Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Database Security

News & Commentary
Inside Stealthworker: How It Compromises WordPress, Step-by-Step
Curtis Franklin Jr., Senior Editor at Dark Reading
A new wave of attacks using old malware is threatening WordPress sites that don't have strong password policies.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/12/2020
Comment0 comments  |  Read  |  Post a Comment
Amtrak Breach Rolls Over Frequent Travelers
Dark Reading Staff, Quick Hits
The breach exposed usernames and passwords of an undisclosed number of program members.
By Dark Reading Staff , 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Security 101: SQL Injection
Curtis Franklin Jr., Senior Editor at Dark Reading
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/27/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Tips for Fighting Credential Stuffing Attacks
Joan Goodchild, Contributing Writer
With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?
By Joan Goodchild Contributing Writer, 5/22/2020
Comment1 Comment  |  Read  |  Post a Comment
Security 101: Cross-Site Scripting
Curtis Franklin Jr., Senior Editor at Dark Reading
Cross-site scripting has been around longer than most security professionals have been on the job. Why is it still such an issue when we've known about it for so long?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Hackers Serve Up Stolen Credentials from Home Chef
Dark Reading Staff, Quick Hits
Some 8 million of the meal delivery company's customer records have been offered for sale on the Dark Web.
By Dark Reading Staff , 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
EasyJet Sees 9 Million Customer Email Addresses Stolen
Dark Reading Staff, Quick Hits
More than 2,000 customers also had credit card information taken in the attack.
By Dark Reading Staff , 5/19/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Target Sophos Firewalls with Zero-Day
Robert Lemos, Contributing WriterNews
Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.
By Robert Lemos Contributing Writer, 4/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Paay Misconfiguration Leaves Transaction Data Exposed
Dark Reading Staff, Quick Hits
The New York-based credit-card processor left a server without password protection for approximately three weeks.
By Dark Reading Staff , 4/23/2020
Comment0 comments  |  Read  |  Post a Comment
SFO Hit by Web Compromise
Dark Reading Staff, Quick Hits
Web app credentials were stolen in attacks on two airport websites.
By Dark Reading Staff , 4/10/2020
Comment0 comments  |  Read  |  Post a Comment
Data from 5.2M Marriott Loyalty Program Members Hit by Breach
Dark Reading Staff, Quick Hits
The data was breached through the credentials of two franchisee employees.
By Dark Reading Staff , 3/31/2020
Comment2 comments  |  Read  |  Post a Comment
Insurance Giant Chubb Might Be Ransomware Victim
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A ransomware operator claims to have successfully attacked Chubb Insurance databases.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/26/2020
Comment1 Comment  |  Read  |  Post a Comment
538 Million Weibo Users' Info for Sale on Dark Web
Dark Reading Staff, Quick Hits
The user data, which does not include passwords, purportedly comes from a mid-2019 breach.
By Dark Reading Staff , 3/23/2020
Comment0 comments  |  Read  |  Post a Comment
200M Records of US Citizens Leaked in Unprotected Database
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week.
By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2020
Comment2 comments  |  Read  |  Post a Comment
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
Dark Reading Staff, Quick Hits
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.
By Dark Reading Staff , 3/19/2020
Comment1 Comment  |  Read  |  Post a Comment
500,000 Documents Exposed in Open S3 Bucket Incident
Dark Reading Staff, Quick Hits
The open database exposed highly sensitive financial and business documents related to two financial organizations.
By Dark Reading Staff , 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
3 Data Breaches Disclosed This Week: J.Crew, T-Mobile, and Carnival
Dark Reading Staff, Quick Hits
The separate incidents show how data theft knows no market-based limits.
By Dark Reading Staff , 3/5/2020
Comment3 comments  |  Read  |  Post a Comment
Cathay Pacific Hit with Fine for Long-Lasting Breach
Dark Reading Staff, Quick Hits
The breach, which was active for four years, resulted in the theft of personal information on more than 9 million people.
By Dark Reading Staff , 3/4/2020
Comment0 comments  |  Read  |  Post a Comment
Walgreens' Mobile App Exposes Customers' Info
Dark Reading Staff, Quick Hits
An error in the app allowed some secure chat users to see medical information that wasn't theirs.
By Dark Reading Staff , 3/2/2020
Comment1 Comment  |  Read  |  Post a Comment
How to Prevent an AWS Cloud Bucket Data Leak
Curtis Franklin Jr., Senior Editor at Dark Reading
Misconfigured AWS buckets have led to huge data breaches. Following a handful of practices will help keep you from becoming the next news story.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/26/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by itbusinessnewreality
Current Conversations Thanks for good research
In reply to: Thanks
Post Your Own Reply
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...