Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Breach of Homeland Security Background Checks Raises Red Flags
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
Alison_Diana
Alison_Diana,
User Rank: Moderator
8/26/2014 | 9:17:06 AM
Re: Unacceptable
I had the same reaction, Robert. This is the type of information America's enemies will pay good money for -- and then use to do harm to those working to protect this country. There is absolutely no excuse for this failure.
Stratustician
Stratustician,
User Rank: Moderator
8/26/2014 | 9:08:09 AM
Re: Unacceptable
I agree, Government agencies should have more accountability when it comes to protecting personal data, especially data that directly affects the safety of citizens, and to find it was not encrypted?  This is outrageous. 
zaious
zaious,
User Rank: Apprentice
8/26/2014 | 1:07:22 AM
Re: Unacceptable
It is disappointing. It means that all databases are being targated. Attackers are not shifting their target from hard objectives (highly secured databases). Every enterprise with a database should stay alert -all the time.
Robert McDougal
Robert McDougal,
User Rank: Ninja
8/25/2014 | 11:18:25 PM
Unacceptable
I don't know if I can express how upset I am over this breach.  This could literally lead to the deaths of many people.

Of all the data in the world, this is the kind that needs to be paper only or at the very least on a non internet connected network.
<<   <   Page 2 / 2


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-44960
PUBLISHED: 2022-12-02
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /general/search.php?searchtype=simple. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.
CVE-2022-44961
PUBLISHED: 2022-12-02
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /forums/editforum.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2022-44962
PUBLISHED: 2022-12-02
webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /calendar/viewcalendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject field.
CVE-2022-44944
PUBLISHED: 2022-12-02
Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&amp;entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into t...
CVE-2022-44945
PUBLISHED: 2022-12-02
Rukovoditel v3.2.1 was discovered to contain a SQL injection vulnerability via the heading_field_id parameter.