Application Security //

Database Security

News & Commentary
Dino Dai Zovi Dives Into Container Security, SecDevOps
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
By Sara Peters Senior Editor at Dark Reading, 8/23/2017
Comment0 comments  |  Read  |  Post a Comment
Are Third-Party Services Ready for the GDPR?
Hadar Blutrich, CEO of Source DefenseCommentary
Third-party scripts are likely to be a major stumbling block for companies seeking to be in compliance with the EU's new privacy rules. Here's a possible work-around.
By Hadar Blutrich CEO of Source Defense, 8/4/2017
Comment0 comments  |  Read  |  Post a Comment
8 Things Every Security Pro Should Know About GDPR
Jai Vijayan, Freelance writer
Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
By Jai Vijayan Freelance writer, 6/30/2017
Comment1 Comment  |  Read  |  Post a Comment
Mobile App Back-End Servers, Databases at Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Mobile app developers'casual use of back-end technology like Elasticsearch without security-hardening puts unsuspecting enterprises at grave risk of exposure.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/31/2017
Comment0 comments  |  Read  |  Post a Comment
Going Beyond Checkbox Security
InformationWeek Staff, CommentaryVideo
Terry Barbounis, cybersecurity evangelist for CenturyLink, stops by the InformationWeek News Desk.
By InformationWeek Staff , 5/24/2017
Comment0 comments  |  Read  |  Post a Comment
UK Loan Firm Wonga Suffers Financial Data Breach
Dark Reading Staff, Quick Hits
Customers in the UK and Poland may have had their bank account details compromised.
By Dark Reading Staff , 4/11/2017
Comment1 Comment  |  Read  |  Post a Comment
11 UK Charities Punished for Violating Data Privacy Law
Dark Reading Staff, Quick Hits
Organizations fined between 6,000 and 18,000 by UKs Information Commissioners Office.
By Dark Reading Staff , 4/6/2017
Comment0 comments  |  Read  |  Post a Comment
To Attract and Retain Better Employees, Respect Their Data
Brian Vecci, Technical Evangelist, Varonis SystemsCommentary
A lack of privacy erodes trust that employees should have in management.
By Brian Vecci Technical Evangelist, Varonis Systems, 4/3/2017
Comment3 comments  |  Read  |  Post a Comment
ERP Attack Risks Come into Focus
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New highly critical SAP vulnerability highlights dangers against critical business software.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/16/2017
Comment0 comments  |  Read  |  Post a Comment
How to Secure Hyperconverged Infrastructures & Why It Is Different
Liviu Arsene, Senior E-threat Analyst, Bitdefender
The next-generation datacenter requires new security practices, but that doesnt mean everything we learned about datacenter security becomes obsolete.
By Liviu Arsene Senior E-threat Analyst, Bitdefender, 2/23/2017
Comment0 comments  |  Read  |  Post a Comment
Harvest Season: Why Cyberthieves Want Your Compute Power
Dave Klein, Regional Director of Sales Engineering & Architecture, GuardiCoreCommentary
Attackers are hijacking compute power in order to pull off their other crimes.
By Dave Klein Regional Director of Sales Engineering & Architecture, GuardiCore, 2/9/2017
Comment0 comments  |  Read  |  Post a Comment
MongoDB Attack Shows Off Cyber Extortionists' New Tricks
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Ransomware operators are diversifying their cyber-extortion toolkit and expanding their range of targets.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/10/2017
Comment0 comments  |  Read  |  Post a Comment
The Internet Of Things: When Bigger Is Not Better
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
What happens when 10,000 companies add programmability and connectivity to their products, and we increase the Internets attack surface by a million times or more?
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 12/13/2016
Comment0 comments  |  Read  |  Post a Comment
Symantec To Buy LifeLock At $2.3 Billion
Dark Reading Staff, Quick Hits
Deal set to be finalized by Q1 2017 and financed by cash and $750 million of new debt.
By Dark Reading Staff , 11/22/2016
Comment2 comments  |  Read  |  Post a Comment
Oracle Announces Acquisition Of Dyn
Dark Reading Staff, Quick Hits
Oracle says purchase of the recently DDoSed DNS service is aimed expanding the companys cloud computing platform.
By Dark Reading Staff , 11/22/2016
Comment1 Comment  |  Read  |  Post a Comment
Preparing For Government Data Requests After Apple Vs. FBI
Dark Reading Staff, CommentaryVideo
Jennifer Granick and Riana Pfefferkorn discuss lessons learned from the Apple-FBI case, and how security pros should be prepared if government data requests hit closer to home.
By Dark Reading Staff , 10/31/2016
Comment0 comments  |  Read  |  Post a Comment
New Free Tool Stops Petya Ransomware & Rootkits
Sara Peters, Senior Editor at Dark ReadingNews
Meanwhile, Locky puts ransomware on the Check Point Top Three Global Malware List for the first time ever.
By Sara Peters Senior Editor at Dark Reading, 10/20/2016
Comment1 Comment  |  Read  |  Post a Comment
Database Breaches: An Alarming Lack Of Preparedness
John Moynihan, President, Minuteman GovernanceCommentary
It's no secret that databases are fertile ground for malicious activities. Here's how a seven-step process for monitoring known harbingers of an imminent attack can help reduce the risk.
By John Moynihan President, Minuteman Governance, 10/10/2016
Comment3 comments  |  Read  |  Post a Comment
Ex-Cardinal Exec Jailed For Hacking Astros
Dark Reading Staff, Quick Hits
Christopher Correa gets 46 months for unlawful access of rivals database and downloading confidential details.
By Dark Reading Staff , 7/20/2016
Comment1 Comment  |  Read  |  Post a Comment
Ubuntu Forums Database Hacked
Dark Reading Staff, Quick Hits
Canonical probe reveals user account details of 2 million stolen, passwords safe.
By Dark Reading Staff , 7/19/2016
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Darn - typed UNICORN instead of UNICODE.  
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.