Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Database Security

News & Commentary
New Google Search Hacks Push Viruses & Porn
David Balaban, Editor at Privacy-PC.comCommentary
Three incidents demonstrate how cybercriminals leverage the scourge of black-hat search engine optimization to manipulate search results.
By David Balaban Editor at Privacy-PC.com, 9/22/2020
Comment0 comments  |  Read  |  Post a Comment
Deadly Ransomware Story Continues to Unfold
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A ransomware attack with fatal consequences is attracting notice and comment from around the world.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/18/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Gone Awry Has Fatal Consequences
Dark Reading Staff, Quick Hits
An attack that knocked hospital systems offline reportedly ends in death for patient who had to be sent to another facility.
By Dark Reading Staff , 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Research Finds Nearly 800,000 Access Keys Exposed Online
Dark Reading Staff, Quick Hits
The keys were primarily for access to databases and cloud services.
By Dark Reading Staff , 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Hits US District Court in Louisiana
Dark Reading Staff, Quick Hits
The ransomware attack has exposed internal documents from the court and knocked its website offline.
By Dark Reading Staff , 9/14/2020
Comment0 comments  |  Read  |  Post a Comment
Inova Suffers Third-Party Data Breach
Dark Reading Staff, Quick Hits
The breach occurred as part of a ransomware attack against service provider Blackbaud.
By Dark Reading Staff , 9/9/2020
Comment0 comments  |  Read  |  Post a Comment
Warner Music Group Admits Breach
Dark Reading Staff, Quick Hits
The months-long breach hit financial details for customers.
By Dark Reading Staff , 9/4/2020
Comment0 comments  |  Read  |  Post a Comment
Collection of Metadata -- as Done by the NSA -- Likely Unconstitutional, US Court Suggests
Robert Lemos, Contributing WriterNews
A ruling in an appeal by four men convicted of material support for terrorism finds that the National Security Agency's metadata collection program not only violated the prevailing law at the time but was also likely unconstitutional.
By Robert Lemos Contributing Writer, 9/4/2020
Comment4 comments  |  Read  |  Post a Comment
Three Easy Ways to Avoid Meow-like Database Attacks
Ron Bennatan, Co-founder & CTO of jSonarCommentary
The largest problem facing database security today is the disconnect between security teams and DBAs beginning from the moment of configuration and continuing throughout the database lifecycle.
By Ron Bennatan Co-founder & CTO of jSonar, 8/25/2020
Comment0 comments  |  Read  |  Post a Comment
University of Utah Pays in Cyber-Extortion Scheme
Dark Reading Staff, Quick Hits
Though a ransomware attempt was thwarted, the university paid to prevent the release of student PII.
By Dark Reading Staff , 8/21/2020
Comment0 comments  |  Read  |  Post a Comment
Former Uber CSO Charged in Hack Cover-up
Dark Reading Staff, Quick Hits
The charges stem from a 2016 attack in which 57 million records were breached.
By Dark Reading Staff , 8/20/2020
Comment0 comments  |  Read  |  Post a Comment
Symmetry Systems Emerges from Stealth
Dark Reading Staff, Quick Hits
Company behind Data Store and Object Security (DSOS) becomes public knowledge following a $3 million seed round of funding.
By Dark Reading Staff , 8/11/2020
Comment0 comments  |  Read  |  Post a Comment
2019 Breach Leads to $80 Million Fine for Capital One
Dark Reading Staff, Quick Hits
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Security Flaws Discovered in OKCupid Dating Service
Dark Reading Staff, Quick Hits
Researchers identified a variety of vulnerabilities in apps and websites for the popular online dating platform.
By Dark Reading Staff , 7/29/2020
Comment1 Comment  |  Read  |  Post a Comment
Avon Server Leaks User Info and Administrative Data
Dark Reading Staff, Quick Hits
An unprotected server has exposed more than 7GB of data from the beauty brand.
By Dark Reading Staff , 7/28/2020
Comment2 comments  |  Read  |  Post a Comment
ShinyHunters Offers Stolen Data on Dark Web
Dark Reading Staff, Quick Hits
The threat actor offers more than 26 million records from a series of data breaches.
By Dark Reading Staff , 7/27/2020
Comment1 Comment  |  Read  |  Post a Comment
DNA Site Leaves Records Open to Law Enforcement
Dark Reading Staff, Quick Hits
A pair of breaches reset user accounts to allow access for two days.
By Dark Reading Staff , 7/23/2020
Comment0 comments  |  Read  |  Post a Comment
Inside Stealthworker: How It Compromises WordPress, Step-by-Step
Curtis Franklin Jr., Senior Editor at Dark Reading
A new wave of attacks using old malware is threatening WordPress sites that don't have strong password policies.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/12/2020
Comment1 Comment  |  Read  |  Post a Comment
Amtrak Breach Rolls Over Frequent Travelers
Dark Reading Staff, Quick Hits
The breach exposed usernames and passwords of an undisclosed number of program members.
By Dark Reading Staff , 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Security 101: SQL Injection
Curtis Franklin Jr., Senior Editor at Dark Reading
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/27/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17098
PUBLISHED: 2020-09-30
Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior version...
CVE-2020-15731
PUBLISHED: 2020-09-30
An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448.
CVE-2020-5132
PUBLISHED: 2020-09-30
SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN au...
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.