Application Security // Database Security
News & Commentary
Researcher Finds Flaws In Key Oracle Security Feature
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Famed security researcher and Oracle database expert David Litchfield next month at Black Hat USA will present details of weaknesses he discovered in a widely touted new security feature in Oracle databases.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/2/2014
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: Oracle Database Security Hacked
Kelly Jackson Higgins, Senior Editor, Dark ReadingCommentary
Learn about newly found vulnerabilities in a key database security feature tomorrow in the next episode of Dark Reading Radio.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/1/2014
Comment2 comments  |  Read  |  Post a Comment
The Only 2 Things Every Developer Needs To Know About Injection
Jeff Williams, CTO, Contrast SecurityCommentary
There’s no simple solution for preventing injection attacks. There are effective strategies that can stop them in their tracks.
By Jeff Williams CTO, Contrast Security, 5/22/2014
Comment3 comments  |  Read  |  Post a Comment
Into The Breach: The Limits Of Data Security Technology
Ted Kobus & Pamela Jones Harbour, BakerHostetlerCommentary
When it comes to cyberdefense spending, the smart money should bet on people and compliance as much as on machines.
By Ted Kobus & Pamela Jones Harbour BakerHostetler, 5/12/2014
Comment8 comments  |  Read  |  Post a Comment
Privacy, Cybercrime Headline the Infosecurity Europe Conference
Mathew J. Schwartz,
Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.
By Mathew J. Schwartz , 5/2/2014
Comment6 comments  |  Read  |  Post a Comment
Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Attack on point-of-sale systems went on for more than six months, officials say.
By Tim Wilson Editor in Chief, Dark Reading, 4/18/2014
Comment5 comments  |  Read  |  Post a Comment
SQL Injection Cleanup Takes Two Months or More
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
A new report highlights the prevalence and persistence of SQL injection attacks.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/17/2014
Comment1 Comment  |  Read  |  Post a Comment
What Is The FIDO Alliance?
Dark Reading, CommentaryVideo
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
By Dark Reading , 4/2/2014
Comment0 comments  |  Read  |  Post a Comment
Finally, Plug & Play Authentication!
Phil Dunkelberger, President & CEO, Nok Nok LabsCommentaryVideo
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
By Phil Dunkelberger President & CEO, Nok Nok Labs, 3/26/2014
Comment1 Comment  |  Read  |  Post a Comment
Attackers Hit Clearinghouse Selling Stolen Target Data
Mathew J. Schwartz, News
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
By Mathew J. Schwartz , 3/18/2014
Comment4 comments  |  Read  |  Post a Comment
7 Behaviors That Could Indicate A Security Breach
Becca Lipman, News
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
By Becca Lipman , 3/14/2014
Comment1 Comment  |  Read  |  Post a Comment
The Case For Browser-Based Access Controls
Garret Grajek, CTO & COO, SecureAuthCommentary
Is "browser-ized" security a better defense against hackers than traditional methods? Check out these two examples.
By Garret Grajek CTO & COO, SecureAuth, 3/7/2014
Comment2 comments  |  Read  |  Post a Comment
FIDO Alliance Releases Authentication Standards, Unveils Products
Tim Wilson, Editor in Chief, Dark ReadingNews
Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.
By Tim Wilson Editor in Chief, Dark Reading, 2/18/2014
Comment0 comments  |  Read  |  Post a Comment
Target Breach: Phishing Attack Implicated
Mathew J. Schwartz, News
Report suggests malware-laced email attack on Target's HVAC subcontractor leaked access credentials for retailer's network.
By Mathew J. Schwartz , 2/13/2014
Comment12 comments  |  Read  |  Post a Comment
Data Breach Notifications: Time For Tough Love
Mathew J. Schwartz, Commentary
Target and Neiman Marcus came clean quickly about their data breaches, but most business don't. It's time for standards -- and fines.
By Mathew J. Schwartz , 2/7/2014
Comment12 comments  |  Read  |  Post a Comment
4 Hurdles That Trip Security Analytics Efforts
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Don't let these people and process problems get in the way of security analytics effectiveness.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/29/2014
Comment1 Comment  |  Read  |  Post a Comment
Target Mocks, Not Helps, Its Data Breach Victims
Ira Winkler, Co-Founder & President, Secure Mentem, Inc.Commentary
The only thing consumers did wrong is to shop at Target. Why are they being blamed for the retailer's security failings?
By Ira Winkler Co-Founder & President, Secure Mentem, Inc., 1/22/2014
Comment22 comments  |  Read  |  Post a Comment
HIPAA, SOX & PCI: The Coming Compliance Crisis In IT Security
Andy Daudelin, VP Security Services, AT&T Business SolutionsCommentary
New mandates around datacenter virtualization, enterprise apps, and BYOD will stretch IT security staffs and budgets to the max in 2014.
By Andy Daudelin VP Security Services, AT&T Business Solutions, 1/21/2014
Comment11 comments  |  Read  |  Post a Comment
Target Breach: 8 Facts On Memory-Scraping Malware
Mathew J. Schwartz, News
Target confirmed that malware compromised its point-of-sale systems. How does such malware work, and how can businesses prevent infections?
By Mathew J. Schwartz , 1/14/2014
Comment4 comments  |  Read  |  Post a Comment
Cloud Gazing: 3 Security Trends To Watch
Bill Kleyman, National Director of Strategy & Innovation, MTM TechnologiesCommentary
The ultimate success of cloud computing depends on the security solutions we wrap around it.
By Bill Kleyman National Director of Strategy & Innovation, MTM Technologies, 1/9/2014
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.