Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Database Security
Page 1 / 2   >   >>
Job-Seeker Data Exposed in Monster File Leak
Quick Hits  |  9/6/2019  | 
The job website says it cannot notify users since the exposure occurred on a third-party organization's servers.
419M Facebook User Phone Numbers Publicly Exposed
Quick Hits  |  9/5/2019  | 
It's still unclear who owned the server storing hundreds of millions of records online without a password.
Imperva Customer Database Exposed
Quick Hits  |  8/27/2019  | 
A subset of customers for the company's Incapsula web application firewall had their email addresses, hashed/salted passwords, and more open to unauthorized access, Imperva announced.
6 Ways Airlines and Hotels Can Keep Their Networks Secure
Slideshows  |  8/27/2019  | 
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
IBM Announces Quantum Safe Encryption
Quick Hits  |  8/23/2019  | 
Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption.
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
News  |  8/21/2019  | 
Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.
Capital One: What We Should Learn This Time
News  |  8/2/2019  | 
Where Capital One went wrong, what the bank did right, and more key takeaways from the latest mega-breach.
Researcher Find Open 'Road Map' to Honda Computers
Quick Hits  |  8/1/2019  | 
An unprotected database, now secured, contained information on every computer owned by the automobile giant.
Equifax to Pay Up to $700M for Data Breach Damages
News  |  7/22/2019  | 
In a settlement with the FTC, consumers affected by the breach are eligible for up to $20,000 in a cash settlement, depending on damages they can prove.
The Security of Cloud Applications
Commentary  |  7/11/2019  | 
Despite the great success of the cloud over the last decade, misconceptions continue to persist. Here's why the naysayers are wrong.
Britain Looks to Levy Record GDPR Fine Against British Airways
News  |  7/8/2019  | 
The penalty is a sign of things to come, say experts.
Federal Photos Filched in Contractor Breach
Quick Hits  |  6/10/2019  | 
Data should never have been on subcontractor's servers, says Customs and Border Protection.
Flipboard Confirms Two Hacks, Prompts Password Resets
Quick Hits  |  5/29/2019  | 
The company reports two incidents affected a subset of its users and is resetting passwords for involved accounts.
GandCrab Gets a SQL Update
News  |  5/28/2019  | 
A new attack is found that uses MySQL as part of the attack chain in a GandCrab ransomware infection.
Data Asset Management: What Do You Really Need?
News  |  5/22/2019  | 
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.
49 Million Instagram Influencer Records Exposed in Open Database
Quick Hits  |  5/21/2019  | 
An AWS-hosted database was configured with no username or password required for access to personal data.
Misconfigured Ladders Database Exposed 13M User Records
Quick Hits  |  5/2/2019  | 
Job-hunting site Ladders leaves job seeker data exposed on the Internet.
Unknown, Unprotected Database Exposes Info on 80 Million US Households
Quick Hits  |  4/29/2019  | 
A database with no login required has been found to contain names, addresses, age, and more for over 80 million U.S. households.
App Exposes Wi-Fi Credentials for Thousands of Private Networks
Quick Hits  |  4/23/2019  | 
A database used by WiFi Finder was left open and unprotected on the Internet.
Data on Thousands of Law Enforcement Personnel Exposed in Breach
Quick Hits  |  4/15/2019  | 
Unknown hackers broke into databases of nonprofit and have posted online personal info on FBI, Secret Service, Capitol Police, US Park Police, others.
In Security, All Logs Are Not Created Equal
Commentary  |  4/11/2019  | 
Prioritizing key log sources goes a long way toward effective incident response.
40% of Organizations Not Doing Enough to Protect Office 365 Data
News  |  3/28/2019  | 
Companies could be leaving themselves vulnerable by not using third-party data backup tools, a new report finds.
Enterprise Data Encryption Hits All-time High
Quick Hits  |  3/28/2019  | 
A new report by the Ponemon Institute shows 45% of organizations have a comprehensive encryption policy in place.
Tidying Expert Marie Kondo: Cybersecurity Guru?
News  |  3/28/2019  | 
The "KonMari" method of decluttering can be a huge step toward greater security, according to a growing number of executives.
763M Email Addresses Exposed in Latest Database Misconfiguration Episode
News  |  3/11/2019  | 
MongoDB once again used by database admin who opens unencrypted database to the whole world.
Hackers Break into System That Houses College Application Data
Quick Hits  |  3/11/2019  | 
More than 900 colleges and universities use Slate, owned by Technolutions, to collect and manage information on applicants.
Debunking 5 Myths About Zero Trust Security
Commentary  |  3/7/2019  | 
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
Lockpath Advocates Benefits of Continuous Security Management
Lockpath Advocates Benefits of Continuous Security Management
Dark Reading Videos  |  3/6/2019  | 
Risk management and compliance technologies emerge from the intersection of technology, security, and regulation; continuous security management helps professionals from multiple departments and disciplines access the info they need, when they need it, according to Sam Abadir of Lockpath.
Airbus Employee Info Exposed in Data Breach
Quick Hits  |  1/31/2019  | 
Few details as yet on a cyberattack that hit Airbus' commercial aircraft business.
Rubrik Data Leak is Another Cloud Misconfiguration Horror Story
News  |  1/30/2019  | 
A server security mishap exposed vast stores of data belonging to clients of Rubrik, a security and cloud management firm.
Evidence in Starwood/Marriott Breach May Point to China
Quick Hits  |  12/6/2018  | 
Attackers used methods, tools previously used by known Chinese hackers.
Starwood Breach Reaction Focuses on 4-Year Dwell
News  |  12/5/2018  | 
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
Quora Breach Exposes Information of 100 Million Users
Quick Hits  |  12/4/2018  | 
The massive breach has exposed passwords for millions who didn't remember having a Quora account.
First Lawsuits Filed in Starwood Hotels' Breach
Quick Hits  |  12/3/2018  | 
Class-action suits have been filed on behalf of guests and shareholders, with more expected.
Massive Starwood Hotels Breach Hits 500 Million Guests
News  |  11/30/2018  | 
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
Incorrect Assessments of Data Value Putting Organizations at Risk
News  |  11/28/2018  | 
Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
Barclays, Walmart Join New $85M Innovation Coalition
Quick Hits  |  10/23/2018  | 
Innovation incubator Team8 recruits major partners, investors to create new products that help businesses 'thrive by security.'
Oracle Issues Massive Collection of Critical Security Updates
Quick Hits  |  10/17/2018  | 
The software updates from Oracle address a record number of vulnerabilities.
GAO Says Equifax Missed Flaws, Intrusion in Massive Breach
Quick Hits  |  9/10/2018  | 
A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.
T-Mobile Hit With Customer Information Hack
Quick Hits  |  8/24/2018  | 
Approximately 2 million users said to be affected.
Data Privacy Careers Are Helping to Close the IT Gender Gap
Commentary  |  8/20/2018  | 
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
Australian Teen Hacked Apple Network
Quick Hits  |  8/17/2018  | 
The 16-year-old made off with 90 gigs of sensitive data.
Yale Discloses Data Breach
Quick Hits  |  7/31/2018  | 
The university discloses that someone stole personal information a long time ago.
US-CERT Warns of ERP Application Hacking
News  |  7/25/2018  | 
ERP applications such as Oracle and SAP's are open to exploit and under attack, according to a new report referenced in a US-CERT warning.
HR Services Firm ComplyRight Suffers Major Data Breach
News  |  7/20/2018  | 
More than 7,500 customer companies were affected, and the number of individuals whose information was leaked is unknown.
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
News  |  5/25/2018  | 
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
Encryption is Necessary, Tools and Tips Make It Easier
News  |  5/3/2018  | 
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
12 Trends Shaping Identity Management
Slideshows  |  4/26/2018  | 
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
Serverless Architectures: A Paradigm Shift in Application Security
Commentary  |  4/9/2018  | 
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
Electric Utility Hit with Record Fine for Vulnerabilities
Quick Hits  |  3/14/2018  | 
An unnamed power company has consented to a record fine for leaving critical records exposed.
Page 1 / 2   >   >>


AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-14540
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.
CVE-2019-16332
PUBLISHED: 2019-09-15
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
CVE-2019-16333
PUBLISHED: 2019-09-15
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
CVE-2019-16334
PUBLISHED: 2019-09-15
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636.
CVE-2019-16335
PUBLISHED: 2019-09-15
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.