Application Security //

Database Security

News & Commentary
763M Email Addresses Exposed in Latest Database Misconfiguration Episode
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
MongoDB once again used by database admin who opens unencrypted database to the whole world.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Hackers Break into System That Houses College Application Data
Dark Reading Staff, Quick Hits
More than 900 colleges and universities use Slate, owned by Technolutions, to collect and manage information on applicants.
By Dark Reading Staff , 3/11/2019
Comment4 comments  |  Read  |  Post a Comment
Debunking 5 Myths About Zero Trust Security
Torsten George, Cybersecurity Evangelist at CentrifyCommentary
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
By Torsten George Cybersecurity Evangelist at Centrify, 3/7/2019
Comment0 comments  |  Read  |  Post a Comment
Airbus Employee Info Exposed in Data Breach
Dark Reading Staff, Quick Hits
Few details as yet on a cyberattack that hit Airbus' commercial aircraft business.
By Dark Reading Staff , 1/31/2019
Comment0 comments  |  Read  |  Post a Comment
Rubrik Data Leak is Another Cloud Misconfiguration Horror Story
Kelly Sheridan, Staff Editor, Dark ReadingNews
A server security mishap exposed vast stores of data belonging to clients of Rubrik, a security and cloud management firm.
By Kelly Sheridan Staff Editor, Dark Reading, 1/30/2019
Comment0 comments  |  Read  |  Post a Comment
Evidence in Starwood/Marriott Breach May Point to China
Dark Reading Staff, Quick Hits
Attackers used methods, tools previously used by known Chinese hackers.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Quora Breach Exposes Information of 100 Million Users
Dark Reading Staff, Quick Hits
The massive breach has exposed passwords for millions who didn't remember having a Quora account.
By Dark Reading Staff , 12/4/2018
Comment0 comments  |  Read  |  Post a Comment
First Lawsuits Filed in Starwood Hotels' Breach
Dark Reading Staff, Quick Hits
Class-action suits have been filed on behalf of guests and shareholders, with more expected.
By Dark Reading Staff , 12/3/2018
Comment0 comments  |  Read  |  Post a Comment
Massive Starwood Hotels Breach Hits 500 Million Guests
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/30/2018
Comment1 Comment  |  Read  |  Post a Comment
Incorrect Assessments of Data Value Putting Organizations at Risk
Jai Vijayan, Freelance writerNews
Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
By Jai Vijayan Freelance writer, 11/28/2018
Comment0 comments  |  Read  |  Post a Comment
Barclays, Walmart Join New $85M Innovation Coalition
Dark Reading Staff, Quick Hits
Innovation incubator Team8 recruits major partners, investors to create new products that help businesses 'thrive by security.'
By Dark Reading Staff , 10/23/2018
Comment2 comments  |  Read  |  Post a Comment
Oracle Issues Massive Collection of Critical Security Updates
Dark Reading Staff, Quick Hits
The software updates from Oracle address a record number of vulnerabilities.
By Dark Reading Staff , 10/17/2018
Comment3 comments  |  Read  |  Post a Comment
GAO Says Equifax Missed Flaws, Intrusion in Massive Breach
Dark Reading Staff, Quick Hits
A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.
By Dark Reading Staff , 9/10/2018
Comment1 Comment  |  Read  |  Post a Comment
T-Mobile Hit With Customer Information Hack
Dark Reading Staff, Quick Hits
Approximately 2 million users said to be affected.
By Dark Reading Staff , 8/24/2018
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.Commentary
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
By Dana Simberkoff Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc., 8/20/2018
Comment7 comments  |  Read  |  Post a Comment
Australian Teen Hacked Apple Network
Dark Reading Staff, Quick Hits
Yale Discloses Data Breach
Dark Reading Staff, Quick Hits
The university discloses that someone stole personal information a long time ago.
By Dark Reading Staff , 7/31/2018
Comment1 Comment  |  Read  |  Post a Comment
US-CERT Warns of ERP Application Hacking
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
ERP applications such as Oracle and SAP's are open to exploit and under attack, according to a new report referenced in a US-CERT warning.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/25/2018
Comment0 comments  |  Read  |  Post a Comment
HR Services Firm ComplyRight Suffers Major Data Breach
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
More than 7,500 customer companies were affected, and the number of individuals whose information was leaked is unknown.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/20/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
763M Email Addresses Exposed in Latest Database Misconfiguration Episode
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: LOL  Hope this one wins
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.