News & Commentary

Latest Content tagged with Cloud
Page 1 / 2   >   >>
Shadow IT, IaaS & the Security Imperative
Commentary  |  1/21/2019  | 
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.
GDPR Suit Filed Against Amazon, Apple
Quick Hits  |  1/18/2019  | 
An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.
8 Tips for Monitoring Cloud Security
Slideshows  |  1/18/2019  | 
Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Commentary  |  1/17/2019  | 
The network no longer provides an air gap against external threats, but access devices can take up the slack.
Former IBM Security Execs Launch Cloud Data Security Startup
News  |  1/15/2019  | 
Sonrai Security, the brainchild of two execs from IBM Security and Q1 Labs, debuts with $18.5 million in Series A funding.
Who Takes Responsibility for Cyberattacks in the Cloud?
News  |  1/11/2019  | 
A new CSA report addresses the issue of breach responsibility as more organizations move ERP application data the cloud.
Reddit Alerts Users to Possible Account Breaches
Quick Hits  |  1/10/2019  | 
User lockouts, combined with requirements for new passwords, indicate an attack on accounts at the popular social media platform.
Container Deployments Bring Security Woes at DevOps Speed
News  |  1/9/2019  | 
Nearly half of all companies know that they're deploying containers with security flaws, according to a new survey.
Security at the Speed of DevOps: Maturity, Orchestration, and Detection
Commentary  |  1/9/2019  | 
Container and microservices technologies, including the orchestrator Kubernetes, create an extraordinary opportunity to build infrastructure and applications that are secure by design.
New 'Crypto Dusting' Attack Gives Cash, Takes Reputation
News  |  1/8/2019  | 
This new form of crypto wallet fraud enlists unwary consumers and companies to help defeat anti-money laundering methods for law enforcement and regulators.
Your Life Is the Attack Surface: The Risks of IoT
Commentary  |  1/8/2019  | 
To protect yourself, you must know where you're vulnerable and these tips can help.
Sophos Buys Cloud Security Company
Quick Hits  |  1/8/2019  | 
Deal gives Sophos a new AI-based cloud security platform.
Report: Consumers Buy New Smart Devices But Don't Trust Them
Quick Hits  |  1/7/2019  | 
The gap between acceptance and trust for new smart devices is huge, according to a new survey.
Managing Security in Today's Compliance and Regulatory Environment
Commentary  |  1/4/2019  | 
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
Attackers Use Google Cloud to Target US, UK Banks
Quick Hits  |  12/26/2018  | 
Employees at financial services firms hit with an email attack campaign abusing a Google Cloud storage service.
Spending Spree: What's on Security Investors' Minds for 2019
News  |  12/26/2018  | 
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
Security 101: How Businesses and Schools Bridge the Talent Gap
News  |  12/20/2018  | 
Security experts share the skills companies are looking for, the skills students are learning, and how to best find talent you need.
US Indicts 2 APT10 Members for Years-Long Hacking Campaign
Quick Hits  |  12/20/2018  | 
In an indictment unsealed this morning, the US ties China's state security agency to a widespread campaign of personal and corporate information theft.
How to Remotely Brick a Server
News  |  12/19/2018  | 
Researchers demonstrate the process of remotely bricking a server, which carries serious and irreversible consequences for businesses.
Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots
Commentary  |  12/19/2018  | 
While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
Shhhhh! The Secret to Secrets Management
Commentary  |  12/17/2018  | 
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
Who Are You, Really? A Peek at the Future of Identity
News  |  12/14/2018  | 
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
2019 Attacker Playbook
Slideshows  |  12/14/2018  | 
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
Education Gets an 'F' for Cybersecurity
Quick Hits  |  12/13/2018  | 
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
Bug Hunting Paves Path to Infosec Careers
News  |  12/12/2018  | 
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
Arctic Wolf Buys RootSecure
Quick Hits  |  12/12/2018  | 
The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.
49% of Cloud Databases Left Unencrypted
News  |  12/11/2018  | 
Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.
New Google+ Breach Will Lead to Early Service Shutdown
Quick Hits  |  12/10/2018  | 
A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.
6 Cloud Security Predictions for 2019
Commentary  |  12/10/2018  | 
How the fast pace of cloud computing adoption in 2018 will dramatically change the security landscape next year.
'Simplify Everything': Google Talks Container Security in 2019
News  |  12/7/2018  | 
Google Cloud's container security lead shares predictions, best practices, and what's top of mind for customers.
Kubernetes Vulnerability Hits Top of Severity Scale
News  |  12/6/2018  | 
The security issue strikes at some of the basic reasons for the rising popularity of containers as an architecture and Kubernetes as an orchestration mechanism.
A Shift from Cybersecurity to Cyber Resilience: 6 Steps
Commentary  |  12/5/2018  | 
Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.
Google Cloud Security Command Center Now in Beta
News  |  12/5/2018  | 
The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.
Microsoft, Mastercard Aim to Change Identity Management
News  |  12/3/2018  | 
A new partnership wants to improve how people use and manage the virtual identities that govern their lives online.
Anti-Botnet Guide Aims to Tackle Automated Threats
News  |  11/29/2018  | 
The international guide is intended to help organizations defend their networks and systems from automated and distributed attacks.
New Report Details Rise, Spread of Email-based Attacks
News  |  11/29/2018  | 
Criminals are diversifying their target list and tactics in a continuing effort to keep email a valuable attack vector against enterprise victims.
Amazon Rolls Out AWS Security Hub
Quick Hits  |  11/28/2018  | 
New security platform aggregates information from Amazon Web Services cloud accounts and third-party tools.
Another Microsoft MFA Outage Affects Multiple Services
Quick Hits  |  11/27/2018  | 
Once again, multifactor authentication issues have caused login problems for users across Office 365 and Azure, among other services.
Amazon Low-Key Reveals Breach of Some Customer Data
Quick Hits  |  11/21/2018  | 
'Technical error' exposed names and email addresses.
Report: Tens of Thousands of E-Commerce Sites at Heightened Security Risk
Quick Hits  |  11/20/2018  | 
Report delivered at Payment Card Industry Security Standards Council meeting flags issues in deployments of Magento, a popular e-commerce platform.
Consumers Are Forgiving After a Data Breach, but Companies Need To Respond Well
News  |  11/20/2018  | 
A solid response and reputation management program will go a long way in surviving a major breach.
8 Security Buzzwords That Are Too Good to Be True
Commentary  |  11/20/2018  | 
If you can't get straight answers about popular industry catchphrases, maybe it's time to ask your vendor: How do you actually use the technology?
Instagram Privacy Tool Exposed Passwords
Quick Hits  |  11/19/2018  | 
The 'Download Your Data' tool, intended to improve users' privacy, actually became a privacy risk.
BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance
News  |  11/16/2018  | 
BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.
26M Texts Exposed in Poorly Secured Vovox Database
Quick Hits  |  11/16/2018  | 
The server, which lacked password protection, contained tens of millions of SMS messages, two-factor codes, shipping alerts, and other user data.
AI Poised to Drive New Wave of Exploits
News  |  11/16/2018  | 
Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.
7 Free (or Cheap) Ways to Increase Your Cybersecurity Knowledge
Slideshows  |  11/15/2018  | 
Building cybersecurity skills is a must; paying a lot for the education is optional. Here are seven options for increasing knowledge without depleting a budget.
Cloud, China, Generic Malware Top Security Concerns for 2019
News  |  11/15/2018  | 
FireEye researchers unveil an extensive list of security risks waiting in the new year's wings.
Security Teams Struggle with Container Security Strategy
News  |  11/14/2018  | 
Fewer than 30% of firms have more than a basic container security plan in place.
Netskope Announces Series F Funding Round
Quick Hits  |  11/13/2018  | 
The $168.7 million round will go toward R&D and global expansion, says cloud access security broker provider.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6499
PUBLISHED: 2019-01-21
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system.
CVE-2019-6500
PUBLISHED: 2019-01-21
In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.
CVE-2019-6498
PUBLISHED: 2019-01-21
GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.
CVE-2019-6497
PUBLISHED: 2019-01-20
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.
CVE-2018-18908
PUBLISHED: 2019-01-20
The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requ...