Cloud

News & Commentary
Cracking Cortana: The Dangers of Flawed Voice Assistants
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
By Kelly Sheridan Staff Editor, Dark Reading, 6/22/2018
Comment0 comments  |  Read  |  Post a Comment
Artificial Intelligence & the Security Market
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Click2Gov Breaches Attributed to WebLogic Application Flaw
Dark Reading Staff, Quick Hits
At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.
By Dark Reading Staff , 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
7 Places Where Privacy and Security Collide
Curtis Franklin Jr., Senior Editor at Dark Reading
Privacy and security can experience tension at a number of points in the enterprise. Here are seven plus some possibilities for easing the strain.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Jason McKay, CTO, LogicworksCommentary
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
By Jason McKay CTO, Logicworks, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Office: The Go-To Platform for Zero-Day Exploits
Kelly Sheridan, Staff Editor, Dark ReadingNews
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
By Kelly Sheridan Staff Editor, Dark Reading, 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
AppSec in the World of 'Serverless'
Boris Chen, Co-founder and VP Engineering, tCell, Inc.Commentary
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
By Boris Chen Co-founder and VP Engineering, tCell, Inc., 6/21/2018
Comment0 comments  |  Read  |  Post a Comment
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment3 comments  |  Read  |  Post a Comment
Intel VP Talks Data Security Focus Amid Rise of Blockchain, AI
Kelly Sheridan, Staff Editor, Dark ReadingNews
Intel vice president Rick Echevarria discusses the challenges of balancing data security with new technologies like blockchain and artificial intelligence.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Alphabet Launches VirusTotal Monitor to Stop False Positives
Dark Reading Staff, Quick Hits
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
By Dark Reading Staff , 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
The Best and Worst Tasks for Security Automation
Kelly Sheridan, Staff Editor, Dark Reading
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
By Kelly Sheridan Staff Editor, Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
Mylobot Malware Brings New Sophistication to Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
Kelly Sheridan, Staff Editor, Dark ReadingNews
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
By Kelly Sheridan Staff Editor, Dark Reading, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
CrowdStrike Secures $200M Funding Round
Dark Reading Staff, Quick Hits
The new funding round brings the company's valuation to more than $3 billion.
By Dark Reading Staff , 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Robert Corradini, Director of Product Management at 5nineCommentary
Do 'cloud-first' strategies create a security-second mindset?
By Robert Corradini Director of Product Management at 5nine, 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
Security Analytics Startup Uptycs Raises $10M in Series A
Dark Reading Staff, Quick Hits
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
By Dark Reading Staff , 6/19/2018
Comment0 comments  |  Read  |  Post a Comment
Modern Cybersecurity Demands a Different Corporate Mindset
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 6/15/2018
Comment0 comments  |  Read  |  Post a Comment
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer
Here are eight measures to take to ensure the security of your containerized application environment.
By Jai Vijayan Freelance writer, 6/14/2018
Comment1 Comment  |  Read  |  Post a Comment
DDoS Amped Up: DNS, Memcached Attacks Rise
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
China and the US are the world's leading sources of distributed denial-of-service botnet attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/13/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark ReadingNews
The most critical vulnerability, experts say, affects Windows Domain Name Systems, while another lets attackers hack Cortana from the lock screen.
By Kelly Sheridan Staff Editor, Dark Reading, 6/12/2018
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by RosanaXayaraj
Current Conversations Thanks
In reply to: Re: More information
Post Your Own Reply
More Conversations
PR Newswire
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12538
PUBLISHED: 2018-06-22
In Eclipse Jetty versions 9.4.0 through 9.4.8, when using the optional Jetty provided FileSessionDataStore for persistent storage of HttpSession details, it is possible for a malicious user to access/hijack other HttpSessions and even delete unmatched HttpSessions present in the FileSystem's storage...
CVE-2018-12684
PUBLISHED: 2018-06-22
Out-of-bounds Read in the send_ssi_file function in civetweb.c in CivetWeb through 1.10 allows attackers to cause a Denial of Service or Information Disclosure via a crafted SSI file.
CVE-2018-12687
PUBLISHED: 2018-06-22
tinyexr 0.9.5 has an assertion failure in DecodePixelData in tinyexr.h.
CVE-2018-12688
PUBLISHED: 2018-06-22
tinyexr 0.9.5 has a segmentation fault in the wav2Decode function.
CVE-2018-10002
PUBLISHED: 2018-06-22
ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later.