Database Security

TSA insider indicted on tampering charges

Angela Moscaritolo March 12, 2010

A former U.S. Transportation Security Administration (TSA) employee was indicted Wednesday for planting malicious code on a government server, which contained data about suspected terrorists that was used to screen airport workers, federal authorities said. Douglas James Duchak, 46, of Colorado Springs, Colo. was a data analyst at the TSA from 2004 to 2009. He carried out the scheme, which caused at least $5,000 in damages, after learning his employment would be terminated. If convicted, he faces up to 10 years in federal prison and a fine of up to $500,000. — AM
 

LifeLock settles with FTC over ID theft product claims

Dan Kaplan March 12, 2010

LifeLock will pay $11 million to the Federal Trade Commission (FTC) and $1 million to a group of 35 state attorneys general to settle charges that the Tempe, Ariz.-based company made false claims that its product could prevent identity theft.
 

Oracle fixes WebLogic bug; 11g flaw exposed

Dan Kaplan February 05, 2010

Oracle on Thursday released a fix for a zero-day vulnerability in its WebLogic Node Manager. The publicly released bug can allow an attacker to fully compromise a targeted server on Windows, according to an Oracle blog post. The patch does not appear to be related to researcher David Litchfield's talk this week at the Black Hat conference in Washington, D.C., where he revealed how zero-day vulnerabilities in the Oracle 11g database could be used to bypass security and take complete control of the popular software. — DK
 

Hackers accesses Iowa Racing and Gaming Commission database

Angela Moscaritolo February 03, 2010

Hackers, believed to be from China, gained access to an Iowa government database, which contained the personal information of current and former employees of Iowa's casino and racing industries.
 

Oracle preps 24 fixes for quarterly security update

Dan Kaplan January 11, 2010

Tuesday promises to bring a flurry of patching activity across enterprises, with Oracle, Adobe and Microsoft all planning fixes.
 

Lawsuit filed against RockYou over breach

Dan Kaplan December 30, 2009

A Chicago law firm and an Indiana man this week filed a class-action lawsuit against RockYou, provider of applications and services for social networking sites such as Facebook and MySpace. The company recently admitted that its databases, which contained the unencrypted usernames and passwords of 32 million users, were breached by hackers. According to a statement from the KamberEdelson law firm, the complaint alleges that RockYou failed to properly protect the sensitive information of its customers. The suit is seeking unspecified relief and damages. A RockYou spokeswoman told SCMagazineUS.com on Wednesday that the company "plans to defend itself vigorously." — DK
 

RockYou hack compromises 32 million passwords

Angela Moscaritolo December 15, 2009

A hacker was able to break into the RockYou database and hijack the account credentials of tens of millions of members.
 

Report finds enterprises failing to protect sensitive data

Angela Moscaritolo December 09, 2009

Just 40 percent of respondents in a recent survey said all of their organizations sensitive data is adequately secured.
 

Lawsuit against breached Express Scripts dismissed

Angela Moscaritolo December 04, 2009

The case was dismissed because the plaintiff could not prove that his information was actually used fraudulently following the breach of a pharmacy benefit management provider.
 

IBM confirms acquisition

Angela Moscaritolo December 01, 2009

As expected, IBM on Tuesday announced the acquisition of Waltham, Mass.-based database security start-up Guardium. IBM said the acquisition will improve its ability to help businesses safeguard sensitive information from internal threats and external hackers by continuously monitoring access to critical databases. The financial terms of the deal were not disclosed, but Israeli financial newspaper, TheMarker, estimated the buy at $225 million. — AM
 

IBM to acquire Guardium

Angela Moscaritolo November 30, 2009

IBM on Monday is expected to announce the acquisition of database security start-up Guardium for $225 million, according to reports citing Israeli financial newspaper, TheMarker, which first reported the deal. An IBM spokesman declined to comment about the deal when contacted by SCMagazineUS.com on Monday. Israeli daily Ha'aretz reported that IBM has been courting Guardium since January. Guardium has about 60 employees and was founded in Israel in 2002 but moved to Boston in 2003. — AM
 

Gov't executives cite unstructured data as top concern

Angela Moscaritolo November 18, 2009

Seventy-nine percent of federal government IT executives surveyed recently said unstructured data increases the security risk within their organization.
 

Oracle fixes 38 flaws, four earn highest severity rating

Dan Kaplan October 21, 2009

Oracle on Tuesday delivered patches to correct 38 vulnerabilities, half of which could be remotely exploited without authentication.
 

Express Scripts data breach may have hit 700,000 victims

Chuck Miller October 01, 2009

Hundreds of thousands of members of a pharmacy benefit management firm may have had their information exposed to extortionists.
 

Survey: Most organizations struggling to secure data

Angela Moscaritolo September 23, 2009

Sixty percent of IT security professionals polled in a recent study said their organization does not have sufficient resources to become PCI compliant.
 

DuPont sues employee for trade secrets data breach

Chuck Miller September 09, 2009

Industrial giant DuPont has been hit again by a malicious insider.
 

Microsoft disputes password-stealing SQL Server bug

Angela Moscaritolo September 02, 2009

Researchers at a security company say they have discovered a vulnerability in Microsoft's SQL Server, but the software giant disputes the claim.
 

Identity fraud ring busted in New York

Chuck Miller August 24, 2009

Members of an alleged fraud ring have been arraigned in New York, charged with stealing identities and obtaining $22 million of wireless phone equipment and services.
 

Survey: Data at risk in app testing and development

Angela Moscaritolo August 18, 2009

Eighty percent of organizations use real data during application testing and development, but most are not confident about their ability to protect it, according to a survey released Tuesday.
 

IT admin sentenced

Angela Moscaritolo July 15, 2009

The former IT director of the Houston-based LifeGift Organ Donation Center, who had been fired in 2005, was sentenced Wednesday to two years in prison and ordered to pay $94,222 for hacking into the computer network of the nonprofit, the U.S. Department of Justice said. Danielle Duann, 51, of Houston pleaded guilty in late April to deleting organ donation database records, accounting files and applications -- then erasing logs to conceal her actions. — AM
 

Latest News

Popular Topics
Analyst Reports & Industry Surveys Apple Threats Botnets Breaches & Exposures Browser Flaws Cybercrime Data Leakage Prevention Database Security Email Security Endpoint Protection Government Hackers Hacking Identity Theft Lawbreakers & Cybercrime Malware Patch Management Patch Tuesday Phishing Retail RSA Conference 2010 Spam Virtualization Vulnerabilities & Flaws Vulnerability Management