The old notions of defense-in-depth are being challenged, and architectures tend to have what appear to be single points of failure or compromise.
Attackers could link password hash with specific session key to crack users' passwords.
The strong perimeter defenses that for years defined network security have, for the most part, become merely a small inconvenience to those determined enough to get in.
Oracle on Tuesday is planning to release 88 patches to address vulnerabilities across a wide range of the company's products, according to an announcement.
For the second time in two years, hackers gained access to a University of North Florida (UNF) server holding the confidential information of students.
Vandals gained access to a database containing the personal records, including Social Security numbers, of hundreds of thousands of University of Nebraska students, alumni and others connected to the school's four campuses.
In light of a controversial zero-day flaw that was never patched, customers should pressure database giant Oracle into being more dependable, transparent and timely when it comes to fixing security problems.
Oracle on Monday urged customers to apply a number of technical measures so organizations can avoid falling victim to a zero-day vulnerability for which proof-of-concept code has been posted.
A security researcher who reported a vulnerability in the popular Oracle database product said Thursday that his discovery was never patched and remains wide open to attack.
Oracle next week will release 88 new security vulnerability fixes across hundreds of its products.
As part of its quarterly security update, Oracle on Tuesday is planning to release 79 patches to address vulnerabilities across its product line.
Throughout the day, SC Magazine will be announcing the finalists from each of its 32 award categories, covering the Reader Trust, Professional and Excellence sections.
Oracle on Tuesday released its quarterly critical patch update to address 78 vulnerabilities, touching all of its product lines.
The largest Bitcoin currency exchange market, Mt.Gox, is currently offline after suffering a cyberattack that caused the market to crash.
A host of high-profile breaches have defined 2011, from HBGary to Epsilon to Sony to RSA to Lockheed Martin. The motives for each attack have been different, but they all share something in common: The perpetrators wanted access to the database, where the company's crown jewels lie. Phil Neray, vice president of data security strategy at IBM, discusses why organizations must implement protections at the database level to both catch the adversaries in action and trace their footsteps for the forensic investigation.
Hackers late last week broke into Fox Broadcasting Company's website, Fox.com, and accessed personal information of tens of thousands of individuals who applied to appear on "The X Factor."
Oracle has announced plans to issue 73 patches on Tuesday as part of its quarterly security update. Some of the vulnerabilities affect multiple products.The fixes address vulnerabilities across the database giant's portfolio, and the most severe flaws reside in JRockit, part of Oracle Fusion Middleware, and in Sun GlassFish Enterprise Server, part of the Sun products suite. Oracle encouraged users to update as soon as possible to avoid exploits.
The latest cyberattacks aimed at high-profile security firms underscore that any company, even those that do security for a living, can be compromised.
McAfee announced it will acquire Sentrigo, a privately owned vendor of database security solutions with U.S. corporate headquarters in Santa Clara, Calif. Terms of the deal were not disclosed. The partnership will enable customers to protect their mission-critical database environments, according to the announcement. Following completion of the acquisition, expected to close in April 2011, Sentrigo's team will report to Stuart McClure, SVP and GM of the McAfee risk and compliance business unit. Santa Clara-based McAfee, just acquired by Intel for $7.68 billion, has bought 10 security companies in the past five years, making it the world's largest security technology company.
The University of Connecticut (UConn) is warning thousands of customers who bought merchandise at HuskyDirect.com that their credit card numbers and other sensitive information may have been stolen.
Honda Motor Co. customers may be the latest victims of a database breach at a third-party email marketing solutions provider.
Thefts of information belonging to customers of two major American chains may be traceable back to a breach at an email marketing services firm.
An unauthorized individual recently gained access to a Louisiana state licensing database that contained the personal information of tens of thousands of emergency medical technicians (EMTs).
Oracle on Tuesday released a massive quarterly security update with fixes for a number of enterprise products, as well as a separate batch of security fixes for Java.
Microsoft called, and Oracle raised. On the heels of Redmond announcing a planned record-breaking security update, the database giant has countered with plans of a monster patch delivery itself.
Microsoft late Friday issued a security advisory confirming the existence of an unpatched vulnerability that affects web applications built on ASP.NET.
A sensitive database at Buena Vista University in Iowa was compromised, exposing the information of students and staff.
Oracle's quarterly security update released Tuesday includes fixes for the popular Database Server and Solaris operating system products.
A former senior database administrator at a Houston-based electric provider, who was fired three months before he hacked into the corporate network to steal personal data belonging to 150,000 customers, has been sentenced to a year in prison. According to published reports, Steven Kim, 40, was fired from his job at Gexa Electricity in January 2008. Three months later, he broke into the energy company's database to download files, containing customer data such as names, Social Security and driver's license numbers, billing addresses and birth dates. He also received three years probation and must repay his former employer $100,000. — DK
A California woman was sentenced late last week to 2 1/2 years in federal prison after pleading guilty earlier this year to charges of access device fraud, according to a news release from the U.S. Department of Justice. Stephanie Fahlgren, 33, of Sacramento accessed the database of a national life insurance company and obtained the personal and financial information of more than 114 individuals. Using the stolen information, Fahlgren opened lines of credit and credit cards in victims' names and made purchases without their consent. Another court appearance is scheduled for July 29, when a judge will determine the amount of restitution owed to the victims. — AM
Sign up to our newsletters
SC Magazine Articles
- APT operation 'Double Tap' exploits serious Windows OLE bug
- 'DoubleDirect' MitM attack affects iOS, Android and OS X users
- Man gets 18 months in prison for accessing Subway POS devices, loading up gift cards
- The Internet of Things (IoT) will fail if security has no context
- Regin: nation-state possibly behind the stealthy modular spying malware
- Operators disable firewall features to increase network performance, survey finds
- DDoS attacks cost organizations $40,000 per hour, survey finds
- Waste no time patching Windows Schannel, OLE bugs, experts warn
- Study: 68 percent of healthcare breaches caused by loss or theft of devices, files
- Spin.com redirects to Rig Exploit Kit, infects users with malware, Symantec observes
- Syrian Electronic Army redirects Gigya, briefly compromises media sites on Thanksgiving Day
- Study: 'High priority' issues hamper endpoint security solution implementation
- Researchers identify POS malware targeting ticket machines, electronic kiosks
- Pirated Joomla, WordPress, Drupal themes and plugins contain CryptoPHP backdoor
- DDoS attacks grew in size, threats became more complex, Q3 reports say