News & Commentary

Content tagged with Database Security posted in November 2013
NSA Surveillance: First Prism, Now Muscled Out Of Cloud
Commentary  |  11/26/2013  | 
Companies can no longer discount the risk of losing control of confidential corporate data in the cloud. Government data mining is here to stay, in one invasive form or another.
Lessons Learned From 4 Major Data Breaches In 2013
News  |  11/25/2013  | 
Breach stats are declining, but data is still at risk from poorly protected databases, applications, and endpoints
The New Security Architecture
Commentary  |  11/20/2013  | 
Recent high profile attacks reflect a new reality in which perimeter-based security models are increasingly less effective in protecting key corporate assets and information.
Understanding IT Risk Management In 4 Steps X 3
Commentary  |  11/19/2013  | 
A risk management matrix combines the probability of harm and the severity of harm. In IT terms that means authentication, context, and process.
4 Lessons From MongoHQ Data Breach
News  |  11/15/2013  | 
Security experts urge companies to implement two-factor authentication, VPNs, and graduated permission levels to better protect customer data from hackers.
Higher Ed Must Lock Down Data Security
Commentary  |  11/15/2013  | 
Higher education rivals only the healthcare industry in housing personally identifiable data. Consider these tactics for smart planning.
Finding SQL Injection Attacks In Unexpected Quarters
News  |  11/15/2013  | 
Injection by Google bot and through modern mobile and Web apps will require adjustments
Mobile Protoype Encrypts Data First, Ships To Cloud Later
News  |  11/15/2013  | 
'CloudCapsule' can be used with Dropbox and Google Drive. It locks down files prior to their storage in the cloud for accessing them without a proxy.
IT Security Faces Big Data Skills and Resource Gap
News  |  11/15/2013  | 
In the near future, IT security teams will not be complete without at least one data scientist among its ranks.
Schneier: Time To Make NSA Eavesdropping Expensive
News  |  11/15/2013  | 
NSA surveillance piggybacks on corporate capabilities through cooperation, bribery, threats and compulsion, says security evangelist Bruce Schneier.
Hackers Threaten Destruction Of Obamacare Website
News  |  11/8/2013  | 
DDoS tool targets the federal Affordable Care Act website. But will it work?


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13100
PUBLISHED: 2018-08-15
DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13101
PUBLISHED: 2018-08-15
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.