Application Security //

Database Security

News & Commentary
Oracle Issues Massive Collection of Critical Security Updates
Dark Reading Staff, Quick Hits
The software updates from Oracle address a record number of vulnerabilities.
By Dark Reading Staff , 10/17/2018
Comment0 comments  |  Read  |  Post a Comment
GAO Says Equifax Missed Flaws, Intrusion in Massive Breach
Dark Reading Staff, Quick Hits
A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.
By Dark Reading Staff , 9/10/2018
Comment1 Comment  |  Read  |  Post a Comment
T-Mobile Hit With Customer Information Hack
Dark Reading Staff, Quick Hits
Approximately 2 million users said to be affected.
By Dark Reading Staff , 8/24/2018
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.Commentary
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
By Dana Simberkoff Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc., 8/20/2018
Comment7 comments  |  Read  |  Post a Comment
Australian Teen Hacked Apple Network
Dark Reading Staff, Quick Hits
Yale Discloses Data Breach
Dark Reading Staff, Quick Hits
The university discloses that someone stole personal information a long time ago.
By Dark Reading Staff , 7/31/2018
Comment1 Comment  |  Read  |  Post a Comment
US-CERT Warns of ERP Application Hacking
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
ERP applications such as Oracle and SAP's are open to exploit and under attack, according to a new report referenced in a US-CERT warning.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/25/2018
Comment0 comments  |  Read  |  Post a Comment
HR Services Firm ComplyRight Suffers Major Data Breach
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
More than 7,500 customer companies were affected, and the number of individuals whose information was leaked is unknown.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/20/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
Sara Peters, Senior Editor at Dark ReadingNews
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
By Sara Peters Senior Editor at Dark Reading, 5/25/2018
Comment14 comments  |  Read  |  Post a Comment
Encryption is Necessary, Tools and Tips Make It Easier
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
12 Trends Shaping Identity Management
Sara Peters, Senior Editor at Dark Reading
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
By Sara Peters Senior Editor at Dark Reading, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Serverless Architectures: A Paradigm Shift in Application Security
Ory Segal, CTO, PureSecCommentary
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
By Ory Segal CTO, PureSec, 4/9/2018
Comment0 comments  |  Read  |  Post a Comment
Electric Utility Hit with Record Fine for Vulnerabilities
Dark Reading Staff, Quick Hits
An unnamed power company has consented to a record fine for leaving critical records exposed.
By Dark Reading Staff , 3/14/2018
Comment0 comments  |  Read  |  Post a Comment
Medical Apps Come Packaged with Hardcoded Credentials
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/14/2018
Comment0 comments  |  Read  |  Post a Comment
Ticking Time Bombs in Your Data Center
Murali Palanisamy, Executive Vice President and Chief Technology Officer,  AppViewXCommentary
The biggest security problems inside your company may result from problems it inherited.
By Murali Palanisamy Executive Vice President and Chief Technology Officer, AppViewX, 2/7/2018
Comment0 comments  |  Read  |  Post a Comment
Poor Visibility, Weak Passwords Compromise Active Directory
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts highlight the biggest problems they see putting Microsoft Active Directory at risk.
By Kelly Sheridan Staff Editor, Dark Reading, 2/1/2018
Comment1 Comment  |  Read  |  Post a Comment
New Database Botnet Leveraged for Bitcoin Mining
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Attackers are quietly building an attack infrastructure using very sensitive machines.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/19/2017
Comment0 comments  |  Read  |  Post a Comment
Post-Breach Carnage: Worst Ways The Axe Fell in 2017
Ericka Chickowski, Contributing Writer, Dark Reading
Executive firings, stock drops, and class action settlements galore, this year was a study in real-world repercussions for cybersecurity lapses.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/11/2017
Comment0 comments  |  Read  |  Post a Comment
We're Still Not Ready for GDPR? What is Wrong With Us?
Sara Peters, Senior Editor at Dark ReadingCommentary
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
By Sara Peters Senior Editor at Dark Reading, 11/17/2017
Comment1 Comment  |  Read  |  Post a Comment
Oracle Fixes 20 Remotely Exploitable Java SE Vulns
Jai Vijayan, Freelance writerNews
Quarterly update for October is the smallest of the year: only 252 flaws to fix! Oracle advises to apply patches 'without delay.'
By Jai Vijayan Freelance writer, 10/18/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.