News & Commentary

Latest Content tagged with Database Security
<<   <   Page 2 / 2
Oracle Announces Acquisition Of Dyn
Quick Hits  |  11/22/2016  | 
Oracle says purchase of the recently DDoSed DNS service is aimed expanding the companys cloud computing platform.
Preparing For Government Data Requests After Apple Vs. FBI
Preparing For Government Data Requests After Apple Vs. FBI
Dark Reading Videos  |  10/31/2016  | 
Jennifer Granick and Riana Pfefferkorn discuss lessons learned from the Apple-FBI case, and how security pros should be prepared if government data requests hit closer to home.
New Free Tool Stops Petya Ransomware & Rootkits
News  |  10/20/2016  | 
Meanwhile, Locky puts ransomware on the Check Point Top Three Global Malware List for the first time ever.
Database Breaches: An Alarming Lack Of Preparedness
Commentary  |  10/10/2016  | 
It's no secret that databases are fertile ground for malicious activities. Here's how a seven-step process for monitoring known harbingers of an imminent attack can help reduce the risk.
Ex-Cardinal Exec Jailed For Hacking Astros
Quick Hits  |  7/20/2016  | 
Christopher Correa gets 46 months for unlawful access of rivals database and downloading confidential details.
Ubuntu Forums Database Hacked
Quick Hits  |  7/19/2016  | 
Canonical probe reveals user account details of 2 million stolen, passwords safe.
5 Tips For Making Data Privacy Part Of The Companys Culture
News  |  6/22/2016  | 
Common sense steps organizations can take to protect corporate data.
Cloud Apps Just As Secure As On-Premise Apps, Say InfoSec Pros
News  |  6/9/2016  | 
Unfortunately, 75% of cloud apps will still fall afoul of the new EU General Data Protection Regulation, according to new studies.
Stop Building Silos. Security Is Everyones Problem
Commentary  |  4/29/2016  | 
Yes, its true that the speed of DevOps has made security more difficult. But that doesnt mean accelerated release cycles and secure applications have to be mutually exclusive.
Malware At Root Of Bangladesh Bank Heist Lies To SWIFT Financial Platform
News  |  4/25/2016  | 
Customized malware hid $81 million of wire transfers until the money had been safely laundered.
10 Tips for Securing Your SAP Implementation
Slideshows  |  4/23/2016  | 
Without clear ownership of security for a critical business platform like SAP, it should come as no surprise that SAP cybersecurity continues to fall through the cracks among IT, admin, security and InfoSec teams.
Databases Remain Soft Underbelly Of Cybersecurity
News  |  4/21/2016  | 
Most enterprises still don't continuously monitor database activity.
EU Privacy Officials Push Back On Privacy Shield
News  |  4/13/2016  | 
Better than Safe Harbor, but not good enough. Should we care what they think?
7 Lessons From The Panama Papers Leak
News  |  4/5/2016  | 
Hopefully your organization isn't hiding as many dark secrets as Mossack Fonseca, but the incident still brings helpful hints about data security, breach response, and breach impact.
Modern Web Apps: Not The Risk They Used To Be (Theyre Worse!)
Commentary  |  2/26/2016  | 
Even a tiny Web application without a single byte of confidential data can expose your corporate crown jewels to cybercriminals.
Survey: When Leaving Company, Most Insiders Take Data They Created
News  |  12/23/2015  | 
Most employees believe they own their work, and take strategy documents or intellectual property with them as they head out the door.
6 Critical SAP HANA Vulns Can't Be Fixed With Patches
News  |  11/9/2015  | 
Onapsis releases 21 SAP HANA security advisories, including some Trexnet vulnerabilities that require upgrades and reconfigurations.
15-Year-Old Arrested For TalkTalk Attack
News  |  10/26/2015  | 
U.K. police collar Northern Ireland youth for questioning, while security industry tries to make sense of confusing information out of TalkTalk CEO.
Defending & Exploiting SAP Systems
Defending & Exploiting SAP Systems
Dark Reading Videos  |  10/7/2015  | 
Juan Pablo Perez-Etchegoyen, CTO of Onapsis, joins the Dark Reading News Desk at Black Hat to discuss the technological and organizational challenges of SAP security.
Another Healthcare Insurer, Excellus BCBS, Hit With Mega-Breach
News  |  9/10/2015  | 
Excellus Blue Cross Blue Shield and parent company Lifetime Healthcare Companies join ranks of Anthem and Premera after breach that may have exposed more than 10 million patient records.
RiskIQ's Arian Evans Talks Up Hunting Down Digital Assets
RiskIQ's Arian Evans Talks Up Hunting Down Digital Assets
Dark Reading Videos  |  8/27/2015  | 
You can't protect what you can't find. Arian Evans, vice president of product marketing for RiskIQ, joins the Dark Reading News Desk at Black Hat to explain how to discover all your assets.
Data Protection: The 98 Percent Versus The 2 Percent
Commentary  |  8/11/2015  | 
Four steps for defending your most sensitive corporate information from the inside out.
How Ionic Says It Makes Data Breaches Irrelevant
News  |  4/15/2015  | 
Ionic Security goes public with a data security platform that manages trillions of encryption keys and enables a user to sign each pixel with its own unique key.
7 Bugs, Breaches, & Compromises To Rock 2015 (So Far)
Slideshows  |  3/30/2015  | 
The year's started off with a bang; will we hear risk management pros whimper?
Two More Health Insurers Report Data Breach
Quick Hits  |  3/17/2015  | 
Premera Blue Cross and LifeWise say 11.25 million customers' records might have been exposed.
Cybercrime Dipped During Holiday Shopping Season
News  |  1/5/2015  | 
The number of businesses breached dropped by half from years past, but attackers got more bang for their buck in terms of stolen records, a new IBM report reveals.
JPMorgan Hack: 2FA MIA In Breached Server
Quick Hits  |  12/24/2014  | 
Sources close to the breach investigation say a network server missing two-factor authentication let attackers make their way into JPMorgan's servers.
Data Management Vs. Data Loss Prevention: Vive La Diffrence!
Commentary  |  11/25/2014  | 
A sensitive data management strategy can include the use of DLP technology, but it also involves a comprehensive understanding of where your data is and what specifically is at risk.
Don't Discount XSS Vulnerabilities
News  |  11/24/2014  | 
XSS flaws are more serious than you'd think.
Retailers Now Actively Sharing Cyberthreat Intelligence
News  |  10/30/2014  | 
The retail industry's R-CISC has been up and running for four months now and is looking for more retailers to sign up.
MBIA Breach Highlights Need For Tightened Security Ops
News  |  10/9/2014  | 
Configuration change management and better monitoring could have prevented search engine indexing of sensitive financial information.
Heartland CEO On Why Retailers Keep Getting Breached
News  |  10/6/2014  | 
Robert Carr, chairman and CEO of Heartland Payment Systems, says lack of end-to-end encryption and tokenization were factors in recent data breaches.
Backoff, Dairy Queen, UPS & Retail's Growing PoS Security Problem
News  |  8/27/2014  | 
Retail brands are trying to pass the buck for data security to banks and franchisees, say some experts.
Breach of Homeland Security Background Checks Raises Red Flags
News  |  8/25/2014  | 
"We should be burning down the house over this," says a GRC expert.
Heartbleed Not Only Reason For Health Systems Breach
News  |  8/20/2014  | 
Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say.
Community Health Systems Breach Atypical For Chinese Hackers
News  |  8/18/2014  | 
Publicly traded healthcare organization's stock goes up as breach notifications go out.
Biggest Cache of Stolen Creds Ever Includes 1.2 Billion Unique Logins
Quick Hits  |  8/5/2014  | 
A Russian crime ring has swiped more than a billion unique username-password combinations, plus a half-million email addresses.
Researcher Finds Flaws In Key Oracle Security Feature
News  |  7/2/2014  | 
Famed security researcher and Oracle database expert David Litchfield next month at Black Hat USA will present details of weaknesses he discovered in a widely touted new security feature in Oracle databases.
Dark Reading Radio: Oracle Database Security Hacked
Commentary  |  7/1/2014  | 
Learn about newly found vulnerabilities in a key database security feature tomorrow in the next episode of Dark Reading Radio.
The Only 2 Things Every Developer Needs To Know About Injection
Commentary  |  5/22/2014  | 
Theres no simple solution for preventing injection attacks. There are effective strategies that can stop them in their tracks.
Into The Breach: The Limits Of Data Security Technology
Commentary  |  5/12/2014  | 
When it comes to cyberdefense spending, the smart money should bet on people and compliance as much as on machines.
Privacy, Cybercrime Headline the Infosecurity Europe Conference
Slideshows  |  5/2/2014  | 
Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.
Michaels Retail Chain Reveals Details Of Breach: Nearly 3M Affected
Quick Hits  |  4/18/2014  | 
Attack on point-of-sale systems went on for more than six months, officials say.
SQL Injection Cleanup Takes Two Months or More
Quick Hits  |  4/17/2014  | 
A new report highlights the prevalence and persistence of SQL injection attacks.
What Is The FIDO Alliance?
What Is The FIDO Alliance?
Dark Reading Videos  |  4/2/2014  | 
Phillip Dunkelberger of Nok Nok Labs explains why its proposed specifications will transform computing.
Finally, Plug & Play Authentication!
Finally, Plug & Play Authentication!
Dark Reading Videos  |  3/26/2014  | 
FIDO Alliance technology will allow enterprises to replace passwords with plug-and-play multifactor authentication.
Attackers Hit Clearinghouse Selling Stolen Target Data
News  |  3/18/2014  | 
Hackers interrupt and deface sites of black-market forums selling credit card data stolen from Target and other retailers.
7 Behaviors That Could Indicate A Security Breach
News  |  3/14/2014  | 
Breaches create outliers. Identifying anomalous activity can help keep firms in compliance and out of the headlines.
The Case For Browser-Based Access Controls
Commentary  |  3/7/2014  | 
Is "browser-ized" security a better defense against hackers than traditional methods? Check out these two examples.
FIDO Alliance Releases Authentication Standards, Unveils Products
News  |  2/18/2014  | 
Proponents say the new specifications will pave the way for the replacement of passwords, which are frequently lost, stolen, or hacked.
<<   <   Page 2 / 2


Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8423
PUBLISHED: 2019-02-18
ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.
CVE-2019-8424
PUBLISHED: 2019-02-18
ZoneMinder before 1.32.3 has SQL Injection via the ajax/status.php sort parameter.
CVE-2019-8425
PUBLISHED: 2019-02-18
includes/database.php in ZoneMinder before 1.32.3 has XSS in the construction of SQL-ERR messages.
CVE-2019-8426
PUBLISHED: 2019-02-18
skins/classic/views/controlcap.php in ZoneMinder before 1.32.3 has XSS via the newControl array, as demonstrated by the newControl[MinTiltRange] parameter.
CVE-2019-8427
PUBLISHED: 2019-02-18
daemonControl in includes/functions.php in ZoneMinder before 1.32.3 allows command injection via shell metacharacters.