Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Database Security posted in October 2012
Nightmare On Database Street: 5 Database Security Horror Stories
News  |  10/25/2012  | 
Chilling stories from penetration testers, database pros, and security consultants in the field
Cyber Crooks Target Healthcare For Financial Data
News  |  10/24/2012  | 
Identity thieves looking for a quick buck often don't even know they are attacking healthcare organizations, Verizon investigation finds.
When Data Errors Don't Matter
Commentary  |  10/24/2012  | 
Does bad data break 'big data' analysis?
Office 365 Boasts HIPAA-Compliant Messaging System
News  |  10/22/2012  | 
Several universities adopt Microsoft's cloud-based, HIPAA-compliant system in an effort to keep personal health data safer.
Malware Threatens Medical Device Security
News  |  10/19/2012  | 
Hospitals must contend with older operating systems that lack the latest security patches, and cope with the convergence of medical devices, EHRs, and mobile apps.
Health Data Breach Response: Culture Change Needed
News  |  10/18/2012  | 
Seattle Children's Hospital CISO builds incident response team and culture of continuous improvement concerning data breaches.
Could Hackers Change Our Election Results?
News  |  10/18/2012  | 
Many of the same vulnerabilities exist in electronic voting systems as the last time we elected a president, and new ones abound that could put voter databases at risk and undermine civic confidence
Dodging 5 Dangerous Database Default Settings
News  |  10/11/2012  | 
Out-of-the-box settings and weak configuration of databases make it easier for thieves to break into data stores and harder for IT to quickly detect breaches
What's The Threat?
Commentary  |  10/4/2012  | 
SQL injection -- not malware -- is the main threat to databases
Health IT Offers Safe Haven In A Storm
News  |  10/3/2012  | 
Government report offers an action plan to protect access to medical records in case of a hurricane, tornado, or other disaster.


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-22166
PUBLISHED: 2021-01-15
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method
CVE-2021-22167
PUBLISHED: 2021-01-15
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers in specific project page allows attacker to have a temporary read access to the private repository
CVE-2021-22168
PUBLISHED: 2021-01-15
A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
CVE-2021-22171
PUBLISHED: 2021-01-15
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
CVE-2020-26414
PUBLISHED: 2021-01-15
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.