Cloud
News & Commentary
Study: Enterprises Losing Faith In Digital Certificates, Crytographic Keys
Tim Wilson, Editor in Chief, Dark ReadingNews
On the heels of Heartbleed and other vulnerabilities, many enterprises are not confident in the ability of digital certificates to protect their data, Ponemon report says
By Tim Wilson Editor in Chief, Dark Reading, 3/12/2015
Comment2 comments  |  Read  |  Post a Comment
DroppedIn Vuln Links Victims' Androids To Attackers' DropBoxes
Sara Peters, Senior Editor at Dark ReadingNews
DropBox released a patch quick, but unpatched vulnerable Android apps that use the DropBox SDK may let attackers open up a two-way highway between victim Droids and their own Boxes.
By Sara Peters Senior Editor at Dark Reading, 3/11/2015
Comment1 Comment  |  Read  |  Post a Comment
Second Look: Data Security In A Hybrid Cloud
Bill Kleyman, Director of Strategy & Innovation, MTM TechnologiesCommentary
Today’s big cloud providers were built around an architecture for hosting and securing data. They will continue to thrive, only by keeping your workloads safe.
By Bill Kleyman Director of Strategy & Innovation, MTM Technologies, 3/9/2015
Comment12 comments  |  Read  |  Post a Comment
Scope Of FREAK Flaw Widens As Microsoft Says Windows Affected Too
Jai Vijayan, Freelance writerNews
Researchers had originally thought only Safari and Android affected by flaw.
By Jai Vijayan Freelance writer, 3/6/2015
Comment1 Comment  |  Read  |  Post a Comment
North Korean Government Not Likely Behind Malware On Nation's Official News Site
Jai Vijayan, Freelance writerNews
Contrary to initial assumptions of North Korean government involvement, watering hole attack appears to be the work of external hackers -- and contains similarities to Darkhotel campaign, security researchers say.
By Jai Vijayan Freelance writer, 3/5/2015
Comment0 comments  |  Read  |  Post a Comment
'Shadow' Cloud Services Rampant In Government Networks
Jai Vijayan, Freelance writerNews
Survey finds public sector employees use unmanaged cloud services just as much as private employees.
By Jai Vijayan Freelance writer, 2/26/2015
Comment4 comments  |  Read  |  Post a Comment
Superfish Compromises All SSL Connections On Lenovo Gear
Sara Peters, Senior Editor at Dark ReadingNews
More than just pre-installed adware on some Lenovo laptops, Superfish acts as a man-in-the-middle certificate authority, hijacking every SSL session the laptop makes.
By Sara Peters Senior Editor at Dark Reading, 2/19/2015
Comment10 comments  |  Read  |  Post a Comment
Malvertising Gets Boost From Malicious Browser Plug-ins
Dark Reading Staff, Quick Hits
Cisco discovers malicious browser add-ons that serve up unwanted and sometimes infected ads.
By Dark Reading Staff , 2/12/2015
Comment0 comments  |  Read  |  Post a Comment
Box Giving Customers Control Over Encryption Keys
Sara Peters, Senior Editor at Dark ReadingNews
Box says they've eliminated the last major barrier to cloud adoption, even in highly regulated organizations.
By Sara Peters Senior Editor at Dark Reading, 2/10/2015
Comment1 Comment  |  Read  |  Post a Comment
Enterprises Underestimate Actual Shadow Cloud Risks
Jai Vijayan, Freelance writerNews
More than 85 percent of cloud applications used in the workplace are unsanctioned, study shows.
By Jai Vijayan Freelance writer, 2/3/2015
Comment3 comments  |  Read  |  Post a Comment
New Adobe Flash 0-Day Used In Malvertising Campaign
Sara Peters, Senior Editor at Dark ReadingNews
The latest in a series of recent Flash vulnerabilities and malvertising exploits that are hard for users to avoid.
By Sara Peters Senior Editor at Dark Reading, 2/2/2015
Comment5 comments  |  Read  |  Post a Comment
ZeroAccess Click-Fraud Botnet Back In Action Again
Sara Peters, Senior Editor at Dark ReadingNews
After a six-month hiatus, the much-diminished P2P botnet is up to its old tricks.
By Sara Peters Senior Editor at Dark Reading, 1/29/2015
Comment1 Comment  |  Read  |  Post a Comment
Facebook Messenger: Classically Bad AppSec
Daniel Riedel, CEO, New ContextCommentary
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
By Daniel Riedel CEO, New Context, 1/21/2015
Comment2 comments  |  Read  |  Post a Comment
Insider Threats in the Cloud: 6 Harrowing Tales
Kaushik Narayan, Co-Founder and CTO at Skyhigh NetworksCommentary
The cloud has vastly expanded the scope of rogue insiders. Read on to discover the latest threat actors and scenarios.
By Kaushik Narayan Co-Founder and CTO at Skyhigh Networks, 1/13/2015
Comment5 comments  |  Read  |  Post a Comment
Cloud Services Adoption: Rates, Reasons & Security Fears
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Concern over data breaches and privacy are two reasons enterprises in the European Union didn’t increase their use of cloud services in 2014, according to the EU’s recent Eurostat report.
By Dave Kearns Analyst, Kuppinger-Cole, 1/12/2015
Comment3 comments  |  Read  |  Post a Comment
20 Startups To Watch In 2015
Ericka Chickowski, Contributing Writer, Dark Reading
Check our list of security startups sure to start (or continue) making waves in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/29/2014
Comment6 comments  |  Read  |  Post a Comment
Shadow IT: Not The Risk You Think
Tal Klein, VP Strategy, AdallomCommentary
Enterprise cloud services such as Box, Office 365, Salesforce, and Google Apps can make a better case for being called sanctioned than many legacy, on-premises, IT-provisioned applications.
By Tal Klein VP Strategy, Adallom, 12/12/2014
Comment1 Comment  |  Read  |  Post a Comment
Universal Multi-Factor Authentication Steps Closer To The Mainstream
Sara Peters, Senior Editor at Dark ReadingNews
The FIDO Alliance today finalized two universal authentication standards and one of its founding members, Nok Nok Labs, closed on $8.5 million of financing.
By Sara Peters Senior Editor at Dark Reading, 12/9/2014
Comment0 comments  |  Read  |  Post a Comment
Q&A: Internet Encryption As The New Normal
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Internet Architecture Board chairman Russ Housley explains what the IAB's game-changing statement about encryption means for the future of the Net.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/1/2014
Comment6 comments  |  Read  |  Post a Comment
Dangers Of Shopping Are Evolving
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Point-of-sale malware is making brick-and-mortar shopping more dangerous. Online, attackers are beginning to value user accounts with payment information attached more than credit card details themselves.
By Sara Peters Senior Editor at Dark Reading, 11/26/2014
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5427
Published: 2015-03-29
Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read pa...

CVE-2014-5428
Published: 2015-03-29
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integratio...

CVE-2014-9205
Published: 2015-03-29
Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data.

CVE-2015-0528
Published: 2015-03-29
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files.

CVE-2015-0996
Published: 2015-03-29
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive info...

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.