- December 02, 2019
A security researcher found that Google's search engine hides results for misconfigured Firebase databases that are publicly accessible on the internet.
- October 11, 2019
New features to the Demisto platform include a customizable user interface, threat intelligence, database scaling and a mobile app providing chat support and updates for users.
- May 31, 2019
A security researcher disclosed a Docker bug that could allow an attacker to gain root-level access to a system. Docker signed off on the disclosure, despite a fix not yet being available.
- February 12, 2019
Davi Ottenheimer, MongoDB's head of product security, discusses his company's efforts to prevent accidental database exposures and why so many misconfigurations occur.
- July 20, 2018
News roundup: Critical Cisco vulnerabilities in Policy Suite products were patched this week. Plus, Venmo's API is set to public, exposing a trove of customer data, and more.
- December 05, 2017
A keyboard data leak by mobile developer Ai.type exposed millions of personal records through misconfigured MongoDB database settings.
- May 13, 2016
DHS US-CERT warns of a patched SAP Java vulnerability from 2010 that has enabled breaches at three dozen global enterprises due to configuration issues.
- October 22, 2015
Oracle patches 154 flaws in its quarterly update. Experts said patches need to be released faster, but Oracle stands by its release schedule.
- June 02, 2015
Researchers find that insecure implementation of cloud backups by mobile apps may affect hundreds of thousands of apps and leave as many as 56 million credentials exposed.
- March 04, 2015
NoSQL database security has taken a backseat to performance in Hadoop-based security big data analytics systems, but that may soon change thanks to growing demand and maturing NoSQL security products.
- March 02, 2015
Following the theft of data affecting about 50,000 of its drivers, Uber says it has filed a subpoena to obtain GitHub data that may pinpoint the source of its data breach.
- October 17, 2014
The October 2014 Oracle CPU delivered fixes for 154 unique bugs, with Java vulnerabilities making up the bulk of the most pressing updates.
- August 07, 2014
At Black Hat, David Litchfield skewered Oracle and its approach to security while detailing several flaws in a new Oracle database security feature.
- July 18, 2014
With another round of patches for several serious Java flaws, Oracle's quarterly CPU showed that Java security problems are not receding.
- January 27, 2014
A researcher says Oracle hasn't properly addressed long-standing Oracle Forms and Reports flaws, which could be exploited to gain remote access.
- January 21, 2014
The first Oracle Critical Patch Update of 2014 included fixes for 36 Java vulnerabilities, but only 5 Oracle Database vulnerabilities. Why so few?
- August 13, 2012
A privilege escalation flaw, which prominent security researcher David Litchfield disclosed at Black Hat, can be exploited to gain system privileges.
- July 26, 2012
At Black Hat 2012, longtime Oracle thorn David Litchfield presents working exploits targeting Oracle database indexing vulnerabilities.
- June 12, 2012
Hashing and salting passwords help deter cybercriminals from cracking them, but the goal should be to keep attackers out of the database, say security experts.
- May 24, 2012
Editor Eric B. Parizo says controversies involving Oracle security patches and InfoSec World 2012 prove the importance of differing opinions.
- May 02, 2012
Oracle's refusal to patch a zero-day in its flagship database management system is another example of how it carelessly exposes customers to risk.
- May 01, 2012
Despite the accidental release of attack code for a bug in Oracle’s database, the company won’t change the code for fear of “regression.”
- March 23, 2011
The security giant is expanding into the database security market, announcing its intention to acquire Sentrigo. The terms of the deal were not released.
- December 10, 2009
IBM's acquisition of Guardium does not validate DAM as a viable security market segment. The market has been hyped, says security expert Eric Ogren.
- November 30, 2009
Deal reportedly worth $225 million.
- September 02, 2009
Database security vendor Sentrigo today released some detail about a flaw discovered a year ago in Microsoft SQL Server that exposes passwords stored in memory as cleartext. Microsoft is not planning to patch this flaw. Sentrigo released a free ...
- August 18, 2009
Security experts see the secure software development lifecycle improving, but legacy applications and Web server flaws continue to offer a rich treasure trove for attackers.
- June 18, 2009
A new report from Forrester Research Inc. examines eight database and server data security technologies and recommends small steps that can make a big difference.
- February 09, 2009
- February 09, 2009
Customer email addresses and up to 25,000 activation codes were exposed on a server for 10 days, the antivirus vendor said.
- February 04, 2009
A new open source fuzzing tool is available to test PL/SQL applications for security vulnerabilities. The free tool was developed by database security vendor Sentrigo.
- January 14, 2009
Oracle repaired several dangerous flaws in its BEA WebLogic server line and its Secure Backup software that could be exploited by an attacker to gain access to critical files.
- January 12, 2009
Oracle's Critical Patch Update repairs several serious vulnerabilities in Oracle Secure Backup, Oracle Database, Oracle Application Server and its business suite.
- December 23, 2008
Code is publicly available targeting an unpatched flaw in SQL Server to gain access to critical files and execute malicious code.
- October 15, 2008
A severe WebLogic flaw is among 36 security fixes released by Oracle Corp. across its database, middleware and enterprise software products.
- October 02, 2008
Financial firms face the biggest threat from insiders, while security configuration flaws and vulnerable Web apps plague the high-tech, retail and the food and beverage industries.
- September 29, 2008
A new survey conducted by the Independent Oracle Users Group found that many organizations are failing to use database security tools and lock down critical systems.
- September 09, 2008
Microsoft's Bill Sisk explains why five remote code execution vulnerabilities in GDI+ affect multiple systems and third-party applications.
- July 16, 2008
NitroSecurity Inc. will integrate log management and database activity monitoring with security incident and event management (SIEM).
- July 15, 2008
Oracle released updates to repair dozens of flaws across its product line as part of its quarterly Critical Patch Update.
- June 17, 2008
Fortinet said that IPLocks' vulnerability scanning technology will help it broaden its portfolio beyond application security.
- April 16, 2008
Attackers could exploit several Oracle flaws to compromise the confidentiality and integrity of targeted systems, Symantec said hours after Oracle's April 2008 CPU was released.
- January 16, 2008
Vulnerabilities in Oracle Application Server can be exploited remotely to hijack a system, according to Oracle's latest Critical Patch Update.
- August 02, 2007
Database security researcher, David Litchfield of UK-based NGS Software will release a free Forensic Examiners Database Scalpel, he says could aid data breach investigations.
- May 31, 2007
Companies are showing increased interest in data loss prevention (DLP) products, but they won't work well unless the business needs are understood and well defined.
- May 22, 2007
While more organizations are seeking database authentication and encryption technologies, others are turning to database monitoring to secure data.
- May 07, 2007
The TJX hackers started their assault two years ago by attacking security holes in the retail giant's wireless system outside a Minnesota Marshalls.
- March 06, 2007
A database security vendor says database client-server protocols are being targeted by attackers. An analyst says enterprises are adding defenses.
- February 08, 2007
Despite the Oracle CEO's no-show, the database software giant talked up its framework for secure data sharing; meanwhile, CA's CEO called for simplified security products.
- February 05, 2007
Times have changed, and RSA Conference keynote speakers no longer need cryptography and security backgrounds. This year's headliners include several rock stars of the IT industry, along with some newcomers and several old veterans.
- August 02, 2006
Black Hat: Database security guru David Litchfield unveils 20-plus IBM Informix flaws that attackers could exploit to create malicious files, gain DBA-level privileges and access sensitive data.
- July 17, 2006
Database giant Oracle Corp. has faced mounting criticism of its security patching process during the last two years.
Its quarterly Critical Patch Updates (CPUs) are ...
- October 26, 2005
They may not be. But a new survey suggests more IT shops are taking an interest in open source options, partly because of security holes in mainstream databases.
- October 24, 2005
As database administrators digest Oracle's supersize patch release, security experts warn of unfixed flaws and at least one exploit.
- October 11, 2005
Expert Derek Melber signals a warning about securing user accounts in your domain. using Active Directory.
- September 27, 2005
Auditors are honing in on directory services to see if companies have internal controls now mandated by law.
- July 13, 2005
Oracle's last volley of patches failed to correct at least one issue it claimed to fix. An expert worries that it could happen again this quarter and wonders when other long-anticipated fixes will be issued.
- June 20, 2005
Just one day after the FTC hands down its ruling on the BJ's privacy breach, CardSystems reveals it failed to protect the data of 40 million credit card customers.
- May 29, 2005
Numerous flaws in Oracle's Metalink Knowledge Base could reveal sensitive customer reports on vulnerabilities and other matters. Other vendors may also be affected.
- November 01, 2004
Did a rush to market release insecure e-voting machines that could allow the results of tomorrow's election to be challenged?
- November 01, 2004
Political activists and IT experts fear security glitches could affect e-voting machines -- and the outcome of a close presidential race.
- August 04, 2004
Researchers have identified 34 vulnerabilities in Oracle's database; the majority of the flaws are critical.
- July 29, 2004
The second of a two-part interview with SPI Dynamics CTO Caleb Sima tells what you should fear, why and what you can do to mitigate your risk.
- July 26, 2004
SQL injection exploits may soon be as common as those targeting Windows and Unix flaws, experts say. An estimated 60% of Web applications using dynamic content are likely vulnerable, with devastating consequences for an enterprise. A presentation of...
- June 01, 2004
Your desktop AV may be leaving you wide open to attack.
- April 01, 2004
An emerging breed of database security tools is helping security teams spot attackers' favorite techniques, like SQL injection.
- January 23, 2004
This weekend marks the one-year anniversary of the debut of the SQL Slammer worm, an infamous time in information-security annals. Experts remind administrators that the lessons learned a year ago remain relevant today.
- June 13, 2003
Oracle chief security officer Mary Ann Davidson has been part of the framework at the software giant since 1988. Since then, she's gone to great lengths to make security a part of the corporate culture and has had to uphold CEO Larry Ellison's "...
- January 17, 2002
Top 10 database security headaches