Application Security //

Database Security

News & Commentary
Yale Discloses Data Breach
Dark Reading Staff, Quick Hits
The university discloses that someone stole personal information a long time ago.
By Dark Reading Staff , 7/31/2018
Comment1 Comment  |  Read  |  Post a Comment
US-CERT Warns of ERP Application Hacking
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
ERP applications such as Oracle and SAP's are open to exploit and under attack, according to a new report referenced in a US-CERT warning.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/25/2018
Comment0 comments  |  Read  |  Post a Comment
HR Services Firm ComplyRight Suffers Major Data Breach
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
More than 7,500 customer companies were affected, and the number of individuals whose information was leaked is unknown.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/20/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
Sara Peters, Senior Editor at Dark ReadingNews
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
By Sara Peters Senior Editor at Dark Reading, 5/25/2018
Comment14 comments  |  Read  |  Post a Comment
Encryption is Necessary, Tools and Tips Make It Easier
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
12 Trends Shaping Identity Management
Sara Peters, Senior Editor at Dark Reading
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
By Sara Peters Senior Editor at Dark Reading, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Serverless Architectures: A Paradigm Shift in Application Security
Ory Segal, CTO, PureSecCommentary
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
By Ory Segal CTO, PureSec, 4/9/2018
Comment0 comments  |  Read  |  Post a Comment
Electric Utility Hit with Record Fine for Vulnerabilities
Dark Reading Staff, Quick Hits
An unnamed power company has consented to a record fine for leaving critical records exposed.
By Dark Reading Staff , 3/14/2018
Comment0 comments  |  Read  |  Post a Comment
Medical Apps Come Packaged with Hardcoded Credentials
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/14/2018
Comment0 comments  |  Read  |  Post a Comment
Ticking Time Bombs in Your Data Center
Murali Palanisamy, Executive Vice President and Chief Technology Officer,  AppViewXCommentary
The biggest security problems inside your company may result from problems it inherited.
By Murali Palanisamy Executive Vice President and Chief Technology Officer, AppViewX, 2/7/2018
Comment0 comments  |  Read  |  Post a Comment
Poor Visibility, Weak Passwords Compromise Active Directory
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts highlight the biggest problems they see putting Microsoft Active Directory at risk.
By Kelly Sheridan Staff Editor, Dark Reading, 2/1/2018
Comment1 Comment  |  Read  |  Post a Comment
New Database Botnet Leveraged for Bitcoin Mining
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Attackers are quietly building an attack infrastructure using very sensitive machines.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/19/2017
Comment0 comments  |  Read  |  Post a Comment
Post-Breach Carnage: Worst Ways The Axe Fell in 2017
Ericka Chickowski, Contributing Writer, Dark Reading
Executive firings, stock drops, and class action settlements galore, this year was a study in real-world repercussions for cybersecurity lapses.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/11/2017
Comment0 comments  |  Read  |  Post a Comment
We're Still Not Ready for GDPR? What is Wrong With Us?
Sara Peters, Senior Editor at Dark ReadingCommentary
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
By Sara Peters Senior Editor at Dark Reading, 11/17/2017
Comment1 Comment  |  Read  |  Post a Comment
Oracle Fixes 20 Remotely Exploitable Java SE Vulns
Jai Vijayan, Freelance writerNews
Quarterly update for October is the smallest of the year: only 252 flaws to fix! Oracle advises to apply patches 'without delay.'
By Jai Vijayan Freelance writer, 10/18/2017
Comment0 comments  |  Read  |  Post a Comment
Reuters: Microsoft's 2013 Breach Hit Bug Repository, Insiders Say
Dark Reading Staff, Quick Hits
Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.
By Dark Reading Staff , 10/17/2017
Comment0 comments  |  Read  |  Post a Comment
Unstructured Data: The Threat You Cannot See
Charles Fullwood, Software Practice Director at Force 3Commentary
Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.
By Charles Fullwood Software Practice Director at Force 3, 10/10/2017
Comment0 comments  |  Read  |  Post a Comment
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Tom Thomassen, Senior Staff Engineer of Security, MarkLogicCommentary
As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.
By Tom Thomassen Senior Staff Engineer of Security, MarkLogic, 10/6/2017
Comment2 comments  |  Read  |  Post a Comment
Ransomware Will Target Backups: 4 Ways to Protect Your Data
Rod Mathews, Senior VP and General Manager of Data ProtectionCommentary
Backups are the best way to take control of your defense against ransomware, but they need protecting as well.
By Rod Mathews Senior VP and General Manager of Data Protection, 10/4/2017
Comment1 Comment  |  Read  |  Post a Comment
Equifax CEO Retires in Wake of Breach
Dark Reading Staff, Quick Hits
After the company's CIO and CSO resigned Sep. 14, Chairman and CEO Richard F. Smith follows them out the door.
By Dark Reading Staff , 9/26/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by CleanShine
Current Conversations Good
In reply to: thanks
Post Your Own Reply
More Conversations
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Francis Dinha, CEO & Co-Founder of OpenVPN,  8/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11771
PUBLISHED: 2018-08-16
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream,...
CVE-2018-1715
PUBLISHED: 2018-08-16
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 14700...
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.