Application Security // Database Security
News & Commentary
Don't Discount XSS Vulnerabilities
Ericka Chickowski, Contributing Writer, Dark ReadingNews
XSS flaws are more serious than you'd think.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/24/2014
Comment0 comments  |  Read  |  Post a Comment
Retailers Now Actively Sharing Cyberthreat Intelligence
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The retail industry's R-CISC has been up and running for four months now and is looking for more retailers to sign up.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/30/2014
Comment8 comments  |  Read  |  Post a Comment
VA Buckles Down On Cyber Security, Program Management
Henry Kenyon, News
Agency refocuses IT priorities on data protection, on-time project delivery to overcome past poor performance.
By Henry Kenyon , 10/30/2014
Comment0 comments  |  Read  |  Post a Comment
Facebook Automates Fight Against Hackers
Kristin Burnham, Senior Editor, InformationWeek.comNews
Here's a sneak peek into the system Facebook uses to secure your account when other websites are hacked.
By Kristin Burnham Senior Editor, InformationWeek.com, 10/17/2014
Comment18 comments  |  Read  |  Post a Comment
MBIA Breach Highlights Need For Tightened Security Ops
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Configuration change management and better monitoring could have prevented search engine indexing of sensitive financial information.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/9/2014
Comment1 Comment  |  Read  |  Post a Comment
Heartland CEO On Why Retailers Keep Getting Breached
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Robert Carr, chairman and CEO of Heartland Payment Systems, says lack of end-to-end encryption and tokenization were factors in recent data breaches.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/6/2014
Comment17 comments  |  Read  |  Post a Comment
Backoff, Dairy Queen, UPS & Retail's Growing PoS Security Problem
Sara Peters, Senior Editor at Dark ReadingNews
Retail brands are trying to pass the buck for data security to banks and franchisees, say some experts.
By Sara Peters Senior Editor at Dark Reading, 8/27/2014
Comment13 comments  |  Read  |  Post a Comment
Breach of Homeland Security Background Checks Raises Red Flags
Sara Peters, Senior Editor at Dark ReadingNews
"We should be burning down the house over this," says a GRC expert.
By Sara Peters Senior Editor at Dark Reading, 8/25/2014
Comment13 comments  |  Read  |  Post a Comment
Heartbleed Not Only Reason For Health Systems Breach
Sara Peters, Senior Editor at Dark ReadingNews
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
By Sara Peters Senior Editor at Dark Reading, 8/20/2014
Comment14 comments  |  Read  |  Post a Comment
Community Health Systems Breach Atypical For Chinese Hackers
Sara Peters, Senior Editor at Dark ReadingNews
Publicly traded healthcare organization's stock goes up as breach notifications go out.
By Sara Peters Senior Editor at Dark Reading, 8/18/2014
Comment8 comments  |  Read  |  Post a Comment
Google To Factor Security In Search Results
Thomas Claburn, Editor-at-LargeNews
Websites that don't support HTTPS connections may soon be less prominent in Google search results.
By Thomas Claburn Editor-at-Large, 8/7/2014
Comment3 comments  |  Read  |  Post a Comment
Biggest Cache of Stolen Creds Ever Includes 1.2 Billion Unique Logins
Sara Peters, Senior Editor at Dark ReadingQuick Hits
A Russian crime ring has swiped more than a billion unique username-password combinations, plus a half-million email addresses.
By Sara Peters Senior Editor at Dark Reading, 8/5/2014
Comment16 comments  |  Read  |  Post a Comment
Researcher Finds Flaws In Key Oracle Security Feature
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Famed security researcher and Oracle database expert David Litchfield next month at Black Hat USA will present details of weaknesses he discovered in a widely touted new security feature in Oracle databases.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/2/2014
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: Oracle Database Security Hacked
Kelly Jackson Higgins, Executive Editor at Dark ReadingCommentary
Learn about newly found vulnerabilities in a key database security feature tomorrow in the next episode of Dark Reading Radio.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/1/2014
Comment2 comments  |  Read  |  Post a Comment
The Only 2 Things Every Developer Needs To Know About Injection
Jeff Williams, CTO, Aspect Security & Contrast SecurityCommentary
There’s no simple solution for preventing injection attacks. There are effective strategies that can stop them in their tracks.
By Jeff Williams CTO, Aspect Security & Contrast Security, 5/22/2014
Comment3 comments  |  Read  |  Post a Comment
Into The Breach: The Limits Of Data Security Technology
Ted Kobus & Pamela Jones Harbour, BakerHostetlerCommentary
When it comes to cyberdefense spending, the smart money should bet on people and compliance as much as on machines.
By Ted Kobus & Pamela Jones Harbour BakerHostetler, 5/12/2014
Comment8 comments  |  Read  |  Post a Comment
Privacy, Cybercrime Headline the Infosecurity Europe Conference
Mathew J. Schwartz,
Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.
By Mathew J. Schwartz , 5/2/2014
Comment6 comments  |  Read  |  Post a Comment
Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Attack on point-of-sale systems went on for more than six months, officials say.
By Tim Wilson Editor in Chief, Dark Reading, 4/18/2014
Comment5 comments  |  Read  |  Post a Comment
SQL Injection Cleanup Takes Two Months or More
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
A new report highlights the prevalence and persistence of SQL injection attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
What Is The FIDO Alliance?
Dark Reading, CommentaryVideo
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
By Dark Reading , 4/2/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2010-5312
Published: 2014-11-24
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVE-2012-6662
Published: 2014-11-24
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo.

CVE-2014-1424
Published: 2014-11-24
apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 in Ubuntu 14.04 allows attackers to bypass AppArmor policies via unspecified vectors, related to a "miscompilation flaw."

CVE-2014-7817
Published: 2014-11-24
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))".

CVE-2014-7821
Published: 2014-11-24
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?