News & Commentary

Content tagged with Database Security posted in October 2009
SAP, Nokia Partner On Mobile Security
News  |  10/27/2009  | 
With the joint venture's technology, prescription drugs, software, and other goods could be tagged with smart barcodes to protect them from counterfeiting.
The ABCs Of DAM
Commentary  |  10/26/2009  | 
Database activity monitoring (DAM) has been the biggest advancement in database security in the past decade. Identity management controls access, and encryption protects data on media, but monitoring verifies usage.
E-Health Records Put Patient Privacy At Risk
News  |  10/20/2009  | 
Healthcare IT managers say their organizations aren't adequately protecting electronic health records, survey says.
Laptop Theft Nets Data On 800,000 Doctors
News  |  10/15/2009  | 
The stolen laptop contained personal data on nearly every physician in the country.
Getting Around Vertical Database Security
Commentary  |  10/14/2009  | 
A few database administrators told me they wanted to know why database security is vertical and how they can fix it. True, database access controls are vertical. The basic construct of a database is a table, and access controls grant access to tables or columns. This means you can see all of the entries from top to bottom, or none at all. Access is vertical and it lacks granularity.
Avoiding Database Audit Pitfalls
Commentary  |  10/8/2009  | 
Many seasoned database administrators howl in protest at the mere suggestion of running native auditing functions due to the poor performance and log management headaches that often come with auditing.
Database Auditing Essentials
Commentary  |  10/5/2009  | 
Auditing database activity is a core component to any data security program. Databases capture data access and alterations during transaction processing, along with modifications to the database system. These actions are captured and written into an audit log that is managed by the database internally. The audit log is the most accurate source of events because it's the database that acts as the arbiter to ensure transactional consistency and data integrity.
A Weapon Against SQL Injection
Commentary  |  10/2/2009  | 
The single most common database security inquiry I get is, "What's this whole stored procedure parameter thing, and how does it help with SQL injection?"
Dark Reading's Database Security Tech Center Refresh
Commentary  |  10/1/2009  | 
The Dark Reading Database Security Tech Center is expanding. The subsite, devoted to bringing you news, product information, opinion, and analysis all focused on the very timely topic of database security, has been well-received by our readers since its launch in June, so we're adding two new elements to provide even more depth of coverage: a new blogger dedicated to database security, and new monthly feature articles that drill down on the latest database security threats and issues.


Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
2018 on Track to Be One of the Worst Ever for Data Breaches
Jai Vijayan, Freelance writer,  11/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-9071
PUBLISHED: 2018-11-16
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 allows unauthenticated users to retrieve information related to the current authentication configuration settings. Exposed settings relate to password lengths, expiration, and lockout configuration.
CVE-2018-9073
PUBLISHED: 2018-11-16
Lenovo Chassis Management Module (CMM) prior to version 2.0.0 utilizes a hardcoded encryption key to protect certain secrets. Possession of the key can allow an attacker that has already compromised the server to decrypt these secrets.
CVE-2018-9085
PUBLISHED: 2018-11-16
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM System x servers, potentially allowing an attacker with administrator access to modify the subset of flash memory containing Intel Server Platform Services (SPS) and the system Flash Descriptors.
CVE-2018-9086
PUBLISHED: 2018-11-16
In some Lenovo ThinkServer-branded servers, a command injection vulnerability exists in the BMC firmware download command. This allows a privileged user to download and execute arbitrary code inside the BMC. This can only be exploited by authorized privileged users.
CVE-2018-19296
PUBLISHED: 2018-11-16
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack.