News & Commentary

Content tagged with Database Security posted in January 2013
Big Data Security Discussion
Commentary  |  1/31/2013  | 
Answers to common big-data security questions
Are Your Databases Audit-Ready?
News  |  1/29/2013  | 
Development of policies, configuration management, encryption implementations, access control and monitoring all contribute to databases passing compliance checks
Is Mobile Device Management The Answer?
Commentary  |  1/23/2013  | 
MDM software is being considered by healthcare IT execs concerned about security.
You Still Stink At Patching Databases
News  |  1/23/2013  | 
Only about a fifth of organizations patch their databases within three months, and that number is unlikely to get better anytime soon, experts say
The Death Of Java In The Enterprise?
News  |  1/16/2013  | 
The continued waves of Java zero-days have security experts recommending that enterprises reevaluate how they use Java
Anonymous Hacks MIT In Aaron Swartz Tribute
News  |  1/14/2013  | 
Hacktivist group leaves defaced Web page calling for reform of computer crime and intellectual property laws.
Airing Out Security's Dirty Laundry
News  |  1/9/2013  | 
Former South Carolina security guru's testimony shows how lack of security culture can open an organization to threats
Healthcare Settlement Highlights Risk Analysis, Encryption Importance
News  |  1/7/2013  | 
HIPAA breach settlement proves size doesn’t matter when failing to safeguard sensitive patient information.
Patient Privacy Advocate Calls For Better Cloud Security
News  |  1/4/2013  | 
Letter to Office of Civil Rights calls for stronger data security protections, business associate agreements with cloud computing services.


New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Google to Delete 'Secure' Label from HTTPS Sites
Kelly Sheridan, Staff Editor, Dark Reading,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "The one you have not seen, won't be remembered".
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-9317
PUBLISHED: 2018-05-23
Privilege escalation vulnerability found in some Dahua IP devices. Attacker in possession of low privilege account can gain access to credential information of high privilege account and further obtain device information or attack the device.
CVE-2018-1193
PUBLISHED: 2018-05-23
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
CVE-2018-1122
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
CVE-2018-1123
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
CVE-2018-1125
PUBLISHED: 2018-05-23
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.