Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Database Security

News & Commentary
Why Data Ethics Is a Growing CISO Priority
Joan Goodchild, Contributing Writer
With data collection growing, and increased concern about how it is handled, a synergy between security and data teams will be essential.
By Joan Goodchild Contributing Writer, 8/3/2020
Comment0 comments  |  Read  |  Post a Comment
Security Flaws Discovered in OKCupid Dating Service
Dark Reading Staff, Quick Hits
Researchers identified a variety of vulnerabilities in apps and websites for the popular online dating platform.
By Dark Reading Staff , 7/29/2020
Comment1 Comment  |  Read  |  Post a Comment
Avon Server Leaks User Info and Administrative Data
Dark Reading Staff, Quick Hits
An unprotected server has exposed more than 7GB of data from the beauty brand.
By Dark Reading Staff , 7/28/2020
Comment2 comments  |  Read  |  Post a Comment
ShinyHunters Offers Stolen Data on Dark Web
Dark Reading Staff, Quick Hits
The threat actor offers more than 26 million records from a series of data breaches.
By Dark Reading Staff , 7/27/2020
Comment1 Comment  |  Read  |  Post a Comment
DNA Site Leaves Records Open to Law Enforcement
Dark Reading Staff, Quick Hits
A pair of breaches reset user accounts to allow access for two days.
By Dark Reading Staff , 7/23/2020
Comment0 comments  |  Read  |  Post a Comment
Inside Stealthworker: How It Compromises WordPress, Step-by-Step
Curtis Franklin Jr., Senior Editor at Dark Reading
A new wave of attacks using old malware is threatening WordPress sites that don't have strong password policies.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/12/2020
Comment1 Comment  |  Read  |  Post a Comment
Amtrak Breach Rolls Over Frequent Travelers
Dark Reading Staff, Quick Hits
The breach exposed usernames and passwords of an undisclosed number of program members.
By Dark Reading Staff , 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Security 101: SQL Injection
Curtis Franklin Jr., Senior Editor at Dark Reading
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/27/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Tips for Fighting Credential Stuffing Attacks
Joan Goodchild, Contributing Writer
With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?
By Joan Goodchild Contributing Writer, 5/22/2020
Comment1 Comment  |  Read  |  Post a Comment
Security 101: Cross-Site Scripting
Curtis Franklin Jr., Senior Editor at Dark Reading
Cross-site scripting has been around longer than most security professionals have been on the job. Why is it still such an issue when we've known about it for so long?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Hackers Serve Up Stolen Credentials from Home Chef
Dark Reading Staff, Quick Hits
Some 8 million of the meal delivery company's customer records have been offered for sale on the Dark Web.
By Dark Reading Staff , 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
EasyJet Sees 9 Million Customer Email Addresses Stolen
Dark Reading Staff, Quick Hits
More than 2,000 customers also had credit card information taken in the attack.
By Dark Reading Staff , 5/19/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Target Sophos Firewalls with Zero-Day
Robert Lemos, Contributing WriterNews
Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.
By Robert Lemos Contributing Writer, 4/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Paay Misconfiguration Leaves Transaction Data Exposed
Dark Reading Staff, Quick Hits
The New York-based credit-card processor left a server without password protection for approximately three weeks.
By Dark Reading Staff , 4/23/2020
Comment0 comments  |  Read  |  Post a Comment
SFO Hit by Web Compromise
Dark Reading Staff, Quick Hits
Web app credentials were stolen in attacks on two airport websites.
By Dark Reading Staff , 4/10/2020
Comment0 comments  |  Read  |  Post a Comment
Data from 5.2M Marriott Loyalty Program Members Hit by Breach
Dark Reading Staff, Quick Hits
The data was breached through the credentials of two franchisee employees.
By Dark Reading Staff , 3/31/2020
Comment2 comments  |  Read  |  Post a Comment
Insurance Giant Chubb Might Be Ransomware Victim
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A ransomware operator claims to have successfully attacked Chubb Insurance databases.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/26/2020
Comment1 Comment  |  Read  |  Post a Comment
538 Million Weibo Users' Info for Sale on Dark Web
Dark Reading Staff, Quick Hits
The user data, which does not include passwords, purportedly comes from a mid-2019 breach.
By Dark Reading Staff , 3/23/2020
Comment0 comments  |  Read  |  Post a Comment
200M Records of US Citizens Leaked in Unprotected Database
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week.
By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2020
Comment2 comments  |  Read  |  Post a Comment
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
Dark Reading Staff, Quick Hits
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.
By Dark Reading Staff , 3/19/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by hellocleanerae
Current Conversations Thank you
In reply to: re: Hacking Higher Education
Post Your Own Reply
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5615
PUBLISHED: 2020-08-04
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-5616
PUBLISHED: 2020-08-04
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] fre...
CVE-2020-5617
PUBLISHED: 2020-08-04
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.
CVE-2020-11583
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-11584
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.