a Comment
6 Critical SAP HANA Vulns Can't Be Fixed With Patches
Sara Peters, Senior Editor at Dark ReadingNews
Onapsis releases 21 SAP HANA security advisories, including some Trexnet vulnerabilities that require upgrades and reconfigurations.
By Sara Peters Senior Editor at Dark Reading, 11/9/2015
Comment0 comments  |  Read  |  Post a Comment
15-Year-Old Arrested For TalkTalk Attack
Sara Peters, Senior Editor at Dark ReadingNews
U.K. police collar Northern Ireland youth for questioning, while security industry tries to make sense of confusing information out of TalkTalk CEO.
By Sara Peters Senior Editor at Dark Reading, 10/26/2015
Comment18 comments  |  Read  |  Post a Comment
Defending & Exploiting SAP Systems
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Juan Pablo Perez-Etchegoyen, CTO of Onapsis, joins the Dark Reading News Desk at Black Hat to discuss the technological and organizational challenges of SAP security.
By Sara Peters Senior Editor at Dark Reading, 10/7/2015
Comment2 comments  |  Read  |  Post a Comment
Another Healthcare Insurer, Excellus BCBS, Hit With Mega-Breach
Rutrell Yasin, Business Technology Writer, Tech Writers BureauNews
Excellus Blue Cross Blue Shield and parent company Lifetime Healthcare Companies join ranks of Anthem and Premera after breach that may have exposed more than 10 million patient records.
By Rutrell Yasin Business Technology Writer, Tech Writers Bureau, 9/10/2015
Comment0 comments  |  Read  |  Post a Comment
RiskIQ's Arian Evans Talks Up Hunting Down Digital Assets
Dark Reading Staff, CommentaryVideo
You can't protect what you can't find. Arian Evans, vice president of product marketing for RiskIQ, joins the Dark Reading News Desk at Black Hat to explain how to discover all your assets.
By Dark Reading Staff , 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Data Protection: The 98 Percent Versus The 2 Percent
Jeff Schilling, Chief of Operations and Security, ArmorCommentary
Four steps for defending your most sensitive corporate information from the inside out.
By Jeff Schilling Chief of Operations and Security, Armor, 8/11/2015
Comment0 comments  |  Read  |  Post a Comment
Twitter Security Pro: Encryption Isn't Enough
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Companies need to focus on developing secure coding practices and security education.
By Thomas Claburn Editor at Large, Enterprise Mobility, 7/23/2015
Comment2 comments  |  Read  |  Post a Comment
How Ionic Says It Makes Data Breaches Irrelevant
Sara Peters, Senior Editor at Dark ReadingNews
Ionic Security goes public with a data security platform that manages trillions of encryption keys and enables a user to sign each pixel with its own unique key.
By Sara Peters Senior Editor at Dark Reading, 4/15/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by honey143
Current Conversations Nice post
In reply to: greetings!!
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Cybercrime has become a well-organized business, complete with job specialization, funding, and online customer service. Dark Reading editors speak to cybercrime experts on the evolution of the cybercrime economy and the nature of today's attackers.