Application Security // Database Security
News & Commentary
Symantec To Buy LifeLock At $2.3 Billion
Dark Reading Staff, Quick Hits
Deal set to be finalized by Q1 2017 and financed by cash and $750 million of new debt.
By Dark Reading Staff , 11/22/2016
Comment0 comments  |  Read  |  Post a Comment
Oracle Announces Acquisition Of Dyn
Dark Reading Staff, Quick Hits
Oracle says purchase of the recently DDoSed DNS service is aimed expanding the companys cloud computing platform.
By Dark Reading Staff , 11/22/2016
Comment1 Comment  |  Read  |  Post a Comment
Preparing For Government Data Requests After Apple Vs. FBI
Dark Reading Staff, CommentaryVideo
Jennifer Granick and Riana Pfefferkorn discuss lessons learned from the Apple-FBI case, and how security pros should be prepared if government data requests hit closer to home.
By Dark Reading Staff , 10/31/2016
Comment0 comments  |  Read  |  Post a Comment
New Free Tool Stops Petya Ransomware & Rootkits
Sara Peters, Senior Editor at Dark ReadingNews
Meanwhile, Locky puts ransomware on the Check Point Top Three Global Malware List for the first time ever.
By Sara Peters Senior Editor at Dark Reading, 10/20/2016
Comment1 Comment  |  Read  |  Post a Comment
Database Breaches: An Alarming Lack Of Preparedness
John Moynihan, President, Minuteman GovernanceCommentary
It's no secret that databases are fertile ground for malicious activities. Here's how a seven-step process for monitoring known harbingers of an imminent attack can help reduce the risk.
By John Moynihan President, Minuteman Governance, 10/10/2016
Comment3 comments  |  Read  |  Post a Comment
Ex-Cardinal Exec Jailed For Hacking Astros
Dark Reading Staff, Quick Hits
Christopher Correa gets 46 months for unlawful access of rivals database and downloading confidential details.
By Dark Reading Staff , 7/20/2016
Comment1 Comment  |  Read  |  Post a Comment
Ubuntu Forums Database Hacked
Dark Reading Staff, Quick Hits
Canonical probe reveals user account details of 2 million stolen, passwords safe.
By Dark Reading Staff , 7/19/2016
Comment6 comments  |  Read  |  Post a Comment
5 Tips For Making Data Privacy Part Of The Companys Culture
Steve Zurier, Freelance WriterNews
Common sense steps organizations can take to protect corporate data.
By Steve Zurier Freelance Writer, 6/22/2016
Comment0 comments  |  Read  |  Post a Comment
Cloud Apps Just As Secure As On-Premise Apps, Say InfoSec Pros
Sara Peters, Senior Editor at Dark ReadingNews
Unfortunately, 75% of cloud apps will still fall afoul of the new EU General Data Protection Regulation, according to new studies.
By Sara Peters Senior Editor at Dark Reading, 6/9/2016
Comment0 comments  |  Read  |  Post a Comment
Stop Building Silos. Security Is Everyones Problem
Robert Reeves, CTO & Co-Founder, DaticalCommentary
Yes, its true that the speed of DevOps has made security more difficult. But that doesnt mean accelerated release cycles and secure applications have to be mutually exclusive.
By Robert Reeves CTO & Co-Founder, Datical, 4/29/2016
Comment2 comments  |  Read  |  Post a Comment
Malware At Root Of Bangladesh Bank Heist Lies To SWIFT Financial Platform
Sara Peters, Senior Editor at Dark ReadingNews
Customized malware hid $81 million of wire transfers until the money had been safely laundered.
By Sara Peters Senior Editor at Dark Reading, 4/25/2016
Comment1 Comment  |  Read  |  Post a Comment
10 Tips for Securing Your SAP Implementation
Sean Martin, CISSP | President, imsmartin
Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.
By Sean Martin CISSP | President, imsmartin, 4/23/2016
Comment0 comments  |  Read  |  Post a Comment
Databases Remain Soft Underbelly Of Cybersecurity
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Most enterprises still don't continuously monitor database activity.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/21/2016
Comment0 comments  |  Read  |  Post a Comment
EU Privacy Officials Push Back On Privacy Shield
Sara Peters, Senior Editor at Dark ReadingNews
Better than Safe Harbor, but not good enough. Should we care what they think?
By Sara Peters Senior Editor at Dark Reading, 4/13/2016
Comment1 Comment  |  Read  |  Post a Comment
7 Lessons From The Panama Papers Leak
Sara Peters, Senior Editor at Dark ReadingNews
Hopefully your organization isn't hiding as many dark secrets as Mossack Fonseca, but the incident still brings helpful hints about data security, breach response, and breach impact.
By Sara Peters Senior Editor at Dark Reading, 4/5/2016
Comment3 comments  |  Read  |  Post a Comment
Modern Web Apps: Not The Risk They Used To Be (Theyre Worse!)
Ilia Kolochenko, CEO, High-Tech BridgeCommentary
Even a tiny Web application without a single byte of confidential data can expose your corporate crown jewels to cybercriminals.
By Ilia Kolochenko CEO, High-Tech Bridge, 2/26/2016
Comment2 comments  |  Read  |  Post a Comment
Survey: When Leaving Company, Most Insiders Take Data They Created
Sara Peters, Senior Editor at Dark ReadingNews
Most employees believe they own their work, and take strategy documents or intellectual property with them as they head out the door.
By Sara Peters Senior Editor at Dark Reading, 12/23/2015
Comment15 comments  |  Read  |  Post a Comment
6 Critical SAP HANA Vulns Can't Be Fixed With Patches
Sara Peters, Senior Editor at Dark ReadingNews
Onapsis releases 21 SAP HANA security advisories, including some Trexnet vulnerabilities that require upgrades and reconfigurations.
By Sara Peters Senior Editor at Dark Reading, 11/9/2015
Comment0 comments  |  Read  |  Post a Comment
15-Year-Old Arrested For TalkTalk Attack
Sara Peters, Senior Editor at Dark ReadingNews
U.K. police collar Northern Ireland youth for questioning, while security industry tries to make sense of confusing information out of TalkTalk CEO.
By Sara Peters Senior Editor at Dark Reading, 10/26/2015
Comment18 comments  |  Read  |  Post a Comment
Defending & Exploiting SAP Systems
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Juan Pablo Perez-Etchegoyen, CTO of Onapsis, joins the Dark Reading News Desk at Black Hat to discuss the technological and organizational challenges of SAP security.
By Sara Peters Senior Editor at Dark Reading, 10/7/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Five Things Every Business Executive Should Know About Cybersecurity
Don't get lost in security's technical minutiae - a clearer picture of what's at stake can help align business imperatives with technology execution.
Flash Poll
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Dark Reading Strategic Security Report: The Impact of Enterprise Data Breaches
Social engineering, ransomware, and other sophisticated exploits are leading to new IT security compromises every day. Dark Reading's 2016 Strategic Security Survey polled 300 IT and security professionals to get information on breach incidents, the fallout they caused, and how recent events are shaping preparations for inevitable attacks in the coming year. Download this report to get a look at data from the survey and to find out what a breach might mean for your organization.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Security researchers are finding that there's a growing market for the vulnerabilities they discover and persistent conundrum as to the right way to disclose them. Dark Reading editors will speak to experts -- Veracode CTO and co-founder Chris Wysopal and HackerOne co-founder and CTO Alex Rice -- about bug bounties and the expanding market for zero-day security vulnerabilities.