News & Commentary

Content tagged with Database Security posted in May 2013
5 Big Database Breaches Of Spring 2013
News  |  5/30/2013  | 
Learning from the most recent impactful breaches of 2013
De-FUD-ing Privileged User Management
Commentary  |  5/24/2013  | 
A helpful contrast shows you what not to do
Myth-Busting SQL- And Other Injection Attacks
News  |  5/21/2013  | 
Black Hat injection-attacks instructor dishes on the complexity of SQL injection and the prevalence of lesser-known injection attacks
Why Database Monitoring?
Commentary  |  5/17/2013  | 
Hoping other people detect your breach before you lose millions is not a good strategy
Boston Children's Hospital Tackles Teen Records Privacy
News  |  5/16/2013  | 
Boston Children's Hospital's pioneering approach would bar parents from seeing sensitive portions of their children's personal health records.
British Universities Given Funds For Cyber Security Program
News  |  5/10/2013  | 
U.K. government provides grants to University of Oxford and Royal Holloway, University of London to fund doctoral programs in cyber security.
Health IT Execs' Top Worries: Security, BYOD, Cloud
News  |  5/9/2013  | 
Personal mobile devices still present huge security challenge, say HIMSS Analytics focus group participants.
10 Reasons SQL Injection Still Works
News  |  5/8/2013  | 
Developer techniques, business process choices, and attacker preferences all play a part in the continued relevance of SQLi


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Compliance and Risk Management Officer, AvePoint, Inc,  8/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15601
PUBLISHED: 2018-08-21
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.
CVE-2018-15603
PUBLISHED: 2018-08-21
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen.
CVE-2018-15598
PUBLISHED: 2018-08-21
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.
CVE-2018-15599
PUBLISHED: 2018-08-21
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.
CVE-2018-0501
PUBLISHED: 2018-08-21
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.