Network Computing Dark Reading

Advertise

Application Security //

Database Security

News & Commentary

The Implications of Last Week's Exposure of 1.2B Records

Kelly Sheridan, Staff Editor, Dark Reading

News

Large sums of organized data, whether public or private, are worth their weight in gold to cybercriminals.

By Kelly Sheridan Staff Editor, Dark Reading, 11/26/2019

0 comments | Read | Post a Comment

1.2B Records Exposed in Massive Server Leak

Quick Hits

A single server leaked 4 terabytes of personal data, including social media profiles, work histories, and home and mobile phone numbers.

By Dark Reading Staff , 11/22/2019

0 comments | Read | Post a Comment

Disney+ Credentials Land in Dark Web Hours After Service Launch

Quick Hits

The credentials, priced from free to $11 per account, appear to be due to victims' re-use of logins and passwords.

By Dark Reading Staff , 11/18/2019

1 Comment | Read | Post a Comment

Latest Comment: RyanSepe, Disney definitely needs to incorporate MFA. I also think that MFA options need...

Joker's Stash Puts $130M Price Tag on Credit Card Database

Quick Hits

A new analysis advises security teams on what they should know about the underground payment card seller.

By Dark Reading Staff , 11/11/2019

0 comments | Read | Post a Comment

California DMV Leak Spills Data from Thousands of Drivers

Quick Hits

Federal agencies reportedly had improper access to Social Security data belonging to 3,200 license holders.

By Dark Reading Staff , 11/6/2019

0 comments | Read | Post a Comment

Database Error Exposes 7.5 Million Adobe Customer Records

Quick Hits

The database was open for approximately one week before the problem was discovered.

By Dark Reading Staff , 10/28/2019

0 comments | Read | Post a Comment

FBI Expands Election Security Initiative

Quick Hits

The program offers resources and advice to help protect elections at every level within the US.

By Dark Reading Staff , 10/24/2019

0 comments | Read | Post a Comment

20M Russians' Personal Tax Records Exposed in Data Leak

Quick Hits

An unprotected Elasticsearch cluster contained personally identifiable information on Russian citizens from 2009 to 2016.

By Dark Reading Staff , 10/3/2019

1 Comment | Read | Post a Comment

Latest Comment: amaguhn, Maybe they will find Trump's tax return, or atleast a W-2.

One Arrested in Ecuador's Mega Data Leak

Quick Hits

Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.

By Dark Reading Staff , 9/18/2019

0 comments | Read | Post a Comment

24.3M Unsecured Health Records Expose Patient Data, Images

Quick Hits

Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.

By Dark Reading Staff , 9/18/2019

0 comments | Read | Post a Comment

US Companies Unprepared for Privacy Regulations

Quick Hits

US companies are poorly prepared for even the most rudimentary privacy regulations, a new report says.

By Dark Reading Staff , 9/17/2019

0 comments | Read | Post a Comment

Oracle Expands Cloud Security Services at OpenWorld 2019

News

The company broadens its portfolio with new services developed to centralize and automate cloud security.

By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2019

0 comments | Read | Post a Comment

Data Leak Affects Most of Ecuador's Population

News

An unsecured database containing 18GB of data exposed more than 20 million records, most of which held details about Ecuadorian citizens.

By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2019

0 comments | Read | Post a Comment

Job-Seeker Data Exposed in Monster File Leak

Quick Hits

The job website says it cannot notify users since the exposure occurred on a third-party organization's servers.

By Dark Reading Staff , 9/6/2019

0 comments | Read | Post a Comment

419M Facebook User Phone Numbers Publicly Exposed

Quick Hits

It's still unclear who owned the server storing hundreds of millions of records online without a password.

By Dark Reading Staff , 9/5/2019

1 Comment | Read | Post a Comment

Latest Comment: REISEN1955, Hacked for decades - it is called a phone book and contains (GASP!) NAMES...

Imperva Customer Database Exposed

Quick Hits

A subset of customers for the company's Incapsula web application firewall had their email addresses, hashed/salted passwords, and more open to unauthorized access, Imperva announced.

By Dark Reading Staff , 8/27/2019

10 comments | Read | Post a Comment

Latest Comment: Alexix, your are right

6 Ways Airlines and Hotels Can Keep Their Networks Secure

As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.

By Steve Zurier Contributing Writer, 8/27/2019

0 comments | Read | Post a Comment

IBM Announces Quantum Safe Encryption

Quick Hits

Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption.

By Dark Reading Staff , 8/23/2019

1 Comment | Read | Post a Comment

Latest Comment: tdsan, There are numerous articles the Chinese have submitted where they have a working...

MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online

News

Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.

By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2019

1 Comment | Read | Post a Comment

Latest Comment: bwing, My question is as these organizations scale and become larger influencers why...

Capital One: What We Should Learn This Time

News

Where Capital One went wrong, what the bank did right, and more key takeaways from the latest mega-breach.

By Kelly Sheridan Staff Editor, Dark Reading, 8/2/2019

2 comments | Read | Post a Comment

Latest Comment: tdsan, At the end of the day it comes down to the following: - Setup a risk management...

More Stories

Current Conversations

Posted by [email protected]

Lots of awesome resources! Thanks for taking the time to share these. This page will definitely be bookmarked for future reference and I will be sharing with my entrepreneur friends!!<a href="https://thewellnesskafe.com">The...

In reply to: The wellness kafe
Post Your Own Reply

Posted by joshgay

thanks for sharing this info with us I found it so amazingly glad to be here

In reply to: Re: Agree with your topic
Post Your Own Reply

Posted by RyanSepe

Disney definitely needs to incorporate MFA. I also think that MFA options need to be more transparent. Some app providers do a good job of this and put up a splash screen as soon as you log into the app. It really doesn't...

In reply to: MFA needs to be an option and overly present
Post Your Own Reply

Posted by HolyFrolic

im just amazed. This is a great blog posting and very useful

In reply to: Thanks
Post Your Own Reply

Posted by dmflows

This Was A Very Helpful Post and Unique Information It Contained As Well. Thank you very much for giving this awesome post, it is a great way to fully enjoy it.

In reply to: onlineshoppingsaless.com
Post Your Own Reply

Posted by amaguhn

Maybe they will find Trump's tax return, or atleast a W-2.

In reply to: Trump
Post Your Own Reply

Posted by leo5121472313

Your blog is filled with unique good articles! I was impressed how well you express your thoughts.

In reply to: leo
Post Your Own Reply

Posted by hertavein

I am truly glad to read this webpage posts which carries lots of useful information, thanks for providing these kinds of statistics.

In reply to: Re: great post
Post Your Own Reply

Posted by TanuSaha

I am very impressed with your article. I love the way you write this article. Thank you for sharing this wonderful post with us. Also, you can visit here: Techpout

In reply to: re: Hacking Higher Education
Post Your Own Reply

Posted by REISEN1955

Hacked for decades - it is called a phone book and contains (GASP!) NAMES ----- ADDRESSES ----- PHONE NUMBERS OH MY!!!!!!!!!! Some hacks are just silly.

In reply to: On Phone Numbers
Post Your Own Reply

Posted by Alexix

your are right

In reply to: Re: More of the same
Post Your Own Reply

Posted by tdsan

Also, the question you have to ask has anyone placed a payload or have they identified any malware communicating back to "command and control" location. Someone needs to really look into the problem because I am quite sure...

In reply to: Re: More of the same
Post Your Own Reply

More Conversations

Products & Releases

Kingston to Highlight Encrypted USB Drives, Enterprise SSDs at RSA

Security Visionary Balbix Expands Its Go-to-Market Strategy through Series B Funding and New Senior Board Members and Executives

cleverDome Launches Secure Financial Services Solution at the 2017 T3 Enterprise Conference

Oracle, SafeLogic and OpenSSL Partner on Next Generation FIPS Module

67 Percent of Used Drives Sold on eBay and Craigslist Hold Personally Identifiable Information and 11 Percent Contain Sensitive Corporate Data

Digital Guardian Secures $66 Million from Leading Financial Investment Firms as Worldwide Demand for Data Protection Accelerates

Skyhigh Cloud Report: Average Healthcare Organization Uploads 6.8 TB of Data Per Month

Dataguise Introduces Big Data Security Suite for On-Premise and Cloud Deployments

More Products & Releases

Hot Topics

Editors' Choice

Navigating Security in the Cloud

Diya Jolly, Chief Product Officer, Okta, 12/4/2019

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

Cisco & Amazon Web Services to Keynote at Enterprise Connect 2020

More Informa Tech Live Events

White Papers

In Today's Age of Digital Transformation, How Does Your Firewall Measure Up?

The Future of Network Security is in the Cloud

2019 Malware Trends of the Phishing Landscape

2019 State of the Internet / Security: Media Under Assault

5 Steps to Keep Network Security Enforcement Points Secure and Up-To-Date

More White Papers

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: When I requested protection from spear phishing campaigns, I didn't quite expect this.

Cartoon Archive

Current Issue

Navigating the Deluge of Security Data

In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Rethinking Enterprise Data Defense

Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprise

0 comments

2019 Online Malware and Threats

0 comments

The State of IT Operations and Cybersecurity Operations

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-16772
PUBLISHED: 2019-12-07

The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...

CVE-2019-9464
PUBLISHED: 2019-12-06

In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...

CVE-2019-2220
PUBLISHED: 2019-12-06

In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...

CVE-2019-2221
PUBLISHED: 2019-12-06

In hasActivityInVisibleTask of WindowProcessController.java thereï¿½s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges need...

CVE-2019-2222
PUBLISHED: 2019-12-06

n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]