Welcome Guest. | Log In| Register | Membership Benefits

All News

Ex-TSA Employee Indicted For Tampering With Database Of Terrorist Suspects March 11, 2010
Case serves as a wake-up call about the potential dangers of malicious insider access to sensitive data

Voluntary Breach Disclosure Rare But Valuable March 09, 2010
Most organizations won't go public about an attack unless they have to, but security experts say there are ways to collaborate without being stigmatized

Product Watch: Gemalto Rolls Out Secure Online Banking On A Stick March 08, 2010
USB thumb drive helps protect against man-in-the middle attacks

New Massachusetts Data Privacy Law Adds Incentive For Strong Database Security March 05, 2010
Massachusetts Data Privacy Law went into effect on March 1, focuses on prevention

Securing The Link Between Web Applications And Databases March 02, 2010
Are insecure Web applications threatening the security of your database? New report outlines steps that could help reduce that threat

Database Security Metrics Project Needs Community Input February 26, 2010
Project Quant to offer framework and a way to measure time, tools, and manpower for locking down databases

Comcast Goes DNSSEC, OpenDNS Adopts Alternative DNS Security February 24, 2010
DNS provider OpenDNS selects DNSCurve over DNSSEC, but experts say the two technologies could eventually play together

Criminals Hide Payment-Card Skimmers Inside Gas Station Pumps February 22, 2010
Wave of recent bank-card skimming incidents demonstrate how sophisticated the scam has become

SQL Injections Top Attack Statistics February 22, 2010
Cybercriminals are increasingly using automated SQL injection attacks powered by botnets to hit vulnerable systems

Core Integrates Its Penetration Testing Product With Metasploit February 16, 2010
Next version of Core Impact Pro commercial tool will work in concert with Metasploit

Shell Employee Directory Leaked, Allegedly By Activist Workers February 12, 2010
Oil company acknowledges leak, but says it isn't sure current employees did the deed

Workarounds Abound While Oracle Scrambles To Patch Zero-Day Flaw February 10, 2010
How to defend against attacks exploiting new privilege-escalation vulnerability in Oracle 10g, 11g databases

Product Watch: New Tool Automatically Examines Suspicious Code In Memory February 08, 2010
HBGary Responder Professional 2.0 analyzed malware behavior in the Operation Aurora in five minutes

Database Account-Provisioning Errors A Major Cause Of Breaches February 05, 2010
Database accounts are often managed manually -- if at all

Hospitality Industry Hit Hardest By Hacks February 04, 2010
Trustwave report on data breach investigations shows hotels were breached more than financial institutions last year, and nearly all attacks were after payment-card data

Black Hat DC: Researchers Reveal Connection String 'Pollution' Attack February 02, 2010
Tool released tests for so-called Connection String Parameter Pollution (CSPP) attack

Hack On Iowa Racing/Gaming Unit Jeopardizes Data Of 80,000 Employees February 01, 2010
Hacked server contained casino employee information, state officials say

Computer Theft Adds Up To $7 Million For Blue Cross Of Tennessee January 27, 2010
October break-in nets 57 computers for thieves -- and major headaches for healthcare firm

Report: More Than 560,000 Websites Infected In Q4 January 26, 2010
Web attacks get stealthier and more efficient; 5.5 million Web pages discovered to be infected

Flaws In The 'Aurora' Attacks January 25, 2010
Security experts say targeted attacks could have been much worse, point out strategic errors made by the attackers

New Details On Targeted Attacks On Google, Others, Trickle Out January 21, 2010
Meanwhile, Microsoft releases emergency patch for IE exploit used in the attacks

Enterprise Data Taken To The Cleaners -- Literally January 20, 2010
Study of 100 U.K. dry cleaners finds more than 4,500 storage devices left in clothes in one year

Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property January 13, 2010
Attackers used intelligence, custom malware to access Google, Adobe, and other U.S. companies' systems

U.S. Army Website Hacked January 12, 2010
SQL injection, plain-text passwords leave databases exposed

Don't Wait To Lock Down DB2 January 08, 2010
Existing access control, trusted context features in DB2 are not widely deployed

Intel Website Hacked With SQL Injection December 23, 2009
Hacker reveals major hole that exposes personal passport information on channel partner events Website

Social Networking Developer Site Database Hacked In SQL Injection Attack December 15, 2009
32 million accounts exposed, Webmail accounts could be at risk as well

Databases In Peril December 08, 2009
New report finds database security 'crisis' as many cash-strapped enterprises can't pass database compliance audits

Data Masking Helps Keep Live Data From Peeking Out, Experts Say December 04, 2009
Emerging technology may prevent shared and test database content from appearing where it shouldn't

New Report Helps Enterprises Choose Their Own DAM Products December 02, 2009
Study of database activity monitoring offers insights on how DAM products work -- and how to choose between them

Product Watch: IBM Buys Database Security Firm Guardium November 30, 2009
Big Blue plans to integrate Guardium's database activity monitoring technology into its information management software products

T-Mobile: Employee Data Theft Leads To U.K.'s Largest Data Breach November 18, 2009
Employee sold millions of customer records to data brokers, reports say

Thwarting SQL Injection Threats November 02, 2009
New Dark Reading report explores what database developers and database administrators can do about the pervasive SQL injection attack

New Honeypot Mimics The Web Vulnerabilities Attackers Want To Exploit October 29, 2009
New open-source Honeynet Project tool toys with attackers by dynamically emulating apps with the types of bugs they're looking for

FTC Orders ChoicePoint To Pay $275,000 For 2008 Data Breach October 21, 2009
Agency alleges that data broker didn't do enough to protect information after massive breach in 2005

Six Steps Toward Better Database Security Compliance October 09, 2009
Discovery, assessment, and monitoring play key roles in compliance efforts, experts say

Databases' Most Serious Vulnerability: Authorized Users October 01, 2009
New Dark Reading report outlines threats posed to databases by end users -- and how to protect your data

New Trojan Evades Banks' Anti-Fraud Systems September 30, 2009
'URLZone' calculates how much money to steal from a victim's account without raising suspicion

PCI DSS Update Could Include Virtualization Security September 25, 2009
PCI Virtualization Special Interest Group (SIG) is drafting guidelines and a mapping tool for applying PCI to virtualized systems

Couple's Lawsuit Against Bank Over Breach To Move Forward September 23, 2009
Case raises questions about banks' liability in breach of customers' online accounts

Smart Card Alliance: End-To-End Encryption Won't Stop Credit-Card Fraud September 15, 2009
Industry association proposes contactless chip cards, says end-to-end encryption isn't enough

Accused Superhacker Pleads Guilty September 13, 2009
Gonzalez admits helping to lead gang that stole some 40 million credit and debit card numbers

Hacker Hits RBS WorldPay Systems Database September 11, 2009
Romanian hacker says he discovered a SQL injection flaw on a WorldPay application, but RBS says no merchant or cardholder data was compromised

DuPont Alleges Second Insider Breach In Two Years September 09, 2009
Chemical giant claims former employee was headed to China with company secrets

Flaw In Sears Website Left Database Open To Attack September 01, 2009
Business-logic flaw in Sears.com Web application could have let hackers brute-force attack the retailer's gift card database

Hacker Ring Tied To Major Breaches Just Tip Of The Iceberg August 24, 2009
TJX-Heartland attacker and cohorts also reportedly hacked ATM machines in 7-Elevens, but their wide net is likely just one of many

Tech Insight: SQL Injection Demystified August 21, 2009
Attackers are using the old standby SQL injection en masse -- a look at the attack and how to protect your applications from it

Eight Indicted For $22M Identity Theft Scam Against AT&T, T-Mobile August 20, 2009
Defendants allegedly hijacked customers' identities to steal millions of dollars in wireless gear

Alleged TJX Hacker Indicted For Heartland, Hannaford Hacks August 17, 2009
Albert "Segvec" Gonzalez may have played role in many other data thefts as well, prosecutors say

National Retail Federation Poll: Small Retailers Struggling To Understand PCI August 11, 2009
Nearly 86 percent are familiar with PCI, but nearly half can't demonstrate their compliance with the payment card standard

Database Administrators Playing Increasingly Crucial Role In Security August 06, 2009
Long left out of the security picture, DBAs now find themselves performing key tasks in the enterprise

Nine U.K. Workers Fired For Tapping Into National Identity Database August 05, 2009
Thirty-four U.K. government employees accessed Customer Information System for personal reasons, report says

Researcher Uncovers Massive, Sophisticated Trojan Targeting Top Businesses July 29, 2009
Trojan may already have infected hundreds of thousands of PCs, botnet expert says

Nearly Half Of Companies Lack A Formal Patch Management Process July 27, 2009
Microsoft-sponsored Project Quant survey finds patch management expensive, immature

Network Solutions Breached For 574,000 E-Commerce Account Records July 27, 2009
Popular domain services provider says it doesn't know how rogue malware was planted on its servers

Healthcare Industry Weak In Security And Worried About Insider Threats July 23, 2009
New Deloitte survey says healthcare and life sciences companies need to 'catch up' in security

Making A Federal Case About Sharing Security Data July 22, 2009
Department of Energy initiative offers 'Federated Model' for exchanging, diagnosing security information among trusted partners

More Money, More Web Scams July 21, 2009
At Black Hat USA, WhiteHat Security researchers to highlight more and bigger-dollar hacks that don't use malware or security bugs

Database Of Stolen Identities Contains More Than 40 Million Names July 20, 2009
Lucid Intelligence lets users search against more than 120 million stolen records to see if their identities are at risk

Brothers In U.K. Convicted In Massive Credit Card Data Scam July 17, 2009
Identity theft operation highlights need to protect card data at the source, experts say

PCI Group Spells Out Guidelines For Deploying PCI-Compliant WiFi July 17, 2009
'Operator's guide' provides security recommendations for merchants, auditors

Report: CEOs, CIOs Still On Different Security Pages July 15, 2009
Many top executives don't recognize key security issues, study says

Report: Cybercriminals Take Lessons From Business School July 14, 2009
Online bad guys building specialized businesses along with sophisticated marketing and distribution strategies, Cisco study says

Report: Encryption Adoption Steadily Growing July 14, 2009
While more organizations consider encryption as an overall strategic security solution, breaches keep rising, according to Ponemon Institute

Tech Insight: It's About DAM Time July 13, 2009
Given today's threats to data from targeted attacks and unsavory insiders, it's no longer a question of whether or not to adopt database activity monitoring

IBM Researchers Unveil New Data-Masking Technology July 09, 2009
'MAGEN' technology automatically shields sensitive customer, patient data

Oracle Report: Consumers Fickle About Ecommerce Security Controls July 07, 2009
Nearly one-third of U.K.'s online shoppers don't trust online security measures, but most don't want additional controls if it affects ease and speed of transactions

Tech Insight: Database Security -- The First Three Steps June 26, 2009
Protecting sensitive data means locating and enumerating the information in your databases -- and finding the right method to secure it

Massachusetts Worker Accused Of Using Database In ID Theft Scheme June 25, 2009
Employee at medical cost management firm allegedly used doctors' personal information to obtain credit cards

Oracle Users Struggle With Patch Management June 18, 2009
Despite new tools that speed deployment, many administrators are still far behind

New Injection Attack Compromises More Than 40,000 Websites June 17, 2009
'Nineball' exploit is distinct from Gumblar, Beladen, researchers say

Despite High Value Of Information, Many Companies Lag On Database Security June 16, 2009
Administrators often fail to patch promptly, configure securely

Report: No Magic Bullet For Database, Server Security June 11, 2009
New Forrester report says encryption, data monitoring technologies key tools for now

More Than 530,000 Patients Notified In Data Ransom Scare June 03, 2009
"Kidnapper" who held data for ransom still at large, Virginia authorities say

NSA-Funded 'Cauldron' Tool Goes Commercial May 26, 2009
Vulnerability analysis tool aggregates, correlates, and visually maps attack patterns and possibilities

Report: Growth Of Digital Data Could Overwhelm Security May 18, 2009
IDC "Digital Universe" study says volume of data is vastly outgrowing the resources available to protect it

Database Security Reports

Protecting Databases from Web Applications
Most external hacks of databases occur because of flaws in Web applications that link to those databases. Yet, enterprises are increasingly exposing their most valuable data to these outward-facing interfaces. In this Dark Reading Tech Center report, we'll discuss how security teams, database administrators and application developers can work together to improve the defenses of both front-end Web applications and back-end databases to prevent these attacks from succeeding, and offer a look at the most frequent Web-borne database attacks.

Database Activity Monitoring: Emerging Technology Keeps Tabs on Assets
You can read about the consequences of not protecting critical data in the daily headlines. In response, security-conscious organizations are tackling the complexities involved in effectively monitoring their databases for potential leaks and compromises. Fortunately, an emerging class of software is stepping up to help. Here’s what enterprises need to know about selecting, deploying, and managing DAM technology.

SQL Injection: A Major Threat to Data Security
Of all the attacks taking place on Web sites across the Internet today, SQL injection is the most popular for cybercriminals trying to hack their way into corporate data stores. But for such a pervasive threat, there is still little understanding within the development and database communities about what constitutes a SQL injection vulnerability, how attacks against a SQL injection bug work, and how to mitigate the risk. We examine how these exploits work and what you can do to stop them.

Protecting Your Databases From Careless End Users
While much attention is paid to outside attackers' efforts to crack enterprise databases, IT organizations often overlook an even greater threat: end users. Ignorance and disregard of company security policies may lead employees to expose their organizations' databases to compromise, often without even knowing that they’re doing so. In this report, we offer advice on how to educate users on database security, and some common-sense recommendations on how to limit the damage.

A Database Administrator's Guide to Security
While most security pros have become painfully aware of the threats posed to their organizations' databases, many of those who create and maintain the databases still don't fully understand the danger. This "security primer" is designed to open the eyes of the DBA to the risks posed by poor database security – and to current "best practices" that can help prevent those risks from becoming reality.

Why Your Databases Are Vulnerable To Attack - And What You Can Do About It
Most of an enterprise’s most sensitive and valuable information resides in databases. Yet, in many organizations, database security is often neglected, misunderstood, or even ignored. In this report, we discover why databases have become one of the most popular targets for hackers - and how everyday mistakes in database administration contribute to these attacks. We also offer some advice on what your organization can do to protect your most critical data - and to stop hackers in their tracks.