Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Database Security

News & Commentary
Medical Imaging Leaks Highlight Unhealthy Security Practices
Robert Lemos, Contributing WriterNews
More than 45 million unique images, such as X-rays and MRI scans, are accessible to anyone on the Internet, security firm says.
By Robert Lemos Contributing Writer, 12/15/2020
Comment1 Comment  |  Read  |  Post a Comment
Kmart Hit by Egregor Ransomware
Dark Reading Staff, Quick Hits
Egregor is also behind recent attacks on UbiSoft and Barnes & Noble.
By Dark Reading Staff , 12/4/2020
Comment0 comments  |  Read  |  Post a Comment
Intel Doubles Down on Emerging Technologies for Sharing and Using Data Securely
Robert Lemos, Contributing WriterNews
Homomorphic encryption and federated learning could allow groups to share data and analysis while protecting the actual information.
By Robert Lemos Contributing Writer, 12/4/2020
Comment0 comments  |  Read  |  Post a Comment
5 Steps Every Company Should Take to Avoid Data Theft Risk
Bradford K. Newman, Principal, Litigation / Chair of North America Trade Secrets PracticeCommentary
It's never been easier for employees to download company data and take it with them to their next gig.
By Bradford K. Newman Principal, Litigation / Chair of North America Trade Secrets Practice, 11/12/2020
Comment1 Comment  |  Read  |  Post a Comment
3 Tips For Successfully Running Tech Outside the IT Department
Patrick Kehoe, Chief Marketing and Strategy Officer, CoalfireCommentary
When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.
By Patrick Kehoe Chief Marketing and Strategy Officer, Coalfire, 11/11/2020
Comment0 comments  |  Read  |  Post a Comment
WordPress Plug-in Updated in Rare Forced Action
Dark Reading Staff, Quick Hits
The Logonizer login security plug-in was automatically updated to patch a SQL injection vulnerability.
By Dark Reading Staff , 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Ubiq Rolls Out Encryption-as-a-Service Platform Aimed at Developers
Robert Lemos, Contributing WriterNews
A few lines of code and two API calls is all that it takes for developers to add encryption to their applications, startup says.
By Robert Lemos Contributing Writer, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Barnes & Noble Warns Customers About Data Breach
Dark Reading Staff, Quick Hits
Famed bookseller says non-financial data was exposed in a new attack.
By Dark Reading Staff , 10/15/2020
Comment0 comments  |  Read  |  Post a Comment
Software AG Continues Efforts Against $20M Ransomware Attack
Dark Reading Staff, Quick Hits
The attack, which now includes extortion components, has moved into its second week.
By Dark Reading Staff , 10/12/2020
Comment0 comments  |  Read  |  Post a Comment
Imperva Agrees to Buy jSonar
Dark Reading Staff, Quick Hits
The deal is expected to close in mid-October.
By Dark Reading Staff , 10/1/2020
Comment0 comments  |  Read  |  Post a Comment
New Google Search Hacks Push Viruses & Porn
David Balaban, Editor at Privacy-PC.comCommentary
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
By David Balaban Editor at Privacy-PC.com, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Deadly Ransomware Story Continues to Unfold
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A ransomware attack with fatal consequences is attracting notice and comment from around the world.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Gone Awry Has Fatal Consequences
Dark Reading Staff, Quick Hits
An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.
By Dark Reading Staff , 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Research Finds Nearly 800,000 Access Keys Exposed Online
Dark Reading Staff, Quick Hits
The keys were primarily for access to databases and cloud services.
By Dark Reading Staff , 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Hits US District Court in Louisiana
Dark Reading Staff, Quick Hits
The ransomware attack has exposed internal documents from the court and knocked its website offline.
By Dark Reading Staff , 9/14/2020
Comment0 comments  |  Read  |  Post a Comment
Inova Suffers Third-Party Data Breach
Dark Reading Staff, Quick Hits
The breach occurred as part of a ransomware attack against service provider Blackbaud.
By Dark Reading Staff , 9/9/2020
Comment0 comments  |  Read  |  Post a Comment
Warner Music Group Admits Breach
Dark Reading Staff, Quick Hits
The months-long breach hit financial details for customers.
By Dark Reading Staff , 9/4/2020
Comment0 comments  |  Read  |  Post a Comment
Collection of Metadata -- as Done by the NSA -- Likely Unconstitutional, US Court Suggests
Robert Lemos, Contributing WriterNews
A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.
By Robert Lemos Contributing Writer, 9/4/2020
Comment2 comments  |  Read  |  Post a Comment
Three Easy Ways to Avoid Meow-like Database Attacks
Ron Bennatan, Co-founder & CTO of jSonarCommentary
The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.
By Ron Bennatan Co-founder & CTO of jSonar, 8/25/2020
Comment0 comments  |  Read  |  Post a Comment
University of Utah Pays in Cyber-Extortion Scheme
Dark Reading Staff, Quick Hits
Though a ransomware attempt was thwarted, the university paid to prevent the release of student PII.
By Dark Reading Staff , 8/21/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...