News & Commentary

Content tagged with Database Security posted in February 2012
Why BYOD Doesn't Always Work In Healthcare
Commentary  |  2/28/2012  | 
Security and screen layout problems make it difficult to let clinicians bring their own tablets and smartphones to work.
Strengthening Third-Party Contracts To Lower Breach Risks
News  |  2/22/2012  | 
FTC breach, contract deficiencies highlight importance of including security provisions within technology contracts
Can You Delete A Database?
Commentary  |  2/22/2012  | 
Data and databases keep growing, but there's a security tradeoff
Bad Password Management Exposes Critical Databases
News  |  2/15/2012  | 
Nortel breach shows how poor password management can give away keys to the kingdom
The Financial Industry's Effect On Database Security
Commentary  |  2/15/2012  | 
Security requirements for the financial-services industry differ from other industries
Health Data Breaches Up 97% in 2011
News  |  2/13/2012  | 
Redspin report calls for tougher HIPAA standards, regular security audits, and more employee education.
TigerText Investment To Tighten Up Messaging Security
News  |  2/9/2012  | 
As text messaging among healthcare providers increases, TigerText secures $8.2 million to improve security.
CJIS Rules Not Impossible To Comply With, But It'll Cost Ya
News  |  2/8/2012  | 
Database security and encryption pros say requirements are not unreasonable
A Response To NoSQL Security Concerns
Commentary  |  2/6/2012  | 
Three key takeaways from a recent webcast about database security in the NoSQL database movement
Poisoning The Data Well
News  |  2/1/2012  | 
A Q&A with Forrester's John Kindervag about how encryption makes data worthless to the criminals


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.