Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Database Security
Page 1 / 2   >   >>
Name That Toon: Greetings, Earthlings
Commentary  |  4/22/2021  | 
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
NIST Publishes Guide for Securing Hotel Property Management Systems
Quick Hits  |  4/1/2021  | 
These sensitive systems store guests' personal data and payment-card information.
Ghost Users Haunt Healthcare Firms
Quick Hits  |  3/30/2021  | 
Data security hygiene severely lacking among healthcare firms, new research shows.
In the Rush to Embrace Hybrid Cloud, Don't Forget About Security
Commentary  |  3/30/2021  | 
Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
Intel, Microsoft Aim for Breakthrough in DARPA Encryption Project
News  |  3/8/2021  | 
Together, the vendor giants aim to make "in use" encryption -- also known as "fully homomorphic encryption" -- economical and practical.
How SolarWinds Busted Up Our Assumptions About Code Signing
Commentary  |  3/3/2021  | 
With so much automation in code writing process, results are rarely double-checked, which opens the door to vulnerabilities and downright danger.
7 Things We Know So Far About the SolarWinds Attacks
Slideshows  |  2/11/2021  | 
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
Web Application Attacks Grow Reliant on Automated Tools
News  |  2/4/2021  | 
Attackers often use automation in fuzzing attacks, injection attacks, fake bots, and application DDoS attacks.
Medical Imaging Leaks Highlight Unhealthy Security Practices
News  |  12/15/2020  | 
More than 45 million unique images, such as X-rays and MRI scans, are accessible to anyone on the Internet, security firm says.
Kmart Hit by Egregor Ransomware
Quick Hits  |  12/4/2020  | 
Egregor is also behind recent attacks on UbiSoft and Barnes & Noble.
Intel Doubles Down on Emerging Technologies for Sharing and Using Data Securely
News  |  12/4/2020  | 
Homomorphic encryption and federated learning could allow groups to share data and analysis while protecting the actual information.
5 Steps Every Company Should Take to Avoid Data Theft Risk
Commentary  |  11/12/2020  | 
It's never been easier for employees to download company data and take it with them to their next gig.
3 Tips For Successfully Running Tech Outside the IT Department
Commentary  |  11/11/2020  | 
When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.
WordPress Plug-in Updated in Rare Forced Action
Quick Hits  |  10/22/2020  | 
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
Ubiq Rolls Out Encryption-as-a-Service Platform Aimed at Developers
News  |  10/21/2020  | 
A few lines of code and two API calls is all that it takes for developers to add encryption to their applications, startup says.
Barnes & Noble Warns Customers About Data Breach
Quick Hits  |  10/15/2020  | 
Famed bookseller says non-financial data was exposed in a new attack.
Software AG Continues Efforts Against $20M Ransomware Attack
Quick Hits  |  10/12/2020  | 
The attack, which now includes extortion components, has moved into its second week.
Imperva Agrees to Buy jSonar
Quick Hits  |  10/1/2020  | 
The deal is expected to close in mid-October.
New Google Search Hacks Push Viruses & Porn
Commentary  |  9/22/2020  | 
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
Deadly Ransomware Story Continues to Unfold
Quick Hits  |  9/18/2020  | 
A ransomware attack with fatal consequences is attracting notice and comment from around the world.
Ransomware Gone Awry Has Fatal Consequences
Quick Hits  |  9/17/2020  | 
An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.
Research Finds Nearly 800,000 Access Keys Exposed Online
Quick Hits  |  9/15/2020  | 
The keys were primarily for access to databases and cloud services.
Ransomware Hits US District Court in Louisiana
Quick Hits  |  9/14/2020  | 
The ransomware attack has exposed internal documents from the court and knocked its website offline.
Inova Suffers Third-Party Data Breach
Quick Hits  |  9/9/2020  | 
The breach occurred as part of a ransomware attack against service provider Blackbaud.
Warner Music Group Admits Breach
Quick Hits  |  9/4/2020  | 
The months-long breach hit financial details for customers.
Collection of Metadata -- as Done by the NSA -- Likely Unconstitutional, US Court Suggests
News  |  9/4/2020  | 
A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.
Three Easy Ways to Avoid Meow-like Database Attacks
Commentary  |  8/25/2020  | 
The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.
University of Utah Pays in Cyber-Extortion Scheme
Quick Hits  |  8/21/2020  | 
Though a ransomware attempt was thwarted, the university paid to prevent the release of student PII.
Former Uber CSO Charged in Hack Cover-up
Quick Hits  |  8/20/2020  | 
The charges stem from a 2016 attack in which 57 million records were breached.
Symmetry Systems Emerges from Stealth
Quick Hits  |  8/11/2020  | 
Company behind Data Store and Object Security (DSOS) becomes public knowledge following a $3 million seed round of funding.
2019 Breach Leads to $80 Million Fine for Capital One
Quick Hits  |  8/6/2020  | 
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
Security Flaws Discovered in OKCupid Dating Service
Quick Hits  |  7/29/2020  | 
Researchers identified a variety of vulnerabilities in apps and websites for the popular online dating platform.
Avon Server Leaks User Info and Administrative Data
Quick Hits  |  7/28/2020  | 
An unprotected server has exposed more than 7GB of data from the beauty brand.
ShinyHunters Offers Stolen Data on Dark Web
Quick Hits  |  7/27/2020  | 
The threat actor offers more than 26 million records from a series of data breaches.
DNA Site Leaves Records Open to Law Enforcement
Quick Hits  |  7/23/2020  | 
A pair of breaches reset user accounts to allow access for two days.
Amtrak Breach Rolls Over Frequent Travelers
Quick Hits  |  6/2/2020  | 
The breach exposed usernames and passwords of an undisclosed number of program members.
Hackers Serve Up Stolen Credentials from Home Chef
Quick Hits  |  5/21/2020  | 
Some 8 million of the meal delivery company's customer records have been offered for sale on the Dark Web.
EasyJet Sees 9 Million Customer Email Addresses Stolen
Quick Hits  |  5/19/2020  | 
More than 2,000 customers also had credit card information taken in the attack.
Attackers Target Sophos Firewalls with Zero-Day
News  |  4/27/2020  | 
Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.
Paay Misconfiguration Leaves Transaction Data Exposed
Quick Hits  |  4/23/2020  | 
The New York-based credit-card processor left a server without password protection for approximately three weeks.
SFO Hit by Web Compromise
Quick Hits  |  4/10/2020  | 
Web app credentials were stolen in attacks on two airport websites.
Data from 5.2M Marriott Loyalty Program Members Hit by Breach
Quick Hits  |  3/31/2020  | 
The data was breached through the credentials of two franchisee employees.
Insurance Giant Chubb Might Be Ransomware Victim
Quick Hits  |  3/26/2020  | 
A ransomware operator claims to have successfully attacked Chubb Insurance databases.
538 Million Weibo Users' Info for Sale on Dark Web
Quick Hits  |  3/23/2020  | 
The user data, which does not include passwords, purportedly comes from a mid-2019 breach.
200M Records of US Citizens Leaked in Unprotected Database
News  |  3/20/2020  | 
Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week.
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
Quick Hits  |  3/19/2020  | 
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.
500,000 Documents Exposed in Open S3 Bucket Incident
Quick Hits  |  3/18/2020  | 
The open database exposed highly sensitive financial and business documents related to two financial organizations.
3 Data Breaches Disclosed This Week: J.Crew, T-Mobile, and Carnival
Quick Hits  |  3/5/2020  | 
The separate incidents show how data theft knows no market-based limits.
Cathay Pacific Hit with Fine for Long-Lasting Breach
Quick Hits  |  3/4/2020  | 
The breach, which was active for four years, resulted in the theft of personal information on more than 9 million people.
Walgreens' Mobile App Exposes Customers' Info
Quick Hits  |  3/2/2020  | 
An error in the app allowed some secure chat users to see medical information that wasn't theirs.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-20092
PUBLISHED: 2021-05-13
File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.
CVE-2020-21342
PUBLISHED: 2021-05-13
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php.
CVE-2020-25713
PUBLISHED: 2021-05-13
A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.
CVE-2020-27823
PUBLISHED: 2021-05-13
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2020-27830
PUBLISHED: 2021-05-13
A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.