News
Database security
- February 12, 2019
12 Feb'19
MongoDB security head addresses database exposures
Davi Ottenheimer, MongoDB's head of product security, discusses his company's efforts to prevent accidental database exposures and why so many misconfigurations occur.
- July 20, 2018
20 Jul'18
Critical Cisco vulnerabilities patched in Policy Suite
News roundup: Critical Cisco vulnerabilities in Policy Suite products were patched this week. Plus, Venmo's API is set to public, exposing a trove of customer data, and more.
- December 05, 2017
05 Dec'17
Keyboard data leak exposes millions of personal records
A keyboard data leak by mobile developer Ai.type exposed millions of personal records through misconfigured MongoDB database settings.
-
- May 13, 2016
13 May'16
DHS warns on actively exploited SAP Java vulnerability
DHS US-CERT warns of a patched SAP Java vulnerability from 2010 that has enabled breaches at three dozen global enterprises due to configuration issues.
- October 22, 2015
22 Oct'15
Experts say Oracle patches need to be faster
Oracle patches 154 flaws in its quarterly update. Experts said patches need to be released faster, but Oracle stands by its release schedule.
- June 02, 2015
02 Jun'15
Insecure mobile cloud backups leave millions of credentials exposed
Researchers find that insecure implementation of cloud backups by mobile apps may affect hundreds of thousands of apps and leave as many as 56 million credentials exposed.
- March 04, 2015
04 Mar'15
Maturing NoSQL database security is key to big data analytics
NoSQL database security has taken a backseat to performance in Hadoop-based security big data analytics systems, but that may soon change thanks to growing demand and maturing NoSQL security products.
- March 02, 2015
02 Mar'15
Uber database breach source of stolen driver information
Following the theft of data affecting about 50,000 of its drivers, Uber says it has filed a subpoena to obtain GitHub data that may pinpoint the source of its data breach.
- October 17, 2014
17 Oct'14
October 2014 Oracle CPU fixes 25 Java vulnerabilities, 154 total flaws
The October 2014 Oracle CPU delivered fixes for 154 unique bugs, with Java vulnerabilities making up the bulk of the most pressing updates.
- August 07, 2014
07 Aug'14
Oracle's data redaction security feature riddled with flaws
At Black Hat, David Litchfield skewered Oracle and its approach to security while detailing several flaws in a new Oracle database security feature.
-
- July 18, 2014
18 Jul'14
July 2014 Oracle CPU: Java security problems persist
With another round of patches for several serious Java flaws, Oracle's quarterly CPU showed that Java security problems are not receding.
- January 27, 2014
27 Jan'14
Researcher releases critical Oracle Forms and Reports vulnerabilities
A researcher says Oracle hasn't properly addressed long-standing Oracle Forms and Reports flaws, which could be exploited to gain remote access.
- January 21, 2014
21 Jan'14
January 2014 Oracle CPU fixes 36 Java vulnerabilities, 144 total
The first Oracle Critical Patch Update of 2014 included fixes for 36 Java vulnerabilities, but only 5 Oracle Database vulnerabilities. Why so few?
- August 13, 2012
13 Aug'12
Oracle security advisory addresses Black Hat database flaw disclosure
A privilege escalation flaw, which prominent security researcher David Litchfield disclosed at Black Hat, can be exploited to gain system privileges.
- July 26, 2012
26 Jul'12
Black Hat 2012: David Litchfield slams Oracle database indexing
At Black Hat 2012, longtime Oracle thorn David Litchfield presents working exploits targeting Oracle database indexing vulnerabilities.