Advertise

News & Commentary

Content tagged with Database Security posted in February 2010

View Content By Month

Measuring Database Security

Commentary | 2/16/2010 |

Post a comment

How much does it cost to secure your database, and how do you calculate that? One of the more vexing problems in security is the lack of metrics models for measuring and optimizing security efforts. Without frameworks and metrics to measure the efficiency and effectiveness of security programs, it's difficult both to improve processes and to communicate our value to nontechnical decision makers.

Oracle 0-Days

Commentary | 2/12/2010 |

Post a comment

During BlackHat, David Litchfield disclosed a security issue with the Oracle 10g and 11g database platforms. The vulnerability centers on the ability to exploit low security privileges to compromise Oracle's Java implementation, resulting in a total takeover of the database. While the issue appears relatively easy to address, behind the scenes this disclosure has raised a stir in database security circles. The big issue is not the bug or misconfiguration issue, or whatever you want to call it.

Dark Reading Launches New Database Security Newsletter

Commentary | 2/10/2010 |

Post a comment

One of the things we've learned in publishing Dark Reading is that a pretty wide range of people work under the title of "security professional." There are techies and managers, risk managers and privacy people, white hats and black hats. Not surprisingly, they aren't all interested in the same news and information.

Security Breach Exposes Healthcare Recipients' Data

News | 2/10/2010 |

Post a comment

Social Security numbers were printed on address labels used in a mass mailing sent by the California Department of Health Care Services.

Amazon's SimpleDB Not Your Typical Database

Commentary | 2/6/2010 |

Post a comment

Several cloud providers offer databases specifically designed for cloud deployment. Amazon's SimpleDB, while technically a database, deviates from what most of us recognize as a database platform. Although SimpleDB is still in prerelease beta format, developers have begun designing applications for it.

Health Net Sued Over Data Breach

News | 2/1/2010 |

Post a comment

The insurance company is accused of failing to protect medical records, Social Security numbers, and bank account information of 446,000 customers.

View Content by Month

[close this box]

Hot Topics

Editors' Choice

New Mexico Man Sentenced on DDoS, Gun Charges

Dark Reading Staff 5/18/2018

Is Threat Intelligence Garbage?

Chris McDaniels, Chief Information Security Officer of Mosaic451, 5/23/2018

LA County Nonprofit Exposes 3.2M PII Files via Unsecured S3 Bucket

Dark Reading Staff 5/23/2018

Webinars

Learn About Cyber Attackers & How They Target Your Organization

Malicious Insiders: Real Defense for Real Businesses

[Cybersecurity Crash Course] Detecting & Mitigating Malware

Webinar Archives

White Papers

Iran Cybersecurity Profile

Prevent Cyber Attacks Before They Happen

5th Gen Cyber Attacks Are Here and Most Businesses Are Behind

Mobile Devices: The New Support Frontier for IT (IDG Report)

Email Fraud Landscape, Q1 2018

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Shhh! They're watching... And you have a laptop?

Cartoon Archive

Current Issue

The Changing Role of the CISO

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

[Strategic Security Report] Navigating the Threat Intelligence Maze

Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.

Download Now!

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

The State of Ransomware

0 comments

The Dark Reading Security Spending Survey

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2013-3018
PUBLISHED: 2018-05-24

The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354.

CVE-2013-3023
PUBLISHED: 2018-05-24

IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2 and 7.2.0 through 7.2.1.4 might allow remote attackers to obtain sensitive information about Tomcat credentials by sniffing the network for a session in which HTTP is used. IBM X-Force ID: 84361.

CVE-2013-3024
PUBLISHED: 2018-05-24

IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.

CVE-2018-5674
PUBLISHED: 2018-05-24

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

CVE-2018-5675
PUBLISHED: 2018-05-24

Terms of Service
Privacy Statement
Legal Entities