Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Database Security
Page 1 / 2   >   >>
Amtrak Breach Rolls Over Frequent Travelers
Quick Hits  |  6/2/2020  | 
The breach exposed usernames and passwords of an undisclosed number of program members.
Hackers Serve Up Stolen Credentials from Home Chef
Quick Hits  |  5/21/2020  | 
Some 8 million of the meal delivery company's customer records have been offered for sale on the Dark Web.
EasyJet Sees 9 Million Customer Email Addresses Stolen
Quick Hits  |  5/19/2020  | 
More than 2,000 customers also had credit card information taken in the attack.
Attackers Target Sophos Firewalls with Zero-Day
News  |  4/27/2020  | 
Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.
Paay Misconfiguration Leaves Transaction Data Exposed
Quick Hits  |  4/23/2020  | 
The New York-based credit-card processor left a server without password protection for approximately three weeks.
SFO Hit by Web Compromise
Quick Hits  |  4/10/2020  | 
Web app credentials were stolen in attacks on two airport websites.
Data from 5.2M Marriott Loyalty Program Members Hit by Breach
Quick Hits  |  3/31/2020  | 
The data was breached through the credentials of two franchisee employees.
Insurance Giant Chubb Might Be Ransomware Victim
Quick Hits  |  3/26/2020  | 
A ransomware operator claims to have successfully attacked Chubb Insurance databases.
538 Million Weibo Users' Info for Sale on Dark Web
Quick Hits  |  3/23/2020  | 
The user data, which does not include passwords, purportedly comes from a mid-2019 breach.
200M Records of US Citizens Leaked in Unprotected Database
News  |  3/20/2020  | 
Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week.
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
Quick Hits  |  3/19/2020  | 
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.
500,000 Documents Exposed in Open S3 Bucket Incident
Quick Hits  |  3/18/2020  | 
The open database exposed highly sensitive financial and business documents related to two financial organizations.
3 Data Breaches Disclosed This Week: J.Crew, T-Mobile, and Carnival
Quick Hits  |  3/5/2020  | 
The separate incidents show how data theft knows no market-based limits.
Cathay Pacific Hit with Fine for Long-Lasting Breach
Quick Hits  |  3/4/2020  | 
The breach, which was active for four years, resulted in the theft of personal information on more than 9 million people.
Walgreens' Mobile App Exposes Customers' Info
Quick Hits  |  3/2/2020  | 
An error in the app allowed some secure chat users to see medical information that wasn't theirs.
Israel's Entire Voter Registry Exposed in Massive Incident
Quick Hits  |  2/10/2020  | 
Personal details of nearly 6.5 million Israelis were out in the open after the entire registry was uploaded to an notably insecure app.
Google Takeout Serves Up Video Files to Strangers
Quick Hits  |  2/7/2020  | 
A limited number of user videos were shared with others in a five-day incident from November.
Ashley Madison Breach Returns with Extortion Campaign
Quick Hits  |  1/31/2020  | 
The recent attack messages use new techniques to extort Bitcoin payments from Ashley Madison users hit in massive 2015 data breach.
Configuration Error Reveals 250 Million Microsoft Support Records
Quick Hits  |  1/22/2020  | 
Some the records, found on five identically configured servers, might have contained data in clear text.
FBI Seizes Domain That Sold Info Stolen in Data Breaches
Quick Hits  |  1/17/2020  | 
The website, WeLeakData.com, claimed to have more than 12 billion records gathered from over 10,000 breaches.
CCPA Kickoff: What Businesses Need to Know
News  |  1/2/2020  | 
The California Consumer Privacy Act is in full effect, prompting organizations to think about how they'll remain compliant.
'Honoring' CCPA's Binding Principles Nationally Won't Be Easy
Commentary  |  12/26/2019  | 
Even companies with the reach, capital, and innovative capacity of Microsoft or Google will struggle to adhere to the tenets of California's new consumer privacy law.
Ambiguity Around CCPA Will Lead to a Slow Start in 2020
Commentary  |  12/20/2019  | 
But longer term, compliance to California's new privacy law represents an opportunity for companies to increase customer trust and market share.
15 Million Patient Records Exposed Attack on Canadian Lab
Quick Hits  |  12/17/2019  | 
A cyberattack against LifeLabs exposed personal information on patients in Ontario and British Columbia.
Data Security Startup Satori Cyber Launches with $5.25M Seed Round
News  |  12/17/2019  | 
Satori Cyber aims to help businesses better protect and govern their information with its Secure Data Access Cloud.
SQL Server 2019 Tool Tells Attackers Which Data Is Sensitive
News  |  12/16/2019  | 
The design of SQL Data Discovery & Classification could let attackers pinpoint sensitive information while flying under organizations' radars.
The Implications of Last Week's Exposure of 1.2B Records
News  |  11/26/2019  | 
Large sums of organized data, whether public or private, are worth their weight in gold to cybercriminals.
1.2B Records Exposed in Massive Server Leak
Quick Hits  |  11/22/2019  | 
A single server leaked 4 terabytes of personal data, including social media profiles, work histories, and home and mobile phone numbers.
Disney+ Credentials Land in Dark Web Hours After Service Launch
Quick Hits  |  11/18/2019  | 
The credentials, priced from free to $11 per account, appear to be due to victims' re-use of logins and passwords.
Joker's Stash Puts $130M Price Tag on Credit Card Database
Quick Hits  |  11/11/2019  | 
A new analysis advises security teams on what they should know about the underground payment card seller.
California DMV Leak Spills Data from Thousands of Drivers
Quick Hits  |  11/6/2019  | 
Federal agencies reportedly had improper access to Social Security data belonging to 3,200 license holders.
Database Error Exposes 7.5 Million Adobe Customer Records
Quick Hits  |  10/28/2019  | 
The database was open for approximately one week before the problem was discovered.
FBI Expands Election Security Initiative
Quick Hits  |  10/24/2019  | 
The program offers resources and advice to help protect elections at every level within the US.
20M Russians' Personal Tax Records Exposed in Data Leak
Quick Hits  |  10/3/2019  | 
An unprotected Elasticsearch cluster contained personally identifiable information on Russian citizens from 2009 to 2016.
One Arrested in Ecuador's Mega Data Leak
Quick Hits  |  9/18/2019  | 
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
24.3M Unsecured Health Records Expose Patient Data, Images
Quick Hits  |  9/18/2019  | 
Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.
US Companies Unprepared for Privacy Regulations
Quick Hits  |  9/17/2019  | 
US companies are poorly prepared for even the most rudimentary privacy regulations, a new report says.
Oracle Expands Cloud Security Services at OpenWorld 2019
News  |  9/16/2019  | 
The company broadens its portfolio with new services developed to centralize and automate cloud security.
Data Leak Affects Most of Ecuador's Population
News  |  9/16/2019  | 
An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.
Job-Seeker Data Exposed in Monster File Leak
Quick Hits  |  9/6/2019  | 
The job website says it cannot notify users since the exposure occurred on a third-party organization's servers.
419M Facebook User Phone Numbers Publicly Exposed
Quick Hits  |  9/5/2019  | 
It's still unclear who owned the server storing hundreds of millions of records online without a password.
Imperva Customer Database Exposed
Quick Hits  |  8/27/2019  | 
A subset of customers for the company's Incapsula web application firewall had their email addresses, hashed/salted passwords, and more open to unauthorized access, Imperva announced.
6 Ways Airlines and Hotels Can Keep Their Networks Secure
Slideshows  |  8/27/2019  | 
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
IBM Announces Quantum Safe Encryption
Quick Hits  |  8/23/2019  | 
Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption.
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
News  |  8/21/2019  | 
Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.
Capital One: What We Should Learn This Time
News  |  8/2/2019  | 
Where Capital One went wrong, what the bank did right, and more key takeaways from the latest mega-breach.
Researcher Find Open 'Road Map' to Honda Computers
Quick Hits  |  8/1/2019  | 
An unprotected database, now secured, contained information on every computer owned by the automobile giant.
Equifax to Pay Up to $700M for Data Breach Damages
News  |  7/22/2019  | 
In a settlement with the FTC, consumers affected by the breach are eligible for up to $20,000 in a cash settlement, depending on damages they can prove.
The Security of Cloud Applications
Commentary  |  7/11/2019  | 
Despite the great success of the cloud over the last decade, misconceptions continue to persist. Here's why the naysayers are wrong.
Britain Looks to Levy Record GDPR Fine Against British Airways
News  |  7/8/2019  | 
The penalty is a sign of things to come, say experts.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/3/2020
Data Loss Spikes Under COVID-19 Lockdowns
Seth Rosenblatt, Contributing Writer,  5/28/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10548
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10549
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10546
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-10547
PUBLISHED: 2020-06-04
rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because, by default, nodes' passwords are stored in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.
CVE-2020-11094
PUBLISHED: 2020-06-04
The October CMS debugbar plugin before version 3.1.0 contains a feature where it will log all requests (and all information pertaining to each request including session data) whenever it is enabled. This presents a problem if the plugin is ever enabled on a system that is open to untrusted users as ...