Application Security // Database Security
News & Commentary
How Ionic Says It Makes Data Breaches Irrelevant
Sara Peters, Senior Editor at Dark ReadingNews
Ionic Security goes public with a data security platform that manages trillions of encryption keys and enables a user to sign each pixel with its own unique key.
By Sara Peters Senior Editor at Dark Reading, 4/15/2015
Comment2 comments  |  Read  |  Post a Comment
7 Bugs, Breaches, & Compromises To Rock 2015 (So Far)
Ericka Chickowski, Contributing Writer, Dark Reading
The year's started off with a bang; will we hear risk management pros whimper?
By Ericka Chickowski Contributing Writer, Dark Reading, 3/30/2015
Comment3 comments  |  Read  |  Post a Comment
Two More Health Insurers Report Data Breach
Dark Reading Staff, Quick Hits
Premera Blue Cross and LifeWise say 11.25 million customers' records might have been exposed.
By Dark Reading Staff , 3/17/2015
Comment4 comments  |  Read  |  Post a Comment
Cybercrime Dipped During Holiday Shopping Season
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The number of businesses breached dropped by half from years past, but attackers got more bang for their buck in terms of stolen records, a new IBM report reveals.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/5/2015
Comment7 comments  |  Read  |  Post a Comment
JPMorgan Hack: 2FA MIA In Breached Server
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Sources close to the breach investigation say a network server missing two-factor authentication let attackers make their way into JPMorgan's servers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/24/2014
Comment18 comments  |  Read  |  Post a Comment
4 Worst Government Data Breaches Of 2014
Jai Vijayan, Freelance writerNews
Government agency breaches pale in comparison to private sector companies' problems, but government did get hacked in 2014. Look at the four biggest incidents.
By Jai Vijayan Freelance writer, 12/11/2014
Comment0 comments  |  Read  |  Post a Comment
Data Management Vs. Data Loss Prevention: Vive La Différence!
Todd Feinman,  President & CEO, Identity FinderCommentary
A sensitive data management strategy can include the use of DLP technology, but it also involves a comprehensive understanding of where your data is and what specifically is at risk.
By Todd Feinman President & CEO, Identity Finder, 11/25/2014
Comment4 comments  |  Read  |  Post a Comment
Don't Discount XSS Vulnerabilities
Ericka Chickowski, Contributing Writer, Dark ReadingNews
XSS flaws are more serious than you'd think.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/24/2014
Comment4 comments  |  Read  |  Post a Comment
Retailers Now Actively Sharing Cyberthreat Intelligence
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The retail industry's R-CISC has been up and running for four months now and is looking for more retailers to sign up.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/30/2014
Comment8 comments  |  Read  |  Post a Comment
VA Buckles Down On Cyber Security, Program Management
Henry Kenyon, News
Agency refocuses IT priorities on data protection, on-time project delivery to overcome past poor performance.
By Henry Kenyon , 10/30/2014
Comment0 comments  |  Read  |  Post a Comment
Facebook Automates Fight Against Hackers
Kristin Burnham, Senior Editor, InformationWeek.comNews
Here's a sneak peek into the system Facebook uses to secure your account when other websites are hacked.
By Kristin Burnham Senior Editor, InformationWeek.com, 10/17/2014
Comment18 comments  |  Read  |  Post a Comment
MBIA Breach Highlights Need For Tightened Security Ops
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Configuration change management and better monitoring could have prevented search engine indexing of sensitive financial information.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/9/2014
Comment1 Comment  |  Read  |  Post a Comment
Heartland CEO On Why Retailers Keep Getting Breached
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Robert Carr, chairman and CEO of Heartland Payment Systems, says lack of end-to-end encryption and tokenization were factors in recent data breaches.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/6/2014
Comment17 comments  |  Read  |  Post a Comment
Backoff, Dairy Queen, UPS & Retail's Growing PoS Security Problem
Sara Peters, Senior Editor at Dark ReadingNews
Retail brands are trying to pass the buck for data security to banks and franchisees, say some experts.
By Sara Peters Senior Editor at Dark Reading, 8/27/2014
Comment13 comments  |  Read  |  Post a Comment
Breach of Homeland Security Background Checks Raises Red Flags
Sara Peters, Senior Editor at Dark ReadingNews
"We should be burning down the house over this," says a GRC expert.
By Sara Peters Senior Editor at Dark Reading, 8/25/2014
Comment13 comments  |  Read  |  Post a Comment
Heartbleed Not Only Reason For Health Systems Breach
Sara Peters, Senior Editor at Dark ReadingNews
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
By Sara Peters Senior Editor at Dark Reading, 8/20/2014
Comment14 comments  |  Read  |  Post a Comment
Community Health Systems Breach Atypical For Chinese Hackers
Sara Peters, Senior Editor at Dark ReadingNews
Publicly traded healthcare organization's stock goes up as breach notifications go out.
By Sara Peters Senior Editor at Dark Reading, 8/18/2014
Comment8 comments  |  Read  |  Post a Comment
Google To Factor Security In Search Results
Thomas Claburn, Editor at Large, Enterprise MobilityNews
Websites that don't support HTTPS connections may soon be less prominent in Google search results.
By Thomas Claburn Editor at Large, Enterprise Mobility, 8/7/2014
Comment3 comments  |  Read  |  Post a Comment
Biggest Cache of Stolen Creds Ever Includes 1.2 Billion Unique Logins
Sara Peters, Senior Editor at Dark ReadingQuick Hits
A Russian crime ring has swiped more than a billion unique username-password combinations, plus a half-million email addresses.
By Sara Peters Senior Editor at Dark Reading, 8/5/2014
Comment16 comments  |  Read  |  Post a Comment
Researcher Finds Flaws In Key Oracle Security Feature
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Famed security researcher and Oracle database expert David Litchfield next month at Black Hat USA will present details of weaknesses he discovered in a widely touted new security feature in Oracle databases.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/2/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1774
Published: 2015-04-28
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

CVE-2015-1863
Published: 2015-04-28
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.

CVE-2015-3340
Published: 2015-04-28
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.