Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security //

Database Security

News & Commentary
Inside Stealthworker: How It Compromises WordPress, Step-by-Step
Curtis Franklin Jr., Senior Editor at Dark Reading
A new wave of attacks using old malware is threatening WordPress sites that don't have strong password policies.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/12/2020
Comment0 comments  |  Read  |  Post a Comment
Amtrak Breach Rolls Over Frequent Travelers
Dark Reading Staff, Quick Hits
The breach exposed usernames and passwords of an undisclosed number of program members.
By Dark Reading Staff , 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
Security 101: SQL Injection
Curtis Franklin Jr., Senior Editor at Dark Reading
A carefully crafted attack can convince a database to reveal all its secrets. Understanding the basics of what the attack looks like and how to protect against it can go a long way toward limiting the threat.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/27/2020
Comment1 Comment  |  Read  |  Post a Comment
5 Tips for Fighting Credential Stuffing Attacks
Joan Goodchild, Contributing Writer
With stolen credentials an easy find online, what are some measures to put in place to keep hackers from breaking into secure accounts?
By Joan Goodchild Contributing Writer, 5/22/2020
Comment1 Comment  |  Read  |  Post a Comment
Security 101: Cross-Site Scripting
Curtis Franklin Jr., Senior Editor at Dark Reading
Cross-site scripting has been around longer than most security professionals have been on the job. Why is it still such an issue when we've known about it for so long?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
Hackers Serve Up Stolen Credentials from Home Chef
Dark Reading Staff, Quick Hits
Some 8 million of the meal delivery company's customer records have been offered for sale on the Dark Web.
By Dark Reading Staff , 5/21/2020
Comment0 comments  |  Read  |  Post a Comment
EasyJet Sees 9 Million Customer Email Addresses Stolen
Dark Reading Staff, Quick Hits
More than 2,000 customers also had credit card information taken in the attack.
By Dark Reading Staff , 5/19/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Target Sophos Firewalls with Zero-Day
Robert Lemos, Contributing WriterNews
Remote exploit compromises specific configurations of XG firewalls with the intent of stealing data from the devices.
By Robert Lemos Contributing Writer, 4/27/2020
Comment1 Comment  |  Read  |  Post a Comment
Paay Misconfiguration Leaves Transaction Data Exposed
Dark Reading Staff, Quick Hits
The New York-based credit-card processor left a server without password protection for approximately three weeks.
By Dark Reading Staff , 4/23/2020
Comment0 comments  |  Read  |  Post a Comment
SFO Hit by Web Compromise
Dark Reading Staff, Quick Hits
Web app credentials were stolen in attacks on two airport websites.
By Dark Reading Staff , 4/10/2020
Comment0 comments  |  Read  |  Post a Comment
Data from 5.2M Marriott Loyalty Program Members Hit by Breach
Dark Reading Staff, Quick Hits
The data was breached through the credentials of two franchisee employees.
By Dark Reading Staff , 3/31/2020
Comment2 comments  |  Read  |  Post a Comment
Insurance Giant Chubb Might Be Ransomware Victim
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A ransomware operator claims to have successfully attacked Chubb Insurance databases.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/26/2020
Comment1 Comment  |  Read  |  Post a Comment
538 Million Weibo Users' Info for Sale on Dark Web
Dark Reading Staff, Quick Hits
The user data, which does not include passwords, purportedly comes from a mid-2019 breach.
By Dark Reading Staff , 3/23/2020
Comment0 comments  |  Read  |  Post a Comment
200M Records of US Citizens Leaked in Unprotected Database
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers have not determined who owns the database, which was one of several large exposed instances disclosed this week.
By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2020
Comment2 comments  |  Read  |  Post a Comment
Misconfigured Elasticsearch Instance Exposes More Than 5 Billion Records
Dark Reading Staff, Quick Hits
The collections contained information collected by a UK research firm on data breaches from the years 2012 to 2019.
By Dark Reading Staff , 3/19/2020
Comment1 Comment  |  Read  |  Post a Comment
500,000 Documents Exposed in Open S3 Bucket Incident
Dark Reading Staff, Quick Hits
The open database exposed highly sensitive financial and business documents related to two financial organizations.
By Dark Reading Staff , 3/18/2020
Comment0 comments  |  Read  |  Post a Comment
3 Data Breaches Disclosed This Week: J.Crew, T-Mobile, and Carnival
Dark Reading Staff, Quick Hits
The separate incidents show how data theft knows no market-based limits.
By Dark Reading Staff , 3/5/2020
Comment3 comments  |  Read  |  Post a Comment
Cathay Pacific Hit with Fine for Long-Lasting Breach
Dark Reading Staff, Quick Hits
The breach, which was active for four years, resulted in the theft of personal information on more than 9 million people.
By Dark Reading Staff , 3/4/2020
Comment0 comments  |  Read  |  Post a Comment
Walgreens' Mobile App Exposes Customers' Info
Dark Reading Staff, Quick Hits
An error in the app allowed some secure chat users to see medical information that wasn't theirs.
By Dark Reading Staff , 3/2/2020
Comment1 Comment  |  Read  |  Post a Comment
How to Prevent an AWS Cloud Bucket Data Leak
Curtis Franklin Jr., Senior Editor at Dark Reading
Misconfigured AWS buckets have led to huge data breaches. Following a handful of practices will help keep you from becoming the next news story.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/26/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by itbusinessnewreality
Current Conversations Thanks for good research
In reply to: Thanks
Post Your Own Reply
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5595
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute...
CVE-2020-5596
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a mali...
CVE-2020-5597
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products o...
CVE-2020-5598
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop ...
CVE-2020-5599
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remo...