News & Commentary

Content tagged with Database Security posted in November 2013
NSA Surveillance: First Prism, Now Muscled Out Of Cloud
Commentary  |  11/26/2013  | 
Companies can no longer discount the risk of losing control of confidential corporate data in the cloud. Government data mining is here to stay, in one invasive form or another.
Lessons Learned From 4 Major Data Breaches In 2013
News  |  11/25/2013  | 
Breach stats are declining, but data is still at risk from poorly protected databases, applications, and endpoints
The New Security Architecture
Commentary  |  11/20/2013  | 
Recent high profile attacks reflect a new reality in which perimeter-based security models are increasingly less effective in protecting key corporate assets and information.
Understanding IT Risk Management In 4 Steps X 3
Commentary  |  11/19/2013  | 
A risk management matrix combines the probability of harm and the severity of harm. In IT terms that means authentication, context, and process.
4 Lessons From MongoHQ Data Breach
News  |  11/15/2013  | 
Security experts urge companies to implement two-factor authentication, VPNs, and graduated permission levels to better protect customer data from hackers.
Higher Ed Must Lock Down Data Security
Commentary  |  11/15/2013  | 
Higher education rivals only the healthcare industry in housing personally identifiable data. Consider these tactics for smart planning.
Finding SQL Injection Attacks In Unexpected Quarters
News  |  11/15/2013  | 
Injection by Google bot and through modern mobile and Web apps will require adjustments
Mobile Protoype Encrypts Data First, Ships To Cloud Later
News  |  11/15/2013  | 
'CloudCapsule' can be used with Dropbox and Google Drive. It locks down files prior to their storage in the cloud for accessing them without a proxy.
IT Security Faces Big Data Skills and Resource Gap
News  |  11/15/2013  | 
In the near future, IT security teams will not be complete without at least one data scientist among its ranks.
Schneier: Time To Make NSA Eavesdropping Expensive
News  |  11/15/2013  | 
NSA surveillance piggybacks on corporate capabilities through cooperation, bribery, threats and compulsion, says security evangelist Bruce Schneier.
Hackers Threaten Destruction Of Obamacare Website
News  |  11/8/2013  | 
DDoS tool targets the federal Affordable Care Act website. But will it work?


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.