Cloud

News & Commentary
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Francis Dinha, CEO & Co-Founder of OpenVPNCommentary
New ways to steal your data (and profits) keep cropping up. These best practices can help keep your organization safer.
By Francis Dinha CEO & Co-Founder of OpenVPN, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
Cloud Intelligence Throwdown: Amazon vs. Google vs. Microsoft
Kelly Sheridan, Staff Editor, Dark ReadingNews
A closer look at native threat intelligence capabilities built into major cloud platforms and discussion of their strengths and shortcomings.
By Kelly Sheridan Staff Editor, Dark Reading, 8/9/2018
Comment0 comments  |  Read  |  Post a Comment
AWS Employee Flub Exposes S3 Bucket Containing GoDaddy Server Configuration and Pricing Models
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Publicly accessible S3 bucket included configuration data for tens of thousands of systems, as well as sensitive pricing information.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/9/2018
Comment0 comments  |  Read  |  Post a Comment
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
By Kelly Sheridan Staff Editor, Dark Reading, 8/8/2018
Comment6 comments  |  Read  |  Post a Comment
Google Details Tech Built into Shielded VMs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Specialized virtual machines, recently released in beta mode, ensure cloud workloads haven't been compromised.
By Kelly Sheridan Staff Editor, Dark Reading, 8/6/2018
Comment0 comments  |  Read  |  Post a Comment
Salesforce Customer Data Possibly Exposed in API Glitch
Dark Reading Staff, Quick Hits
The issue was discovered and fixed on July 18.
By Dark Reading Staff , 8/6/2018
Comment0 comments  |  Read  |  Post a Comment
Multifactor Acquisition: Cisco Plans to Buy Duo for $2.35B
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cisco intends to use Duo's authentication technology to ramp up security across hybrid and multicloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
Reddit Warns Users of Data Breach
Dark Reading Staff, Quick Hits
An attacker broke into Reddit systems and accessed user data, email addresses, and a database of hashed passwords from 2007.
By Dark Reading Staff , 8/1/2018
Comment0 comments  |  Read  |  Post a Comment
'Identity Has Become the Perimeter': Oracle Security SVP
Kelly Sheridan, Staff Editor, Dark ReadingNews
Eric Olden, Oracle's new leader in security and identity, shares how the enterprise tech giant plans to operate in a cloud-first world.
By Kelly Sheridan Staff Editor, Dark Reading, 7/27/2018
Comment1 Comment  |  Read  |  Post a Comment
Tenable Prices IPO, Raises $250 Million
Kelly Sheridan, Staff Editor, Dark ReadingNews
The past year has been one of significant growth for the cybersecurity firm, which is trading under the NASDAQ symbol TENB.
By Kelly Sheridan Staff Editor, Dark Reading, 7/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Google Security Updates Include Titan Hardware Key
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Next 2018, Google also launches context-aware access management, shielded VMs, and G Suite security center investigation tool.
By Kelly Sheridan Staff Editor, Dark Reading, 7/25/2018
Comment8 comments  |  Read  |  Post a Comment
72% of CEOs Steal Corporate IP from Former Employers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Employees often take corporate IP because they feel ownership over their work, a trend security experts say is a problem.
By Kelly Sheridan Staff Editor, Dark Reading, 7/24/2018
Comment2 comments  |  Read  |  Post a Comment
OpenWhisk at Risk: Critical Bug Leaves IBM Cloud Exposed
Dark Reading Staff, Quick Hits
IBM and Apache have issued patches for a vulnerability that let attackers overwrite any company's serverless code with malicious content.
By Dark Reading Staff , 7/24/2018
Comment0 comments  |  Read  |  Post a Comment
7 Ways to Better Secure Electronic Health Records
Curtis Franklin Jr., Senior Editor at Dark Reading
Healthcare data is prime targets for hackers. What can healthcare organizations do to better protect all of that sensitive information?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/24/2018
Comment2 comments  |  Read  |  Post a Comment
Microsoft, Google, Facebook, Twitter Launch Data Transfer Project
Kelly Sheridan, Staff Editor, Dark ReadingNews
The open-source Data Transfer Project, intended to simplify and protect data transfer across apps, comes at a sensitive time for many of the participating organizations.
By Kelly Sheridan Staff Editor, Dark Reading, 7/23/2018
Comment1 Comment  |  Read  |  Post a Comment
Why Security Startups Fly And Why They Crash
Kelly Sheridan, Staff Editor, Dark ReadingNews
What makes startups stand out in a market flooded with thousands of vendors? Funding experts and former founders share their thoughts.
By Kelly Sheridan Staff Editor, Dark Reading, 7/20/2018
Comment1 Comment  |  Read  |  Post a Comment
70 US Election Jurisdictions Adopt Free Website Security Service
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Hawaii, Idaho, North Carolina, and Rhode Island are among states now using gratis DDoS mitigation, firewall, and user access control service from Cloudflare.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure MentemCommentary
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
By Ira Winkler CISSP, President, Secure Mentem, 7/19/2018
Comment4 comments  |  Read  |  Post a Comment
One-Third of Businesses Lack a Cybersecurity Expert
Kelly Sheridan, Staff Editor, Dark ReadingNews
Alarming, yes, but it's actually an improvement over past years, a new Gartner survey of more than 3,000 CIOs reveals.
By Kelly Sheridan Staff Editor, Dark Reading, 7/17/2018
Comment0 comments  |  Read  |  Post a Comment
Cloud Security: Lessons Learned from Intrusion Prevention Systems
Gunter Ollmann, CTO, Security, Microsoft Cloud and AI Division   Commentary
The advancement of AI-driven public cloud technology is changing the game of "protection by default" in the enterprise.
By Gunter Ollmann CTO, Security, Microsoft Cloud and AI Division , 7/17/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3937
PUBLISHED: 2018-08-14
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2018-3938
PUBLISHED: 2018-08-14
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST r...
CVE-2018-12537
PUBLISHED: 2018-08-14
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
CVE-2018-12539
PUBLISHED: 2018-08-14
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows,...
CVE-2018-3615
PUBLISHED: 2018-08-14
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.