News

Database security

• May 31, 2019 31 May'19

  Docker vulnerability with no patch could allow root access

  A security researcher disclosed a Docker bug that could allow an attacker to gain root-level access to a system. Docker signed off on the disclosure, despite a fix not yet being available.

• February 12, 2019 12 Feb'19

  MongoDB security head addresses database exposures

  Davi Ottenheimer, MongoDB's head of product security, discusses his company's efforts to prevent accidental database exposures and why so many misconfigurations occur.

• July 20, 2018 20 Jul'18

  Critical Cisco vulnerabilities patched in Policy Suite

  News roundup: Critical Cisco vulnerabilities in Policy Suite products were patched this week. Plus, Venmo's API is set to public, exposing a trove of customer data, and more.

• December 05, 2017 05 Dec'17

  Keyboard data leak exposes millions of personal records

  A keyboard data leak by mobile developer Ai.type exposed millions of personal records through misconfigured MongoDB database settings.

• May 13, 2016 13 May'16

  DHS warns on actively exploited SAP Java vulnerability

  DHS US-CERT warns of a patched SAP Java vulnerability from 2010 that has enabled breaches at three dozen global enterprises due to configuration issues.

• October 22, 2015 22 Oct'15

  Experts say Oracle patches need to be faster

  Oracle patches 154 flaws in its quarterly update. Experts said patches need to be released faster, but Oracle stands by its release schedule.

• June 02, 2015 02 Jun'15

  Insecure mobile cloud backups leave millions of credentials exposed

  Researchers find that insecure implementation of cloud backups by mobile apps may affect hundreds of thousands of apps and leave as many as 56 million credentials exposed.

• March 04, 2015 04 Mar'15

  Maturing NoSQL database security is key to big data analytics

  NoSQL database security has taken a backseat to performance in Hadoop-based security big data analytics systems, but that may soon change thanks to growing demand and maturing NoSQL security products.

• March 02, 2015 02 Mar'15

  Uber database breach source of stolen driver information

  Following the theft of data affecting about 50,000 of its drivers, Uber says it has filed a subpoena to obtain GitHub data that may pinpoint the source of its data breach.

• October 17, 2014 17 Oct'14

  October 2014 Oracle CPU fixes 25 Java vulnerabilities, 154 total flaws

  The October 2014 Oracle CPU delivered fixes for 154 unique bugs, with Java vulnerabilities making up the bulk of the most pressing updates.

• August 07, 2014 07 Aug'14

  Oracle's data redaction security feature riddled with flaws

  At Black Hat, David Litchfield skewered Oracle and its approach to security while detailing several flaws in a new Oracle database security feature.

• July 18, 2014 18 Jul'14

  July 2014 Oracle CPU: Java security problems persist

  With another round of patches for several serious Java flaws, Oracle's quarterly CPU showed that Java security problems are not receding.

• January 27, 2014 27 Jan'14

  Researcher releases critical Oracle Forms and Reports vulnerabilities

  A researcher says Oracle hasn't properly addressed long-standing Oracle Forms and Reports flaws, which could be exploited to gain remote access.

• January 21, 2014 21 Jan'14

  January 2014 Oracle CPU fixes 36 Java vulnerabilities, 144 total

  The first Oracle Critical Patch Update of 2014 included fixes for 36 Java vulnerabilities, but only 5 Oracle Database vulnerabilities. Why so few?

• August 13, 2012 13 Aug'12

  Oracle security advisory addresses Black Hat database flaw disclosure

  A privilege escalation flaw, which prominent security researcher David Litchfield disclosed at Black Hat, can be exploited to gain system privileges.