Application Security //

Database Security

News & Commentary
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
Sara Peters, Senior Editor at Dark ReadingNews
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
By Sara Peters Senior Editor at Dark Reading, 5/25/2018
Comment0 comments  |  Read  |  Post a Comment
Encryption is Necessary, Tools and Tips Make It Easier
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
12 Trends Shaping Identity Management
Sara Peters, Senior Editor at Dark Reading
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
By Sara Peters Senior Editor at Dark Reading, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Serverless Architectures: A Paradigm Shift in Application Security
Ory Segal, CTO, PureSecCommentary
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
By Ory Segal CTO, PureSec, 4/9/2018
Comment0 comments  |  Read  |  Post a Comment
Electric Utility Hit with Record Fine for Vulnerabilities
Dark Reading Staff, Quick Hits
An unnamed power company has consented to a record fine for leaving critical records exposed.
By Dark Reading Staff , 3/14/2018
Comment0 comments  |  Read  |  Post a Comment
Medical Apps Come Packaged with Hardcoded Credentials
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/14/2018
Comment0 comments  |  Read  |  Post a Comment
Ticking Time Bombs in Your Data Center
Murali Palanisamy, Executive Vice President and Chief Technology Officer,  AppViewXCommentary
The biggest security problems inside your company may result from problems it inherited.
By Murali Palanisamy Executive Vice President and Chief Technology Officer, AppViewX, 2/7/2018
Comment0 comments  |  Read  |  Post a Comment
Poor Visibility, Weak Passwords Compromise Active Directory
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts highlight the biggest problems they see putting Microsoft Active Directory at risk.
By Kelly Sheridan Staff Editor, Dark Reading, 2/1/2018
Comment1 Comment  |  Read  |  Post a Comment
New Database Botnet Leveraged for Bitcoin Mining
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Attackers are quietly building an attack infrastructure using very sensitive machines.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/19/2017
Comment0 comments  |  Read  |  Post a Comment
Post-Breach Carnage: Worst Ways The Axe Fell in 2017
Ericka Chickowski, Contributing Writer, Dark Reading
Executive firings, stock drops, and class action settlements galore, this year was a study in real-world repercussions for cybersecurity lapses.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/11/2017
Comment0 comments  |  Read  |  Post a Comment
We're Still Not Ready for GDPR? What is Wrong With Us?
Sara Peters, Senior Editor at Dark ReadingCommentary
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
By Sara Peters Senior Editor at Dark Reading, 11/17/2017
Comment1 Comment  |  Read  |  Post a Comment
Oracle Fixes 20 Remotely Exploitable Java SE Vulns
Jai Vijayan, Freelance writerNews
Quarterly update for October is the smallest of the year: only 252 flaws to fix! Oracle advises to apply patches 'without delay.'
By Jai Vijayan Freelance writer, 10/18/2017
Comment0 comments  |  Read  |  Post a Comment
Reuters: Microsoft's 2013 Breach Hit Bug Repository, Insiders Say
Dark Reading Staff, Quick Hits
Five anonymous former Microsoft employees tell Reuters that Microsoft's database of internally discovered vulnerabilities was compromised in 2013, but Microsoft will not confirm it occurred.
By Dark Reading Staff , 10/17/2017
Comment0 comments  |  Read  |  Post a Comment
Unstructured Data: The Threat You Cannot See
Charles Fullwood, Software Practice Director at Force 3Commentary
Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.
By Charles Fullwood Software Practice Director at Force 3, 10/10/2017
Comment0 comments  |  Read  |  Post a Comment
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Tom Thomassen, Senior Staff Engineer of Security, MarkLogicCommentary
As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.
By Tom Thomassen Senior Staff Engineer of Security, MarkLogic, 10/6/2017
Comment2 comments  |  Read  |  Post a Comment
Ransomware Will Target Backups: 4 Ways to Protect Your Data
Rod Mathews, Senior VP and General Manager of Data ProtectionCommentary
Backups are the best way to take control of your defense against ransomware, but they need protecting as well.
By Rod Mathews Senior VP and General Manager of Data Protection, 10/4/2017
Comment1 Comment  |  Read  |  Post a Comment
Equifax CEO Retires in Wake of Breach
Dark Reading Staff, Quick Hits
After the company's CIO and CSO resigned Sep. 14, Chairman and CEO Richard F. Smith follows them out the door.
By Dark Reading Staff , 9/26/2017
Comment1 Comment  |  Read  |  Post a Comment
FBI's Freese Shares Risk Management Tips
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Deputy Assistant Director Donald Freese advises enterprises to lead with a business case and not fear addressing the C-suite on risk management.
By Dawn Kawamoto Associate Editor, Dark Reading, 9/26/2017
Comment0 comments  |  Read  |  Post a Comment
If Blockchain Is the Answer, What Is the Security Question?
Duncan Jones, Head of Skunkworks, Thales e-SecurityCommentary
Like any technology, blockchain has its strengths and weaknesses. But debunking three common myths can help you cut through the hype.
By Duncan Jones Head of Skunkworks, Thales e-Security, 9/8/2017
Comment0 comments  |  Read  |  Post a Comment
GDPR Compliance Preparation: A High-Stakes Guessing Game
Peter Merkulov, Chief Technology Officer, GlobalscapeCommentary
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
By Peter Merkulov Chief Technology Officer, Globalscape, 8/24/2017
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11505
PUBLISHED: 2018-05-26
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVE-2018-6409
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
CVE-2018-6410
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
CVE-2018-6411
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
CVE-2018-11500
PUBLISHED: 2018-05-26
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.