Database Security

Product opener: It's all about the data

Product opener: It's all about the data

By

The old notions of defense-in-depth are being challenged, and architectures tend to have what appear to be single points of failure or compromise.

Password cracking vulnerability in Oracle database

By

Attackers could link password hash with specific session key to crack users' passwords.

Database security

Database security

The strong perimeter defenses that for years defined network security have, for the most part, become merely a small inconvenience to those determined enough to get in.

Oracle plans 88 security fixes on Tuesday

By

Oracle on Tuesday is planning to release 88 patches to address vulnerabilities across a wide range of the company's products, according to an announcement.

University of North Florida gets breached again, data on 23K students at risk

By

For the second time in two years, hackers gained access to a University of North Florida (UNF) server holding the confidential information of students.

Hackers raid U. of Nebraska database with 654k Social Security nos.

By

Vandals gained access to a database containing the personal records, including Social Security numbers, of hundreds of thousands of University of Nebraska students, alumni and others connected to the school's four campuses.

Why aren't customers dropping Oracle?

Why aren't customers dropping Oracle?

In light of a controversial zero-day flaw that was never patched, customers should pressure database giant Oracle into being more dependable, transparent and timely when it comes to fixing security problems.

Oracle lists workarounds following zero-day disclosure

By

Oracle on Monday urged customers to apply a number of technical measures so organizations can avoid falling victim to a zero-day vulnerability for which proof-of-concept code has been posted.

Researcher confused over handling of Oracle database bug

By

A security researcher who reported a vulnerability in the popular Oracle database product said Thursday that his discovery was never patched and remains wide open to attack.

Oracle to issue quarterly patches next week

By

Oracle next week will release 88 new security vulnerability fixes across hundreds of its products.

Oracle to ship 79 patches next week

By

As part of its quarterly security update, Oracle on Tuesday is planning to release 79 patches to address vulnerabilities across its product line.

Best Data Leakage Prevention & Best Database Security Solution

By

Throughout the day, SC Magazine will be announcing the finalists from each of its 32 award categories, covering the Reader Trust, Professional and Excellence sections.

Oracle fixes 78 flaws; half in Database and Sun Suite

By

Oracle on Tuesday released its quarterly critical patch update to address 78 vulnerabilities, touching all of its product lines.

Bitcoin currency exchange compromised, database stolen

By

The largest Bitcoin currency exchange market, Mt.Gox, is currently offline after suffering a cyberattack that caused the market to crash.

Minding the database: Interview with Phil Neray, IBM

By

A host of high-profile breaches have defined 2011, from HBGary to Epsilon to Sony to RSA to Lockheed Martin. The motives for each attack have been different, but they all share something in common: The perpetrators wanted access to the database, where the company's crown jewels lie. Phil Neray, vice president of data security strategy at IBM, discusses why organizations must implement protections at the database level to both catch the adversaries in action and trace their footsteps for the forensic investigation.

Personal data of "X-Factor" hopefuls exposed

By

Hackers late last week broke into Fox Broadcasting Company's website, Fox.com, and accessed personal information of tens of thousands of individuals who applied to appear on "The X Factor."

Oracle readies 73 patches in security update

By

Oracle has announced plans to issue 73 patches on Tuesday as part of its quarterly security update. Some of the vulnerabilities affect multiple products.The fixes address vulnerabilities across the database giant's portfolio, and the most severe flaws reside in JRockit, part of Oracle Fusion Middleware, and in Sun GlassFish Enterprise Server, part of the Sun products suite. Oracle encouraged users to update as soon as possible to avoid exploits.

Barracuda hack highlights importance of defense-in-depth

By

The latest cyberattacks aimed at high-profile security firms underscore that any company, even those that do security for a living, can be compromised.

McAfee to acquire Sentrigo

By

McAfee announced it will acquire Sentrigo, a privately owned vendor of database security solutions with U.S. corporate headquarters in Santa Clara, Calif. Terms of the deal were not disclosed. The partnership will enable customers to protect their mission-critical database environments, according to the announcement. Following completion of the acquisition, expected to close in April 2011, Sentrigo's team will report to Stuart McClure, SVP and GM of the McAfee risk and compliance business unit. Santa Clara-based McAfee, just acquired by Intel for $7.68 billion, has bought 10 security companies in the past five years, making it the world's largest security technology company.

Hacker accesses UConn customer database

By

The University of Connecticut (UConn) is warning thousands of customers who bought merchandise at HuskyDirect.com that their credit card numbers and other sensitive information may have been stolen.

Honda warns customers of email database breach

By

Honda Motor Co. customers may be the latest victims of a database breach at a third-party email marketing solutions provider.

Exposed McDonald's data may be linked to third-party

By

Thefts of information belonging to customers of two major American chains may be traceable back to a breach at an email marketing services firm.

Hacker accesses Louisiana EMT licensing database

By

An unauthorized individual recently gained access to a Louisiana state licensing database that contained the personal information of tens of thousands of emergency medical technicians (EMTs).

Oracle issues massive quarterly update with Java fixes

By

Oracle on Tuesday released a massive quarterly security update with fixes for a number of enterprise products, as well as a separate batch of security fixes for Java.

Oracle fixes add to massive patch load expected Tuesday

By

Microsoft called, and Oracle raised. On the heels of Redmond announcing a planned record-breaking security update, the database giant has countered with plans of a monster patch delivery itself.

Microsoft confirms ASP.NET flaw, issues workaround

By

Microsoft late Friday issued a security advisory confirming the existence of an unpatched vulnerability that affects web applications built on ASP.NET.

Sensitive database compromised at Buena Vista University

By

A sensitive database at Buena Vista University in Iowa was compromised, exposing the information of students and staff.

Oracle's quarterly update resolves 59 vulnerabilities

By

Oracle's quarterly security update released Tuesday includes fixes for the popular Database Server and Solaris operating system products.

Year in prison for disgruntled former IT admin

By

A former senior database administrator at a Houston-based electric provider, who was fired three months before he hacked into the corporate network to steal personal data belonging to 150,000 customers, has been sentenced to a year in prison. According to published reports, Steven Kim, 40, was fired from his job at Gexa Electricity in January 2008. Three months later, he broke into the energy company's database to download files, containing customer data such as names, Social Security and driver's license numbers, billing addresses and birth dates. He also received three years probation and must repay his former employer $100,000. — DK

ID thief receives 30 months in prison

By

A California woman was sentenced late last week to 2 1/2 years in federal prison after pleading guilty earlier this year to charges of access device fraud, according to a news release from the U.S. Department of Justice. Stephanie Fahlgren, 33, of Sacramento accessed the database of a national life insurance company and obtained the personal and financial information of more than 114 individuals. Using the stolen information, Fahlgren opened lines of credit and credit cards in victims' names and made purchases without their consent. Another court appearance is scheduled for July 29, when a judge will determine the amount of restitution owed to the victims. — AM

Sign up to our newsletters

POLL