Database Security

Oracle to ship 79 patches next week

January 12, 2012

As part of its quarterly security update, Oracle on Tuesday is planning to release 79 patches to address vulnerabilities across its product line.
 

Best Data Leakage Prevention & Best Database Security Solution

November 08, 2011

Throughout the day, SC Magazine will be announcing the finalists from each of its 32 award categories, covering the Reader Trust, Professional and Excellence sections.
 

Oracle fixes 78 flaws; half in Database and Sun Suite

July 20, 2011

Oracle on Tuesday released its quarterly critical patch update to address 78 vulnerabilities, touching all of its product lines.
 

Bitcoin currency exchange compromised, database stolen

June 20, 2011

The largest Bitcoin currency exchange market, Mt.Gox, is currently offline after suffering a cyberattack that caused the market to crash.
 

Minding the database: Interview with Phil Neray, IBM

June 01, 2011

A host of high-profile breaches have defined 2011, from HBGary to Epsilon to Sony to RSA to Lockheed Martin. The motives for each attack have been different, but they all share something in common: The perpetrators wanted access to the database, where the company's crown jewels lie. Phil Neray, vice president of data security strategy at IBM, discusses why organizations must implement protections at the database level to both catch the adversaries in action and trace their footsteps for the forensic investigation.
 

Personal data of "X-Factor" hopefuls exposed

May 04, 2011

Hackers late last week broke into Fox Broadcasting Company's website, Fox.com, and accessed personal information of tens of thousands of individuals who applied to appear on "The X Factor."
 

Oracle readies 73 patches in security update

April 15, 2011

Oracle has announced plans to issue 73 patches on Tuesday as part of its quarterly security update. Some of the vulnerabilities affect multiple products.The fixes address vulnerabilities across the database giant's portfolio, and the most severe flaws reside in JRockit, part of Oracle Fusion Middleware, and in Sun GlassFish Enterprise Server, part of the Sun products suite. Oracle encouraged users to update as soon as possible to avoid exploits.
 

Barracuda hack highlights importance of defense-in-depth

April 14, 2011

The latest cyberattacks aimed at high-profile security firms underscore that any company, even those that do security for a living, can be compromised.
 

McAfee to acquire Sentrigo

March 23, 2011

McAfee announced it will acquire Sentrigo, a privately owned vendor of database security solutions with U.S. corporate headquarters in Santa Clara, Calif. Terms of the deal were not disclosed. The partnership will enable customers to protect their mission-critical database environments, according to the announcement. Following completion of the acquisition, expected to close in April 2011, Sentrigo's team will report to Stuart McClure, SVP and GM of the McAfee risk and compliance business unit. Santa Clara-based McAfee, just acquired by Intel for $7.68 billion, has bought 10 security companies in the past five years, making it the world's largest security technology company.
 

Hacker accesses UConn customer database

January 20, 2011

The University of Connecticut (UConn) is warning thousands of customers who bought merchandise at HuskyDirect.com that their credit card numbers and other sensitive information may have been stolen.
 

Honda warns customers of email database breach

December 30, 2010

Honda Motor Co. customers may be the latest victims of a database breach at a third-party email marketing solutions provider.
 

Exposed McDonald's data may be linked to third-party

December 15, 2010

Thefts of information belonging to customers of two major American chains may be traceable back to a breach at an email marketing services firm.
 

Hacker accesses Louisiana EMT licensing database

November 09, 2010

An unauthorized individual recently gained access to a Louisiana state licensing database that contained the personal information of tens of thousands of emergency medical technicians (EMTs).
 

Oracle issues massive quarterly update with Java fixes

October 13, 2010

Oracle on Tuesday released a massive quarterly security update with fixes for a number of enterprise products, as well as a separate batch of security fixes for Java.
 

Oracle fixes add to massive patch load expected Tuesday

October 08, 2010

Microsoft called, and Oracle raised. On the heels of Redmond announcing a planned record-breaking security update, the database giant has countered with plans of a monster patch delivery itself.
 

Microsoft confirms ASP.NET flaw, issues workaround

September 20, 2010

Microsoft late Friday issued a security advisory confirming the existence of an unpatched vulnerability that affects web applications built on ASP.NET.
 

Sensitive database compromised at Buena Vista University

July 21, 2010

A sensitive database at Buena Vista University in Iowa was compromised, exposing the information of students and staff.
 

Oracle's quarterly update resolves 59 vulnerabilities

July 14, 2010

Oracle's quarterly security update released Tuesday includes fixes for the popular Database Server and Solaris operating system products.
 

Year in prison for disgruntled former IT admin

July 07, 2010

A former senior database administrator at a Houston-based electric provider, who was fired three months before he hacked into the corporate network to steal personal data belonging to 150,000 customers, has been sentenced to a year in prison. According to published reports, Steven Kim, 40, was fired from his job at Gexa Electricity in January 2008. Three months later, he broke into the energy company's database to download files, containing customer data such as names, Social Security and driver's license numbers, billing addresses and birth dates. He also received three years probation and must repay his former employer $100,000. — DK
 

ID thief receives 30 months in prison

June 28, 2010

A California woman was sentenced late last week to 2 1/2 years in federal prison after pleading guilty earlier this year to charges of access device fraud, according to a news release from the U.S. Department of Justice. Stephanie Fahlgren, 33, of Sacramento accessed the database of a national life insurance company and obtained the personal and financial information of more than 114 individuals. Using the stolen information, Fahlgren opened lines of credit and credit cards in victims' names and made purchases without their consent. Another court appearance is scheduled for July 29, when a judge will determine the amount of restitution owed to the victims. — AM
 

Protecting databases: Interview with Thom VanHorn, vice president of marketing for Application Security Inc.

June 24, 2010

SC Magazine's Angela Moscaritolo learns from Application Security Inc.'s Thom VanHorn of the latest trends around database security. A majority of the attacks come from insiders, but external attacks are quite prevalent as well. For example, government databases undergo constant "probing" from adversaries.
 

Oracle buys Secerno for database firewall technology

May 20, 2010

Database giant Oracle announced Thursday it plans to acquire U.K.-based Secerno, maker of database firewall solutions. The deal, expected to close in June, will enhance Oracle's portfolio of security solutions, which includes Advanced Security, Database Vault and Audit Vault, to further protect against threats and ensure compliance. "Secerno's database firewall product acts as a first line of defense against external threats and unauthorized internal access with a protective perimeter around Oracle and non-Oracle databases," said Andrew Mendelsohn, senior VP of Oracle Database Server Technologies. Terms of the buy were not disclosed. In November, IBM acquired database security vendor Guardium. — DK
 

Oracle issues critical patch update for 47 flaws

April 14, 2010

Oracle on Tuesday issued a critical patch update to correct 47 vulnerabilities across several of its portfolios, including the newly acquired Sun product line.
 

TSA insider indicted on tampering charges

March 12, 2010

A former U.S. Transportation Security Administration (TSA) employee was indicted Wednesday for planting malicious code on a government server, which contained data about suspected terrorists that was used to screen airport workers, federal authorities said. Douglas James Duchak, 46, of Colorado Springs, Colo. was a data analyst at the TSA from 2004 to 2009. He carried out the scheme, which caused at least $5,000 in damages, after learning his employment would be terminated. If convicted, he faces up to 10 years in federal prison and a fine of up to $500,000. — AM
 

LifeLock settles with FTC over ID theft product claims

March 12, 2010

LifeLock will pay $11 million to the Federal Trade Commission (FTC) and $1 million to a group of 35 state attorneys general to settle charges that the Tempe, Ariz.-based company made false claims that its product could prevent identity theft.
 

Oracle fixes WebLogic bug; 11g flaw exposed

February 05, 2010

Oracle on Thursday released a fix for a zero-day vulnerability in its WebLogic Node Manager. The publicly released bug can allow an attacker to fully compromise a targeted server on Windows, according to an Oracle blog post. The patch does not appear to be related to researcher David Litchfield's talk this week at the Black Hat conference in Washington, D.C., where he revealed how zero-day vulnerabilities in the Oracle 11g database could be used to bypass security and take complete control of the popular software. — DK
 

Hackers accesses Iowa Racing and Gaming Commission database

February 03, 2010

Hackers, believed to be from China, gained access to an Iowa government database, which contained the personal information of current and former employees of Iowa's casino and racing industries.
 

Oracle preps 24 fixes for quarterly security update

January 11, 2010

Tuesday promises to bring a flurry of patching activity across enterprises, with Oracle, Adobe and Microsoft all planning fixes.
 

Lawsuit filed against RockYou over breach

December 30, 2009

A Chicago law firm and an Indiana man this week filed a class-action lawsuit against RockYou, provider of applications and services for social networking sites such as Facebook and MySpace. The company recently admitted that its databases, which contained the unencrypted usernames and passwords of 32 million users, were breached by hackers. According to a statement from the KamberEdelson law firm, the complaint alleges that RockYou failed to properly protect the sensitive information of its customers. The suit is seeking unspecified relief and damages. A RockYou spokeswoman told SCMagazineUS.com on Wednesday that the company "plans to defend itself vigorously." — DK
 

RockYou hack compromises 32 million passwords

December 15, 2009

A hacker was able to break into the RockYou database and hijack the account credentials of tens of millions of members.
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Phishing Retail Rootkits SC Awards 2012 Trojans