Network Computing Dark Reading

Advertise

Application Security //

Database Security

News & Commentary

Data on Thousands of Law Enforcement Personnel Exposed in Breach

Quick Hits

Unknown hackers broke into databases of nonprofit and have posted online personal info on FBI, Secret Service, Capitol Police, US Park Police, others.

By Dark Reading Staff , 4/15/2019

0 comments | Read | Post a Comment

In Security, All Logs Are Not Created Equal

Joe Partlow, Chief Technology Officer, ReliaQuest

Commentary

Prioritizing key log sources goes a long way toward effective incident response.

By Joe Partlow Chief Technology Officer, ReliaQuest, 4/11/2019

0 comments | Read | Post a Comment

40% of Organizations Not Doing Enough to Protect Office 365 Data

News

Companies could be leaving themselves vulnerable by not using third-party data backup tools, a new report finds.

By Steve Zurier Freelance Writer, 3/28/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, As primary????? I use a cloud app for backups but with CAUTION...

Enterprise Data Encryption Hits All-time High

Quick Hits

A new report by the Ponemon Institute shows 45% of organizations have a comprehensive encryption policy in place.

By Dark Reading Staff , 3/28/2019

2 comments | Read | Post a Comment

Latest Comment: Ritu_G, You know what the scariest thing about hackers is not quite the company data,...

Tidying Expert Marie Kondo: Cybersecurity Guru?

Curtis Franklin Jr., Senior Editor at Dark Reading

News

The "KonMari" method of decluttering can be a huge step toward greater security, according to a growing number of executives.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/28/2019

8 comments | Read | Post a Comment

Latest Comment: michaelmaloney, What one really needs in order to sit down and actually get your stuff in order,...

763M Email Addresses Exposed in Latest Database Misconfiguration Episode

News

MongoDB once again used by database admin who opens unencrypted database to the whole world.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/11/2019

1 Comment | Read | Post a Comment

Latest Comment: Cypher1, Unless you have been living under a rock for the last decade, it should come...

Hackers Break into System That Houses College Application Data

Quick Hits

More than 900 colleges and universities use Slate, owned by Technolutions, to collect and manage information on applicants.

By Dark Reading Staff , 3/11/2019

4 comments | Read | Post a Comment

Latest Comment: REISEN1955, Thanks much for the clarification --- yeap, always another way in.

Debunking 5 Myths About Zero Trust Security

Torsten George, Cybersecurity Evangelist at Centrify

Commentary

Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in — if they aren't already. However, several misconceptions are impeding its adoption.

By Torsten George Cybersecurity Evangelist at Centrify, 3/7/2019

0 comments | Read | Post a Comment

Lockpath Advocates Benefits of Continuous Security Management

Commentary Video

Risk management and compliance technologies emerge from the intersection of technology, security, and regulation; continuous security management helps professionals from multiple departments and disciplines access the info they need, when they need it, according to Sam Abadir of Lockpath.

By Dark Reading Staff , 3/6/2019

0 comments | Read | Post a Comment

Airbus Employee Info Exposed in Data Breach

Quick Hits

Few details as yet on a cyberattack that hit Airbus' commercial aircraft business.

By Dark Reading Staff , 1/31/2019

0 comments | Read | Post a Comment

Rubrik Data Leak is Another Cloud Misconfiguration Horror Story

Kelly Sheridan, Staff Editor, Dark Reading

News

A server security mishap exposed vast stores of data belonging to clients of Rubrik, a security and cloud management firm.

By Kelly Sheridan Staff Editor, Dark Reading, 1/30/2019

0 comments | Read | Post a Comment

Evidence in Starwood/Marriott Breach May Point to China

Quick Hits

Attackers used methods, tools previously used by known Chinese hackers.

By Dark Reading Staff , 12/6/2018

0 comments | Read | Post a Comment

Starwood Breach Reaction Focuses on 4-Year Dwell

News

The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/5/2018

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, If we wait long enough, maybe it will go away and nobody will notice

Quora Breach Exposes Information of 100 Million Users

Quick Hits

The massive breach has exposed passwords for millions who didn't remember having a Quora account.

By Dark Reading Staff , 12/4/2018

0 comments | Read | Post a Comment

First Lawsuits Filed in Starwood Hotels' Breach

Quick Hits

Class-action suits have been filed on behalf of guests and shareholders, with more expected.

By Dark Reading Staff , 12/3/2018

0 comments | Read | Post a Comment

Massive Starwood Hotels Breach Hits 500 Million Guests

News

Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.

By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/30/2018

1 Comment | Read | Post a Comment

Latest Comment: ,

Incorrect Assessments of Data Value Putting Organizations at Risk

News

Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.

By Jai Vijayan Freelance writer, 11/28/2018

0 comments | Read | Post a Comment

Barclays, Walmart Join New $85M Innovation Coalition

Quick Hits

Innovation incubator Team8 recruits major partners, investors to create new products that help businesses 'thrive by security.'

By Dark Reading Staff , 10/23/2018

2 comments | Read | Post a Comment

Latest Comment: ChristopherJames, Companies are bound to benefit from this coalition especially as they aim to...

Oracle Issues Massive Collection of Critical Security Updates

Quick Hits

The software updates from Oracle address a record number of vulnerabilities.

By Dark Reading Staff , 10/17/2018

3 comments | Read | Post a Comment

Latest Comment: ThomasMaloney, Some users are to complacent when it comes to system updates. Since these updates...

GAO Says Equifax Missed Flaws, Intrusion in Massive Breach

Quick Hits

A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.

By Dark Reading Staff , 9/10/2018

1 Comment | Read | Post a Comment

Latest Comment: jimmy04, You are doing an amazing job.

More Stories

Current Conversations

Posted by JayceJohnson

We have essay experts who specifically help in an Essay Writing assignment for students of all educational and they provide you with their assignments before delivery of time.

In reply to: Re: Interesting Post
Post Your Own Reply

Posted by Ritu_G

You know what the scariest thing about hackers is not quite the company data, but the data of its customers. Losing some internal information can be easily rectified with little to no ramifications, but once people are ...

In reply to: It's the people's prerogative
Post Your Own Reply

Posted by michaelmaloney

What one really needs in order to sit down and actually get your stuff in order, is to actually sit down and get your stuff in order. I don't deny that Marie Kondo has got a good system for getting things started though....

In reply to: Get up and get at it
Post Your Own Reply

Posted by jessicab242

Thank you darkreading for this post.

In reply to: great post
Post Your Own Reply

Posted by REISEN1955

Delete worthy sounds like an actionable item right now --- I would call it STORAGE worthy. Data per se may get old but it should be retained offsite and on good media. This costs next to nothing really and is...

In reply to: Re: The Intrinsic Battle with Data Hygiene
Post Your Own Reply

Posted by REISEN1955

As primary????? I use a cloud app for backups but with CAUTION and have local backups, 3 of them, ready to go if something like ransomware hit my system - and i don't open suspect emails OR open suspect attachments. ...

In reply to: Backups to the cloud
Post Your Own Reply

Posted by The Governance Guru

There are many great responses to Curtis' reference of Marie Kondo's method being applied to tidying up data. However, many of them talk about keeping data for "what-if" scenarios or say that "nothing ever really happens...

In reply to: The Intrinsic Battle with Data Hygiene
Post Your Own Reply

Posted by RyanSepe

Its great that data encryption is at an all-time high. And as long as best practice encryption methods are upheld this is a viable option when securing data. Facets such as key rotation and bit elevation once technological...

In reply to: Security Department Catch All
Post Your Own Reply

Posted by REISEN1955

Thanks much for the clarification --- yeap, always another way in.

In reply to: Re: Not again
Post Your Own Reply

Posted by RyanSepe

Thanks for the summation. I wanted to read further but since I don't have a subsciption to WSJ and don't intend to unblock ads for the Washington Post I cannot. What SSO Solution was in use? This is a rather large flaw allowing...

In reply to: Re: Not again
Post Your Own Reply

Posted by Cypher1

Unless you have been living under a rock for the last decade, it should come as no suprise that PII has incredible street value. So why would any organization/company/agency even think about standing up a database...

In reply to: Encrypt by default
Post Your Own Reply

Posted by ColeMaddox

This article is click bait. The systems were not "hacked." What has been reported is that the three schools in question had a flaw in their password reset protocol that allowed unauthorized users to reset passwords. So it...

In reply to: Re: Not again
Post Your Own Reply

More Conversations

Products & Releases

Kingston to Highlight Encrypted USB Drives, Enterprise SSDs at RSA

Security Visionary Balbix Expands Its Go-to-Market Strategy through Series B Funding and New Senior Board Members and Executives

cleverDome Launches Secure Financial Services Solution at the 2017 T3 Enterprise Conference

Oracle, SafeLogic and OpenSSL Partner on Next Generation FIPS Module

67 Percent of Used Drives Sold on eBay and Craigslist Hold Personally Identifiable Information and 11 Percent Contain Sensitive Corporate Data

Digital Guardian Secures $66 Million from Leading Financial Investment Firms as Worldwide Demand for Data Protection Accelerates

Skyhigh Cloud Report: Average Healthcare Organization Uploads 6.8 TB of Data Per Month

Dataguise Introduces Big Data Security Suite for On-Premise and Cloud Deployments

More Products & Releases

Hot Topics

Editors' Choice

Russia Hacked Clinton's Computers Five Hours After Trump's Call

Robert Lemos, Technology Journalist/Data Researcher, 4/19/2019

Tips for the Aftermath of a Cyberattack

Kelly Sheridan, Staff Editor, Dark Reading, 4/17/2019

Why We Need a 'Cleaner Internet'

Darren Anstee, Chief Technology Officer at Arbor Networks, 4/19/2019

Live Events

Webinars

More UBM Tech
Live Events

Drive Your Business and Career Forward at Interop19

Interop 2019 - The Unbiased IT Conference

White Papers

A New World of IT Management in 2019

The State of Mainframe Security

Security in the New World of Containers & Serverless

6 Keys to Faster Phishing Mitigation

6 Ways Effective CISOs Are Changing their Role

More White Papers

Cartoon

Latest Comment: Bill just doesn't realize it's more than a 2 dimensional world.

Cartoon Archive

Current Issue

5 Emerging Cyber Threats to Watch for in 2019

Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Developing Secure Applications

IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.

Download Now!

The State of Cyber Security Incident Response

0 comments

How Enterprises Are Attacking the Cybersecurity Problem

0 comments

How Enterprises Are Using IT Threat Intelligence

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-7303
PUBLISHED: 2019-04-23

A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 b...

CVE-2019-7304
PUBLISHED: 2019-04-23

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.

CVE-2019-0223
PUBLISHED: 2019-04-23

While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1...

CVE-2017-12619
PUBLISHED: 2019-04-23

Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".

CVE-2018-1317
PUBLISHED: 2019-04-23

In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.

Terms of Service
Privacy Statement
Legal Entities