News & Commentary
Content tagged with Database Security posted in February 2010
|
Measuring Database Security
How much does it cost to secure your database, and how do you calculate that? One of the more vexing problems in security is the lack of metrics models for measuring and optimizing security efforts. Without frameworks and metrics to measure the efficiency and effectiveness of security programs, it's difficult both to improve processes and to communicate our value to nontechnical decision makers.
Oracle 0-Days
During BlackHat, David Litchfield disclosed a security issue with the Oracle 10g and 11g database platforms. The vulnerability centers on the ability to exploit low security privileges to compromise Oracle's Java implementation, resulting in a total takeover of the database. While the issue appears relatively easy to address, behind the scenes this disclosure has raised a stir in database security circles. The big issue is not the bug or misconfiguration issue, or whatever you want to call it.
Dark Reading Launches New Database Security Newsletter
One of the things we've learned in publishing Dark Reading is that a pretty wide range of people work under the title of "security professional." There are techies and managers, risk managers and privacy people, white hats and black hats. Not surprisingly, they aren't all interested in the same news and information.
Security Breach Exposes Healthcare Recipients' Data
Social Security numbers were printed on address labels used in a mass mailing sent by the California Department of Health Care Services.
Amazon's SimpleDB Not Your Typical Database
Several cloud providers offer databases specifically designed for cloud deployment. Amazon's SimpleDB, while technically a database, deviates from what most of us recognize as a database platform. Although SimpleDB is still in prerelease beta format, developers have begun designing applications for it.
Health Net Sued Over Data Breach
The insurance company is accused of failing to protect medical records, Social Security numbers, and bank account information of 446,000 customers.
|
White Papers
Video
0 Comments
Current Issue
Flash Poll
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-15572
PUBLISHED: 2018-08-20
PUBLISHED: 2018-08-20
PUBLISHED: 2018-08-20
PUBLISHED: 2018-08-20
PUBLISHED: 2018-08-20
From DHS/US-CERT's National Vulnerability Database CVE-2018-15572
PUBLISHED: 2018-08-20
The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.
CVE-2018-15573PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf...
CVE-2018-15574PUBLISHED: 2018-08-20
** DISPUTED ** An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
CVE-2018-15570PUBLISHED: 2018-08-20
In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter.
CVE-2018-15564PUBLISHED: 2018-08-20
An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This