News & Commentary

Content tagged with Database Security posted in January 2013
Big Data Security Discussion
Commentary  |  1/31/2013  | 
Answers to common big-data security questions
Are Your Databases Audit-Ready?
News  |  1/29/2013  | 
Development of policies, configuration management, encryption implementations, access control and monitoring all contribute to databases passing compliance checks
Is Mobile Device Management The Answer?
Commentary  |  1/23/2013  | 
MDM software is being considered by healthcare IT execs concerned about security.
You Still Stink At Patching Databases
News  |  1/23/2013  | 
Only about a fifth of organizations patch their databases within three months, and that number is unlikely to get better anytime soon, experts say
The Death Of Java In The Enterprise?
News  |  1/16/2013  | 
The continued waves of Java zero-days have security experts recommending that enterprises reevaluate how they use Java
Anonymous Hacks MIT In Aaron Swartz Tribute
News  |  1/14/2013  | 
Hacktivist group leaves defaced Web page calling for reform of computer crime and intellectual property laws.
Airing Out Security's Dirty Laundry
News  |  1/9/2013  | 
Former South Carolina security guru's testimony shows how lack of security culture can open an organization to threats
Healthcare Settlement Highlights Risk Analysis, Encryption Importance
News  |  1/7/2013  | 
HIPAA breach settlement proves size doesn’t matter when failing to safeguard sensitive patient information.
Patient Privacy Advocate Calls For Better Cloud Security
News  |  1/4/2013  | 
Letter to Office of Civil Rights calls for stronger data security protections, business associate agreements with cloud computing services.


Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
2018 on Track to Be One of the Worst Ever for Data Breaches
Jai Vijayan, Freelance writer,  11/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-9071
PUBLISHED: 2018-11-16
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration.
CVE-2018-9073
PUBLISHED: 2018-11-16
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.
CVE-2018-9085
PUBLISHED: 2018-11-16
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
CVE-2018-9086
PUBLISHED: 2018-11-16
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
CVE-2018-19296
PUBLISHED: 2018-11-16
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.