Application Security //

Database Security

News & Commentary
Airbus Employee Info Exposed in Data Breach
Dark Reading Staff, Quick Hits
Few details as yet on a cyberattack that hit Airbus' commercial aircraft business.
By Dark Reading Staff , 1/31/2019
Comment0 comments  |  Read  |  Post a Comment
Rubrik Data Leak is Another Cloud Misconfiguration Horror Story
Kelly Sheridan, Staff Editor, Dark ReadingNews
A server security mishap exposed vast stores of data belonging to clients of Rubrik, a security and cloud management firm.
By Kelly Sheridan Staff Editor, Dark Reading, 1/30/2019
Comment0 comments  |  Read  |  Post a Comment
Evidence in Starwood/Marriott Breach May Point to China
Dark Reading Staff, Quick Hits
Attackers used methods, tools previously used by known Chinese hackers.
By Dark Reading Staff , 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Quora Breach Exposes Information of 100 Million Users
Dark Reading Staff, Quick Hits
The massive breach has exposed passwords for millions who didn't remember having a Quora account.
By Dark Reading Staff , 12/4/2018
Comment0 comments  |  Read  |  Post a Comment
First Lawsuits Filed in Starwood Hotels' Breach
Dark Reading Staff, Quick Hits
Class-action suits have been filed on behalf of guests and shareholders, with more expected.
By Dark Reading Staff , 12/3/2018
Comment0 comments  |  Read  |  Post a Comment
Massive Starwood Hotels Breach Hits 500 Million Guests
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Among the unknowns: who is behind the breach and how many of the affected records have been sold or used by criminals.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/30/2018
Comment1 Comment  |  Read  |  Post a Comment
Incorrect Assessments of Data Value Putting Organizations at Risk
Jai Vijayan, Freelance writerNews
Information security groups often underestimate or overestimate the true value of data assets, making it harder to prioritize controls.
By Jai Vijayan Freelance writer, 11/28/2018
Comment0 comments  |  Read  |  Post a Comment
Barclays, Walmart Join New $85M Innovation Coalition
Dark Reading Staff, Quick Hits
Innovation incubator Team8 recruits major partners, investors to create new products that help businesses 'thrive by security.'
By Dark Reading Staff , 10/23/2018
Comment2 comments  |  Read  |  Post a Comment
Oracle Issues Massive Collection of Critical Security Updates
Dark Reading Staff, Quick Hits
The software updates from Oracle address a record number of vulnerabilities.
By Dark Reading Staff , 10/17/2018
Comment3 comments  |  Read  |  Post a Comment
GAO Says Equifax Missed Flaws, Intrusion in Massive Breach
Dark Reading Staff, Quick Hits
A report from the Government Accountability Office details the issues found and opportunities missed in the huge 2017 Equifax data breach.
By Dark Reading Staff , 9/10/2018
Comment1 Comment  |  Read  |  Post a Comment
T-Mobile Hit With Customer Information Hack
Dark Reading Staff, Quick Hits
Approximately 2 million users said to be affected.
By Dark Reading Staff , 8/24/2018
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.Commentary
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
By Dana Simberkoff Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc., 8/20/2018
Comment7 comments  |  Read  |  Post a Comment
Australian Teen Hacked Apple Network
Dark Reading Staff, Quick Hits
Yale Discloses Data Breach
Dark Reading Staff, Quick Hits
The university discloses that someone stole personal information a long time ago.
By Dark Reading Staff , 7/31/2018
Comment1 Comment  |  Read  |  Post a Comment
US-CERT Warns of ERP Application Hacking
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
ERP applications such as Oracle and SAP's are open to exploit and under attack, according to a new report referenced in a US-CERT warning.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/25/2018
Comment0 comments  |  Read  |  Post a Comment
HR Services Firm ComplyRight Suffers Major Data Breach
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
More than 7,500 customer companies were affected, and the number of individuals whose information was leaked is unknown.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/20/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
Sara Peters, Senior Editor at Dark ReadingNews
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
By Sara Peters Senior Editor at Dark Reading, 5/25/2018
Comment14 comments  |  Read  |  Post a Comment
Encryption is Necessary, Tools and Tips Make It Easier
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
12 Trends Shaping Identity Management
Sara Peters, Senior Editor at Dark Reading
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
By Sara Peters Senior Editor at Dark Reading, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
Making the Case for a Cybersecurity Moon Shot
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  2/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3474
PUBLISHED: 2019-02-20
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-3475
PUBLISHED: 2019-02-20
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
CVE-2019-10030
PUBLISHED: 2019-02-20
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.52 and earlier in RejectASTTransformsCustomizer.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
CVE-2019-10030
PUBLISHED: 2019-02-20
A exposure of sensitive information vulnerability exists in Jenkins Cloud Foundry Plugin 2.3.1 and earlier in AbstractCloudFoundryPushDescriptor.java that allows attackers with Overall/Read access to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through anoth...
CVE-2019-10030
PUBLISHED: 2019-02-20
A server-side request forgery vulnerability exists in Jenkins Mattermost Notification Plugin 2.6.2 and earlier in MattermostNotifier.java that allows attackers with Overall/Read permission to have Jenkins connect to an attacker-specified Mattermost server and room and send a message.