Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Database Security

News & Commentary
One Arrested in Ecuador's Mega Data Leak
Dark Reading Staff, Quick Hits
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
24.3M Unsecured Health Records Expose Patient Data, Images
Dark Reading Staff, Quick Hits
Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.
By Dark Reading Staff , 9/18/2019
Comment0 comments  |  Read  |  Post a Comment
US Companies Unprepared for Privacy Regulations
Dark Reading Staff, Quick Hits
US companies are poorly prepared for even the most rudimentary privacy regulations, a new report says.
By Dark Reading Staff , 9/17/2019
Comment0 comments  |  Read  |  Post a Comment
Oracle Expands Cloud Security Services at OpenWorld 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
The company broadens its portfolio with new services developed to centralize and automate cloud security.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Data Leak Affects Most of Ecuador's Population
Kelly Sheridan, Staff Editor, Dark ReadingNews
An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2019
Comment0 comments  |  Read  |  Post a Comment
Job-Seeker Data Exposed in Monster File Leak
Dark Reading Staff, Quick Hits
The job website says it cannot notify users since the exposure occurred on a third-party organization's servers.
By Dark Reading Staff , 9/6/2019
Comment0 comments  |  Read  |  Post a Comment
419M Facebook User Phone Numbers Publicly Exposed
Dark Reading Staff, Quick Hits
It's still unclear who owned the server storing hundreds of millions of records online without a password.
By Dark Reading Staff , 9/5/2019
Comment1 Comment  |  Read  |  Post a Comment
Imperva Customer Database Exposed
Dark Reading Staff, Quick Hits
A subset of customers for the company's Incapsula web application firewall had their email addresses, hashed/salted passwords, and more open to unauthorized access, Imperva announced.
By Dark Reading Staff , 8/27/2019
Comment10 comments  |  Read  |  Post a Comment
6 Ways Airlines and Hotels Can Keep Their Networks Secure
Steve Zurier, Contributing Writer
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
By Steve Zurier Contributing Writer, 8/27/2019
Comment0 comments  |  Read  |  Post a Comment
IBM Announces Quantum Safe Encryption
Dark Reading Staff, Quick Hits
Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption.
By Dark Reading Staff , 8/23/2019
Comment1 Comment  |  Read  |  Post a Comment
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
Kelly Sheridan, Staff Editor, Dark ReadingNews
Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.
By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2019
Comment1 Comment  |  Read  |  Post a Comment
Capital One: What We Should Learn This Time
Kelly Sheridan, Staff Editor, Dark ReadingNews
Where Capital One went wrong, what the bank did right, and more key takeaways from the latest mega-breach.
By Kelly Sheridan Staff Editor, Dark Reading, 8/2/2019
Comment2 comments  |  Read  |  Post a Comment
Researcher Find Open 'Road Map' to Honda Computers
Dark Reading Staff, Quick Hits
An unprotected database, now secured, contained information on every computer owned by the automobile giant.
By Dark Reading Staff , 8/1/2019
Comment1 Comment  |  Read  |  Post a Comment
Equifax to Pay Up to $700M for Data Breach Damages
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
In a settlement with the FTC, consumers affected by the breach are eligible for up to $20,000 in a cash settlement, depending on damages they can prove.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/22/2019
Comment2 comments  |  Read  |  Post a Comment
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, ProtegoCommentary
Despite the great success of the cloud over the last decade, misconceptions continue to persist. Here's why the naysayers are wrong.
By Hillel Solow CTO and Co-founder, Protego, 7/11/2019
Comment4 comments  |  Read  |  Post a Comment
Britain Looks to Levy Record GDPR Fine Against British Airways
Robert Lemos, Contributing WriterNews
The penalty is a sign of things to come, say experts.
By Robert Lemos Contributing Writer, 7/8/2019
Comment0 comments  |  Read  |  Post a Comment
Federal Photos Filched in Contractor Breach
Dark Reading Staff, Quick Hits
Data should never have been on subcontractor's servers, says Customs and Border Protection.
By Dark Reading Staff , 6/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Flipboard Confirms Two Hacks, Prompts Password Resets
Dark Reading Staff, Quick Hits
The company reports two incidents affected a subset of its users and is resetting passwords for involved accounts.
By Dark Reading Staff , 5/29/2019
Comment1 Comment  |  Read  |  Post a Comment
GandCrab Gets a SQL Update
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new attack is found that uses MySQL as part of the attack chain in a GandCrab ransomware infection.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/28/2019
Comment1 Comment  |  Read  |  Post a Comment
Data Asset Management: What Do You Really Need?
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.
By Kelly Sheridan Staff Editor, Dark Reading, 5/22/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16649
PUBLISHED: 2019-09-21
On Supermicro H11, H12, M11, X9, X10, and X11 products, a combination of encryption and authentication problems in the virtual media service allows capture of BMC credentials and data transferred over virtual media devices. Attackers can use captured credentials to connect virtual USB devices to the...
CVE-2019-16650
PUBLISHED: 2019-09-21
On Supermicro X10 and X11 products, a client's access privileges may be transferred to a different client that later has the same socket file descriptor number. In opportunistic circumstances, an attacker can simply connect to the virtual media service, and then connect virtual USB devices to the se...
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.