Cloud
News & Commentary
Data Encryption In The Cloud: Square Pegs In Round Holes
Thomas Ristenpart, Asst. Professor, Computer Sciences, University of WisconsinCommentary
Conventional encryption is a surefire solution for protecting sensitive data -- except when it breaks cloud applications. “Format-preserving” encryption could change all that.
By Thomas Ristenpart Asst. Professor, Computer Sciences, University of Wisconsin, 5/21/2015
Comment0 comments  |  Read  |  Post a Comment
Half Of Retail, Healthcare Sites 'Always Vulnerable'
Sara Peters, Senior Editor at Dark ReadingNews
Finding vulnerabilities in custom web applications isn't the major problem; fixing them in a timely fashion is, a new report from WhiteHat Security finds.
By Sara Peters Senior Editor at Dark Reading, 5/21/2015
Comment0 comments  |  Read  |  Post a Comment
Logjam Encryption Flaw Threatens Secure Communications On Web
Jai Vijayan, Freelance writerNews
Most major browsers, websites that support export ciphers impacted
By Jai Vijayan Freelance writer, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Polish Security Firm Discloses Unpatched Security Flaws in Google App Engine
Jai Vijayan, Freelance writerNews
Google was given enough time to respond researcher says.
By Jai Vijayan Freelance writer, 5/15/2015
Comment0 comments  |  Read  |  Post a Comment
Experts' Opinions Mixed On VENOM Vulnerability
Sara Peters, Senior Editor at Dark ReadingNews
Some say the virtualization vuln could be worse than Heartbleed, while others advise to patch, but don't panic.
By Sara Peters Senior Editor at Dark Reading, 5/14/2015
Comment2 comments  |  Read  |  Post a Comment
Cloud Security Alliance, Waverley Labs Collaborate On Open-Source Software-Defined Perimeter Spec
Jai Vijayan, Freelance writerNews
SDPs offer enterprises an alternative to traditional perimeter tools for protecting network assets, says CSA, Waverley
By Jai Vijayan Freelance writer, 5/13/2015
Comment0 comments  |  Read  |  Post a Comment
VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products
Sara Peters, Senior Editor at Dark ReadingNews
Critical vulnerability in the open-source QEMU hypervisor lets attackers break out of a virtual machine, execute code on a host machine and access all the other VMs on the host.
By Sara Peters Senior Editor at Dark Reading, 5/13/2015
Comment6 comments  |  Read  |  Post a Comment
Verizon 2015 Data Breach Cover Puzzler Solved: Defending Champs Win
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The 2015 DBIR Cover Challenge is as highly anticipated by some as the DBIR report itself.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/12/2015
Comment0 comments  |  Read  |  Post a Comment
Protecting The Data Lifecycle From Network To Cloud
Gerry Grealish, CMO, PerspecsysCommentary
Enterprises are pushing more sensitive and regulated data into the public cloud than ever before. But the journey carries many new risks.
By Gerry Grealish CMO, Perspecsys, 5/12/2015
Comment0 comments  |  Read  |  Post a Comment
10 Security Questions To Ask A Cloud Service Provider
Ericka Chickowski, Contributing Writer, Dark Reading
Help the business assess the risks of cloud services with these handy questions.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/12/2015
Comment2 comments  |  Read  |  Post a Comment
PHP Hash Comparison Weakness A Threat To Websites, Researcher Says
Jai Vijayan, Freelance writerNews
Flaw could allow attackers to compromise user accounts, WhiteHat Security's Robert Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash' vulnerability.
By Jai Vijayan Freelance writer, 5/9/2015
Comment2 comments  |  Read  |  Post a Comment
White House Evaluating New Court Ruling Declaring NSA Data-Collection Program Illegal
Jai Vijayan, Freelance writerNews
Administration will continue to work with Congress to reform surveillance laws, NSC spokesman says.
By Jai Vijayan Freelance writer, 5/7/2015
Comment1 Comment  |  Read  |  Post a Comment
Vixie Proposes 'Cooling-Off Period' For New Domains To Deter Cybercrime
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Short trial period would help detect malicious use of domain names, Internet expert says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/6/2015
Comment9 comments  |  Read  |  Post a Comment
Law Enforcement Finding Few Allies On Encryption
Sara Peters, Senior Editor at Dark ReadingNews
Cloud providers, mobile device manufacturers, private citizens, and a bipartisan Congressional committee are lining up on the opposite side.
By Sara Peters Senior Editor at Dark Reading, 5/5/2015
Comment3 comments  |  Read  |  Post a Comment
Google's Urs Hoelzle: Cloud Will Soon Be More Secure
Charles Babcock, Editor at Large, CloudNews
Google's chief data center architect, Urs Hoelzle, says cloud security will improve faster than enterprise security in the next few years.
By Charles Babcock Editor at Large, Cloud, 4/30/2015
Comment11 comments  |  Read  |  Post a Comment
Bringing Tokenization To Secure Payments & Beyond
Sara Peters, Senior Editor at Dark ReadingNews
HYPR aims to do for everything else what ApplePay has done for payments
By Sara Peters Senior Editor at Dark Reading, 4/28/2015
Comment5 comments  |  Read  |  Post a Comment
Cisco Offers Free Decryption Tool For Ransomware Victims
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Tool decrypts, unlocks files hit by TeslaCrypt ransomware attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/28/2015
Comment5 comments  |  Read  |  Post a Comment
RSA: Follow Keynote Sessions on Dark Reading
Sara Peters, Senior Editor at Dark ReadingNews
From the Cryptographer's Panel to the RSA CEO's advice for the security industry, here's how the conference kicked off in San Francisco Tuesday.
By Sara Peters Senior Editor at Dark Reading, 4/21/2015
Comment2 comments  |  Read  |  Post a Comment
Virginia Forms First State-Level Cyberthreat Intel-Sharing Organization
Dark Reading Staff, Quick Hits
Governor Terry McAuliffe today announced Virginia's new Information Sharing and Analysis Organization (ISAO).
By Dark Reading Staff , 4/21/2015
Comment0 comments  |  Read  |  Post a Comment
Microsoft Zero-Day Bug Being Exploited In The Wild
Sara Peters, Senior Editor at Dark ReadingNews
As attacks mount, and over 70 million websites remain vulnerable, advice is "fix now."
By Sara Peters Senior Editor at Dark Reading, 4/16/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1978
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an administrator via a request to auth/process.php, (2) delete an administrator via a request to auth/admi...

CVE-2015-0741
Published: 2015-05-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596.

CVE-2015-0742
Published: 2015-05-21
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registrati...

CVE-2015-0746
Published: 2015-05-21
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022.

CVE-2015-0915
Published: 2015-05-21
Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.