News & Commentary

Latest Content tagged with Database Security
Page 1 / 2   >   >>
Electric Utility Hit with Record Fine for Vulnerabilities
Quick Hits  |  3/14/2018
An unnamed power company has consented to a record fine for leaving critical records exposed.
Medical Apps Come Packaged with Hardcoded Credentials
News  |  3/14/2018
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
Ticking Time Bombs in Your Data Center
Commentary  |  2/7/2018
The biggest security problems inside your company may result from problems it inherited.
Poor Visibility, Weak Passwords Compromise Active Directory
News  |  2/1/2018
Security experts highlight the biggest problems they see putting Microsoft Active Directory at risk.
New Database Botnet Leveraged for Bitcoin Mining
News  |  12/19/2017
Attackers are quietly building an attack infrastructure using very sensitive machines.
Post-Breach Carnage: Worst Ways The Axe Fell in 2017
Slideshows  |  12/11/2017
Executive firings, stock drops, and class action settlements galore, this year was a study in real-world repercussions for cybersecurity lapses.
We're Still Not Ready for GDPR? What is Wrong With Us?
Commentary  |  11/17/2017
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
Oracle Fixes 20 Remotely Exploitable Java SE Vulns
News  |  10/18/2017
Quarterly update for October is the smallest of the year: only 252 flaws to fix! Oracle advises to apply patches 'without delay.'
Reuters: Microsoft's 2013 Breach Hit Bug Repository, Insiders Say
Quick Hits  |  10/17/2017
Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.
Unstructured Data: The Threat You Cannot See
Commentary  |  10/10/2017
Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Commentary  |  10/6/2017
As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.
Ransomware Will Target Backups: 4 Ways to Protect Your Data
Commentary  |  10/4/2017
Backups are the best way to take control of your defense against ransomware, but they need protecting as well.
Equifax CEO Retires in Wake of Breach
Quick Hits  |  9/26/2017
After the company's CIO and CSO resigned Sep. 14, Chairman and CEO Richard F. Smith follows them out the door.
FBI's Freese Shares Risk Management Tips
News  |  9/26/2017
Deputy Assistant Director Donald Freese advises enterprises to lead with a business case and not fear addressing the C-suite on risk management.
If Blockchain Is the Answer, What Is the Security Question?
Commentary  |  9/8/2017
Like any technology, blockchain has its strengths and weaknesses. But debunking three common myths can help you cut through the hype.
GDPR Compliance Preparation: A High-Stakes Guessing Game
Commentary  |  8/24/2017
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dark Reading Videos  |  8/23/2017
Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
Are Third-Party Services Ready for the GDPR?
Commentary  |  8/4/2017
Third-party scripts are likely to be a major stumbling block for companies seeking to be in compliance with the EU's new privacy rules. Here's a possible work-around.
8 Things Every Security Pro Should Know About GDPR
Slideshows  |  6/30/2017
Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
Mobile App Back-End Servers, Databases at Risk
News  |  5/31/2017
Mobile app developers'casual use of back-end technology like Elasticsearch without security-hardening puts unsuspecting enterprises at grave risk of exposure.
UK Loan Firm Wonga Suffers Financial Data Breach
Quick Hits  |  4/11/2017
Customers in the UK and Poland may have had their bank account details compromised.
11 UK Charities Punished for Violating Data Privacy Law
Quick Hits  |  4/6/2017
Organizations fined between 6,000 and 18,000 by UKs Information Commissioners Office.
To Attract and Retain Better Employees, Respect Their Data
Commentary  |  4/3/2017
A lack of privacy erodes trust that employees should have in management.
ERP Attack Risks Come into Focus
News  |  3/16/2017
New highly critical SAP vulnerability highlights dangers against critical business software.
How to Secure Hyperconverged Infrastructures & Why It Is Different
Partner Perspectives  |  2/23/2017
The next-generation datacenter requires new security practices, but that doesnt mean everything we learned about datacenter security becomes obsolete.
Harvest Season: Why Cyberthieves Want Your Compute Power
Commentary  |  2/9/2017
Attackers are hijacking compute power in order to pull off their other crimes.
MongoDB Attack Shows Off Cyber Extortionists' New Tricks
News  |  1/10/2017
Ransomware operators are diversifying their cyber-extortion toolkit and expanding their range of targets.
The Internet Of Things: When Bigger Is Not Better
Commentary  |  12/13/2016
What happens when 10,000 companies add programmability and connectivity to their products, and we increase the Internets attack surface by a million times or more?
Symantec To Buy LifeLock At $2.3 Billion
Quick Hits  |  11/22/2016
Deal set to be finalized by Q1 2017 and financed by cash and $750 million of new debt.
Oracle Announces Acquisition Of Dyn
Quick Hits  |  11/22/2016
Oracle says purchase of the recently DDoSed DNS service is aimed expanding the companys cloud computing platform.
Preparing For Government Data Requests After Apple Vs. FBI
Preparing For Government Data Requests After Apple Vs. FBI
Dark Reading Videos  |  10/31/2016
Jennifer Granick and Riana Pfefferkorn discuss lessons learned from the Apple-FBI case, and how security pros should be prepared if government data requests hit closer to home.
New Free Tool Stops Petya Ransomware & Rootkits
News  |  10/20/2016
Meanwhile, Locky puts ransomware on the Check Point Top Three Global Malware List for the first time ever.
Database Breaches: An Alarming Lack Of Preparedness
Commentary  |  10/10/2016
It's no secret that databases are fertile ground for malicious activities. Here's how a seven-step process for monitoring known harbingers of an imminent attack can help reduce the risk.
Ex-Cardinal Exec Jailed For Hacking Astros
Quick Hits  |  7/20/2016
Christopher Correa gets 46 months for unlawful access of rivals database and downloading confidential details.
Ubuntu Forums Database Hacked
Quick Hits  |  7/19/2016
Canonical probe reveals user account details of 2 million stolen, passwords safe.
5 Tips For Making Data Privacy Part Of The Companys Culture
News  |  6/22/2016
Common sense steps organizations can take to protect corporate data.
Cloud Apps Just As Secure As On-Premise Apps, Say InfoSec Pros
News  |  6/9/2016
Unfortunately, 75% of cloud apps will still fall afoul of the new EU General Data Protection Regulation, according to new studies.
Stop Building Silos. Security Is Everyones Problem
Commentary  |  4/29/2016
Yes, its true that the speed of DevOps has made security more difficult. But that doesnt mean accelerated release cycles and secure applications have to be mutually exclusive.
Malware At Root Of Bangladesh Bank Heist Lies To SWIFT Financial Platform
News  |  4/25/2016
Customized malware hid $81 million of wire transfers until the money had been safely laundered.
10 Tips for Securing Your SAP Implementation
Slideshows  |  4/23/2016
Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.
Databases Remain Soft Underbelly Of Cybersecurity
News  |  4/21/2016
Most enterprises still don't continuously monitor database activity.
EU Privacy Officials Push Back On Privacy Shield
News  |  4/13/2016
Better than Safe Harbor, but not good enough. Should we care what they think?
7 Lessons From The Panama Papers Leak
News  |  4/5/2016
Hopefully your organization isn't hiding as many dark secrets as Mossack Fonseca, but the incident still brings helpful hints about data security, breach response, and breach impact.
Modern Web Apps: Not The Risk They Used To Be (Theyre Worse!)
Commentary  |  2/26/2016
Even a tiny Web application without a single byte of confidential data can expose your corporate crown jewels to cybercriminals.
Survey: When Leaving Company, Most Insiders Take Data They Created
News  |  12/23/2015
Most employees believe they own their work, and take strategy documents or intellectual property with them as they head out the door.
6 Critical SAP HANA Vulns Can't Be Fixed With Patches
News  |  11/9/2015
Onapsis releases 21 SAP HANA security advisories, including some Trexnet vulnerabilities that require upgrades and reconfigurations.
15-Year-Old Arrested For TalkTalk Attack
News  |  10/26/2015
U.K. police collar Northern Ireland youth for questioning, while security industry tries to make sense of confusing information out of TalkTalk CEO.
Defending & Exploiting SAP Systems
Defending & Exploiting SAP Systems
Dark Reading Videos  |  10/7/2015
Juan Pablo Perez-Etchegoyen, CTO of Onapsis, joins the Dark Reading News Desk at Black Hat to discuss the technological and organizational challenges of SAP security.
Another Healthcare Insurer, Excellus BCBS, Hit With Mega-Breach
News  |  9/10/2015
Excellus Blue Cross Blue Shield and parent company Lifetime Healthcare Companies join ranks of Anthem and Premera after breach that may have exposed more than 10 million patient records.
RiskIQ's Arian Evans Talks Up Hunting Down Digital Assets
RiskIQ's Arian Evans Talks Up Hunting Down Digital Assets
Dark Reading Videos  |  8/27/2015
You can't protect what you can't find. Arian Evans, vice president of product marketing for RiskIQ, joins the Dark Reading News Desk at Black Hat to explain how to discover all your assets.
Page 1 / 2   >   >>

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.