Welcome Guest. | Log In| Register | Membership Benefits

All News

Poisoning The Data Well February 01, 2012
A Q&A with Forrester's John Kindervag about how encryption makes data worthless to the criminals

Federal Reserve Bank Contractor Arrested For Alleged Code Theft January 20, 2012
Suspect admitted to stealing U.S. Treasury Dept.-owned program from the bank for use in his own private business

Oracle CPU Contains Lowest Number Of Database Fixes Ever January 18, 2012
Database security community concerned about Oracle's patch bottleneck

Does NoSQL Mean No Security? January 11, 2012
NoSQL databases offer an alternative to traditional relational databases but is immature and will introduce more risks

AntiSec Hacks Signal Same Old, Same Old In Database Insecurity January 05, 2012
Hacktivist group takes down two law enforcement associations with ease

Latest SQL Injection Campaign Infects 1 Million Web Pages January 04, 2012
SANS warns of uptick in 'Lilupophilupop' attack, but Cisco says total number of infected URLs may be 'inflated'

Saudi Hackers Steal, Leak Israeli Credit Card Accounts January 03, 2012
Self-professed arm of Anonymous leaks thousands of account numbers and associated information

App And Database Security: Two Halves Of A Whole December 28, 2011
Limit application privileges to the database and sanitize input to improve data security

7 Housekeeping Duties For Better Database Security In 2012 December 21, 2011
Segmenting, hardening, encrypting, insuring, and planning -- a few good New Year's resolutions for database administrators

Internet Explorer To Get 'Silent' Updates December 15, 2011
Microsoft will provide automatic upgrades to IE users – but enterprises can opt out

Five Big Database Breaches Of 2011's Second Half December 14, 2011
Healthcare breaches dominate the year's second half breach lowlights

Can Security Teams And DBAs Play Nicely? December 09, 2011
Many organizations see database security projects arrive DOA because the DBA is not on board

Researchers Say Oracle Leaves Databases Needlessly Vulnerable November 30, 2011
As SQL injection attacks and other advanced threats targeting database assets gain traction, researchers complain that Oracle's other application efforts are distracting the company from shoring up database security

More Than 13 Million Users' Data At Risk Following Hack Of Korean Gaming Firm November 28, 2011
Nexon says hack of popular Korean online game Maple Story included IDs and passwords of users, but no financial data

New 'Anti-Social' Social Network Lets CSOs Share November 21, 2011
Emerging online community for security executives to help one another better defend against attacks -- no vendors or consultants allowed

Stolen Desktop Computer Exposes Data Of Nearly 4 Million Patients November 17, 2011
Healthcare organization was in the midst of an encryption rollout, but unencrypted machine is stolen

Who's In Your Database? A Look At Access Control Strategies November 17, 2011
What's the best way to provision database users and control access to sensitive data? Here's a guide that offers some answers

GAO Audit Of IRS Highlights Common Database And Access Control Woes November 16, 2011
Problems with incomplete initiatives to meet auditors' demands for improved access control and data security rampant at IRS and beyond

Encryption And Other Database Security Lag At Healthcare Organizations November 11, 2011
Tech leaders warn policy makers that even as more electronic medical records flood health IT systems, security controls remain sparse

Hackers Crack Steam Database November 11, 2011
Breach of gaming giant's database could threaten data of more than 35 million users

Hackers 'Timthumb' Their Noses At Vulnerability To Compromise 1.2 Million Sites November 02, 2011
WordPress plug-in vulnerability could be used to steal database content

Don't Let Your Suppliers Limit Too Much Breach Liability October 28, 2011
Organizations often end up paying the consequential costs of data breaches when third-party vendor contracts aren't scrutinized

Contract Worker Steals Personal Data On 9 Million Israelis October 24, 2011
Worker stole data on Israeli citizens and created a searchable database in order to sell it to private buyer, officials say

Mass SQL Injection Attack Hits 1 Million Sites October 19, 2011
Attack similar to LizaMoon hits websites lacking input validation

Strange But True Penetration-Testing Stories October 18, 2011
'Hacker' gets kudos from his financial services victim, and in-house security cameras go rogue and steal users' credentials

Largest Credit-Card Fraud Ring Bust Should Validate DAM, SIEM Work October 14, 2011
Case shows how stolen credit card numbers fuel real crimes

Five Worst Practices In Database Encryption October 05, 2011
Poor encryption deployments risk too much critical information within databases

Database Security Market To Grow 20 Percent Through 2014 September 30, 2011
Mobility, data volume and difficulty patching still lead challenges in protecting databases

MySQL Site Compromised To Serve Up BlackHole Exploits September 26, 2011
Researchers still analyzing goal of attackers

Sound Database Security Starts With Segmentation September 23, 2011
Network segmentation and segregation of data by importance enables effective database security

Smartphone Attacks Under Way September 22, 2011
New data finds more than half of U.S. smartphone users hit with at least one security incident in the last 12 months

Seven Ways You Give Thieves Dibs On Your Database September 14, 2011
Bad database security habits make it easy on hackers and malicious insiders

Big Data Brings Big Risks September 09, 2011
Information stored in data warehouses that service business intelligence applications should be a security priority

Sony Names Ex-DHS Official As Its CSO September 06, 2011
Philip Reitinger joins Sony's newly created post of chief security officer

Cyberattacks Decline Slightly, Symantec Report Finds September 01, 2011
Drop seems counter-intuitive given the high-profile breaches so far in 2011, while downtime, theft of employee identity data and intellectual property topped the biggest losses

Web-Searchable Databases An Increasing Security Risk August 26, 2011
Breaches at Yale and the Southern California Medical-Legal Consultants Inc. (SCMLC) demonstrate the importance of ensuring that databases that touch Web-facing interfaces aren't exposed by Web searches

Insiders Still Thwart Database Controls Without Supervisory Support August 17, 2011
FINRA fines Citigroup for missing suspicious behavior of employee who rooked customers of $750,000 over eight years

AntiSec's Dump Of Law Enforcement Data Includes Personal Data Of Thousands August 10, 2011
Data published by AntiSec contains more than 2,500 SSNs, 15,000 dates of birth, 8,000 passwords, and 45,000 personal addresses, study says

New Free Tool Helps Gather Attackers' 'Footprints' August 10, 2011
Researchers show how to gather 'footprints' left behind by attackers

Database Forensics Still In Dark Ages August 05, 2011
Former DB bug finder demos a new tool to help fill gap in the forensics process

Websites Are Attacked Once Every Two Minutes July 25, 2011
New study show directory traversal, XSS most common attacks, not SQL injection

Sony Insurer Disputes Breach Insurance Claims July 22, 2011
A cautionary tale for enterprises that think they have data breach insurance

Murdoch's Sun Newspaper Hacked In The Name Of LulzSec July 19, 2011
LulzSec comes out of 'retirement,' taking credit for a massive defacement and Twitter feed hack, promises to dump emails of staffers

As SQL Injection Attacks Surge, New Report Offers Insight On How To Prevent Them July 10, 2011
SQL injection has taken its place among the top Web threats and compromised some of the Internet’s best-known companies. Here’s a look at how SQL injection attacks happen, and what you can do about it

Reports: DHS, IRS Databases At Risk July 08, 2011
Protected critical infrastructure information at risk in DHS data stores, IG report says

Washington Post Data Breach Affects More Than 1 Million Job Seekers July 07, 2011
Washington Post reports compromise of some 1.27 million job seekers' email addresses, user IDs in database hack

'Weev' Indicted In iPad User-Data Theft Case July 07, 2011
Second Goatse Security member facing official charges for allegedly hacking into AT&T servers and grabbing iPad user information

Researchers Dissect The Underground Economy Of Fake Antivirus Software July 06, 2011
Scareware pushers see more than 2 percent sales conversion and make millions in profit

DHS, Mitre Name SQL Injection Flaws As Most Dangerous Software Error June 29, 2011
Top 25 list cites SQL injection, OS command errors, buffer overflow vulns at top of list of 25 most dangerouse software errors

LulzSec Signs Off, But Attacks Don't -- And Won't -- Stop June 27, 2011
Anonymous dumps new round of passwords, corporate network IP addresses today

Database Security Reports

Ensuring Secure Database Access
Role-based access control based on least user privilege is one of the most effective ways to prevent the compromise of corporate data. But proper provisioning is a growing challenging, due to the proliferation of "big data," NoSQLdatabases, and cloud-based data storage.

Stop SQL Injection: Don't Let Thieves in Through Your Web Apps
Think your corporate website isn't vulnerable to a SQL injection attack? Start rethinking. SQL injection is among the most prevalent -- and most dangerous -- techniques for exploiting Web applications and attacking back-end databases that house critical business information at companies of every size. And it persists despite relatively simple and effective countermeasures. Here, we explain how SQL injection works, and how to secure your Web apps and databases against it.

Database Breaches: Lessons Learned From Real-World Attacks
Recently, there's been a rash of major database breaches, including those at Gawker.com, McDonald's and Walgreens. All the companies had solid resources at their disposal, so what went wrong? In this Tech Center report, we profile five database breaches?and extract the lessons to be learned from each. Plus: A rundown of six technologies to reduce your risk.