News & Commentary

Latest Content tagged with Cloud
Page 1 / 2   >   >>
The Security Costs of Cloud-Native Applications
News  |  9/18/2018  | 
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
Overhauling the 3 Pillars of Security Operations
Commentary  |  9/18/2018  | 
Modern apps and the cloud mean that organizations must now rethink older security practices.
Foreshadow, SGX & the Failure of Trusted Execution
Commentary  |  9/12/2018  | 
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.
The Key to Stealing a Tesla Model S
Quick Hits  |  9/11/2018  | 
A team of hackers finds it's possible to steal a Tesla Model S by cloning the key fob.
British Airways Breach Linked to Ticketmaster Breach Attackers
Quick Hits  |  9/11/2018  | 
Magecart attackers hit airline with the same "digital skimmers" they used on the entertainment company in June, researchers say.
Three Trend Micro Apps Caught Collecting MacOS User Data
News  |  9/10/2018  | 
After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.
8 Attack Vectors Puncturing Cloud Environments
Slideshows  |  9/7/2018  | 
These methods may not yet be on your security team's radar, but given their impact, they should be.
Understanding & Solving the Information-Sharing Challenge
Commentary  |  9/6/2018  | 
Why cybersecurity threat feeds from intel-sharing groups diminish in value and become just another source of noise. (And what to do about it.)
The Weakest Security Links in the (Block)Chain
Commentary  |  9/5/2018  | 
Despite the technology's promise to transform how business is done, there are significant limitations and potential risks at the intersection of the digital and physical worlds.
Machine Identities Need Protection, Too
Quick Hits  |  8/31/2018  | 
A new study shows that device identities need a level of protection that they're not getting from most organizations.
'Celebgate' Hacker Heading to Prison
Quick Hits  |  8/30/2018  | 
Connecticut man gets eight months for role in attack involving leak of personal celebrity photos, including those of actress Jennifer Lawrence.
How Can We Improve the Conversation Among Blue Teams?
Commentary  |  8/27/2018  | 
Dark Reading seeks new ways to bring defenders together to share information and best practices
It Takes an Average 38 Days to Patch a Vulnerability
News  |  8/22/2018  | 
Analysis of 316 million-plus security incidents uncovers most common types of real-world attacks taking place within in-production Web apps in the AWS and Azure cloud ecosystems.
Adobe Software at Center of Two Vulnerability Disclosures
News  |  8/22/2018  | 
Newly discovered Photoshop and Ghostscript vulnerabilities allow remote code execution.
Hackers Use Public Cloud Features to Breach, Persist In Business Networks
News  |  8/21/2018  | 
Attackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks.
Google Updates: Cloud HSM Beta, Binary Authorization for Kubernetes
News  |  8/20/2018  | 
Google's latest cloud security rollouts include early releases of its cloud-hosted security module and a container security tool to verify signed images.
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
Dark Reading Videos  |  8/20/2018  | 
Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix.
Make a Wish: Dark Reading Caption Contest Winners
Commentary  |  8/18/2018  | 
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
Ensuring Web Applications Are Hardened, Secure
Ensuring Web Applications Are Hardened, Secure
Dark Reading Videos  |  8/17/2018  | 
Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.
Simplifying Endpoint Hardening, Defense & Response
Simplifying Endpoint Hardening, Defense & Response
Dark Reading Videos  |  8/17/2018  | 
Ziften CEO Mike Hamilton advocates taking complexity, time, and cost out of multi-faceted endpoint protection, with a single-agent solution for laptops, desktops, servers, and cloud VMs.
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Commentary  |  8/13/2018  | 
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
Cloud Intelligence Throwdown: Amazon vs. Google vs. Microsoft
News  |  8/9/2018  | 
A closer look at native threat intelligence capabilities built into major cloud platforms and discussion of their strengths and shortcomings.
AWS Employee Flub Exposes S3 Bucket Containing GoDaddy Server Configuration and Pricing Models
News  |  8/9/2018  | 
Publicly accessible S3 bucket included configuration data for tens of thousands of systems, as well as sensitive pricing information.
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
News  |  8/8/2018  | 
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
Google Details Tech Built into Shielded VMs
News  |  8/6/2018  | 
Specialized virtual machines, recently released in beta mode, ensure cloud workloads haven't been compromised.
Salesforce Customer Data Possibly Exposed in API Glitch
Quick Hits  |  8/6/2018  | 
The issue was discovered and fixed on July 18.
Multifactor Acquisition: Cisco Plans to Buy Duo for $2.35B
News  |  8/2/2018  | 
Cisco intends to use Duo's authentication technology to ramp up security across hybrid and multicloud environments.
Reddit Warns Users of Data Breach
Quick Hits  |  8/1/2018  | 
An attacker broke into Reddit systems and accessed user data, email addresses, and a database of hashed passwords from 2007.
'Identity Has Become the Perimeter': Oracle Security SVP
News  |  7/27/2018  | 
Eric Olden, Oracle's new leader in security and identity, shares how the enterprise tech giant plans to operate in a cloud-first world.
Tenable Prices IPO, Raises $250 Million
News  |  7/26/2018  | 
The past year has been one of significant growth for the cybersecurity firm, which is trading under the NASDAQ symbol TENB.
Google Security Updates Include Titan Hardware Key
News  |  7/25/2018  | 
At Next 2018, Google also launches context-aware access management, shielded VMs, and G Suite security center investigation tool.
72% of CEOs Steal Corporate IP from Former Employers
News  |  7/24/2018  | 
Employees often take corporate IP because they feel ownership over their work, a trend security experts say is a problem.
OpenWhisk at Risk: Critical Bug Leaves IBM Cloud Exposed
Quick Hits  |  7/24/2018  | 
IBM and Apache have issued patches for a vulnerability that let attackers overwrite any company's serverless code with malicious content.
7 Ways to Better Secure Electronic Health Records
Slideshows  |  7/24/2018  | 
Healthcare data is prime targets for hackers. What can healthcare organizations do to better protect all of that sensitive information?
Microsoft, Google, Facebook, Twitter Launch Data Transfer Project
News  |  7/23/2018  | 
The open-source Data Transfer Project, intended to simplify and protect data transfer across apps, comes at a sensitive time for many of the participating organizations.
Why Security Startups Fly And Why They Crash
News  |  7/20/2018  | 
What makes startups stand out in a market flooded with thousands of vendors? Funding experts and former founders share their thoughts.
70 US Election Jurisdictions Adopt Free Website Security Service
News  |  7/19/2018  | 
Hawaii, Idaho, North Carolina, and Rhode Island are among states now using gratis DDoS mitigation, firewall, and user access control service from Cloudflare.
The Fundamental Flaw in Security Awareness Programs
Commentary  |  7/19/2018  | 
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
One-Third of Businesses Lack a Cybersecurity Expert
News  |  7/17/2018  | 
Alarming, yes, but it's actually an improvement over past years, a new Gartner survey of more than 3,000 CIOs reveals.
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Commentary  |  7/17/2018  | 
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
SCADA/ICS Dangers & Cybersecurity Strategies
Commentary  |  7/17/2018  | 
Nearly 60% of surveyed organizations using SCADA or ICS reported they experienced a breach in those systems in the last year. Here are four tips for making these systems safer.
Less Than Half of Cyberattacks Detected via Antivirus: SANS
News  |  7/16/2018  | 
Companies are buying next-gen antivirus and fileless attack detection tools but few have the resources to use them, researchers report.
Timehop Releases New Details About July 4 Breach
Quick Hits  |  7/12/2018  | 
Additional information includes PII affected and the authentication issue that led to the breach.
Getting Safe, Smart & Secure on S3
Commentary  |  7/11/2018  | 
AWS Simple Storage Service has proven to be a security minefield. It doesn't have to be if you pay attention to people, process, and technology.
Microsoft July Security Updates Mostly Browser-Related
News  |  7/10/2018  | 
Patch Tuesday includes 53 security updates, including mitigation for the latest side-channel attack.
Creating a Defensible Security Architecture
Commentary  |  7/9/2018  | 
Take the time to learn about your assets. You'll be able to layer in multiple prevention and detection solutions and have a highly effective security architecture.
Cryptocurrency Theft Drives 3x Increase in Money Laundering
News  |  7/3/2018  | 
The first half of 2018 saw more cryptocurrency theft than all of 2017 combined, driving a rise in digital money laundering as criminals elude authorities.
ThetaRay Raises $30M to Block Money Laundering
Quick Hits  |  7/3/2018  | 
With a total $60 million raised to date, the Israeli startup plans to expand operations in Europe, Asia, and the United States.
Azure IoT Edge Exits Preview with Security Updates
News  |  7/2/2018  | 
Microsoft rolls out its cloud-based IoT service to the general public, while upping data protection with new categories including device management and security.
'Clipboard Hijacker' Malware Builds on Cryptocurrency Threat
Quick Hits  |  7/2/2018  | 
Clipboard Hijackers are not a new threat, but this one shows attackers are getting more advanced.
Page 1 / 2   >   >>


New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17208
PUBLISHED: 2018-09-19
Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell me...
CVE-2018-17205
PUBLISHED: 2018-09-19
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not ex...
CVE-2018-17206
PUBLISHED: 2018-09-19
An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6. The decode_bundle function inside lib/ofp-actions.c is affected by a buffer over-read issue during BUNDLE action decoding.
CVE-2018-17207
PUBLISHED: 2018-09-19
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
CVE-2017-2855
PUBLISHED: 2018-09-19
An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HT...