Cloud

News & Commentary
Inside Incident Response: 6 Key Tips to Keep in Mind
Kelly Sheridan, Staff Editor, Dark Reading
Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.
By Kelly Sheridan Staff Editor, Dark Reading, 3/22/2019
Comment0 comments  |  Read  |  Post a Comment
SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Brings Defender Security Tools to Mac
Kelly Sheridan, Staff Editor, Dark ReadingNews
Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.
By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
6 Ways Mature DevOps Teams Are Killing It in Security
Ericka Chickowski, Contributing Writer, Dark Reading
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
On Norman Castles and the Internet
Dr. Mike Lloyd, CTO of RedSealCommentary
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
By Dr. Mike Lloyd CTO of RedSeal, 3/15/2019
Comment0 comments  |  Read  |  Post a Comment
4 Reasons to Take an 'Inside Out' View of Security
Earl D. Matthews, Senior Vice President and Chief Strategy Officer at VerodinCommentary
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
Box Mistakes Leave Enterprise Data Exposed
Dark Reading Staff, Quick Hits
User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.
By Dark Reading Staff , 3/12/2019
Comment1 Comment  |  Read  |  Post a Comment
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Meanwhile, organizations are looking at unconventional ways to staff up and train their workforce as technical expertise gets even harder to find.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/12/2019
Comment6 comments  |  Read  |  Post a Comment
The 12 Worst Serverless Security Risks
Ory Segal, CTO, PureSecCommentary
A new guide from the Cloud Security Alliance offers mitigations, best practices, and a comparison between traditional applications and their serverless counterparts.
By Ory Segal CTO, PureSec, 3/12/2019
Comment0 comments  |  Read  |  Post a Comment
763M Email Addresses Exposed in Latest Database Misconfiguration Episode
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
MongoDB once again used by database admin who opens unencrypted database to the whole world.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Debunking 5 Myths About Zero Trust Security
Torsten George, Cybersecurity Evangelist at CentrifyCommentary
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
By Torsten George Cybersecurity Evangelist at Centrify, 3/7/2019
Comment0 comments  |  Read  |  Post a Comment
Meet the New 'Public-Interest Cybersecurity Technologist'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A grassroots movement is emerging to train high-risk groups and underrepresented communities in cybersecurity protection and skills all for the public good.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/6/2019
Comment0 comments  |  Read  |  Post a Comment
Incident Response: Having a Plan Isn't Enough
Kelly Sheridan, Staff Editor, Dark ReadingNews
Data shows organizations neglect to review and update breach response plans as employees and processes change, putting data at risk.
By Kelly Sheridan Staff Editor, Dark Reading, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Security Pros Agree: Cloud Adoption Outpaces Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
Oftentimes, responsibility for securing the cloud falls to IT instead of the security organization, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 3/1/2019
Comment1 Comment  |  Read  |  Post a Comment
Data Leak Exposes Dow Jones Watchlist Database
Dark Reading Staff, Quick Hits
The Watchlist, which contained the identities of government officials, politicians, and people of political interest, is used to identify risk when researching someone.
By Dark Reading Staff , 2/28/2019
Comment6 comments  |  Read  |  Post a Comment
Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service
Kelly Sheridan, Staff Editor, Dark ReadingNews
New services, which are both available in preview, arrive at a time when two major trends are converging on security.
By Kelly Sheridan Staff Editor, Dark Reading, 2/28/2019
Comment0 comments  |  Read  |  Post a Comment
In 2019, Cryptomining Just Might Have an Even Better Year
Alex Artamonov, System Engineer & Cybersecurity Specialist, Infinitely VirtualCommentary
The practice today is so pervasive that cryptojacking scripts are said to be running on an estimated 3% of all sites that users visit.
By Alex Artamonov System Engineer & Cybersecurity Specialist, Infinitely Virtual, 2/28/2019
Comment0 comments  |  Read  |  Post a Comment
IoT, APIs, and Criminal Bots Pose Evolving Dangers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A pair of reports reach similar conclusions about some of the threats growing in cyberspace and the industries likely to be most affected.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/27/2019
Comment0 comments  |  Read  |  Post a Comment
Intel Focuses on Data Center, Firmware Security Ahead of RSAC
Kelly Sheridan, Staff Editor, Dark ReadingNews
The new Intel SGX Card is intended to extend application memory security using Intel SGX in existing data center infrastructure.
By Kelly Sheridan Staff Editor, Dark Reading, 2/27/2019
Comment0 comments  |  Read  |  Post a Comment
Embracing DevSecOps: 5 Processes to Improve DevOps Security
Sam Bocetta, Security AnalystCommentary
In the cyber threat climate of the 21st century, sticking with DevOps is no longer an option.
By Sam Bocetta Security Analyst, 2/27/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by StuartG253
Current Conversations :(){:|:&};:
In reply to: Horse shit
Post Your Own Reply
More Conversations
PR Newswire
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10010
PUBLISHED: 2019-03-24
Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583.
CVE-2019-9978
PUBLISHED: 2019-03-24
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
CVE-2019-9977
PUBLISHED: 2019-03-24
The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants.
CVE-2019-9962
PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to VCRUNTIME140!memcpy.
CVE-2019-9963
PUBLISHED: 2019-03-24
XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file, related to ntdll!RtlFreeHeap.