Cloud
News & Commentary
Smart Cities' 4 Biggest Security Challenges
Sara Peters, Senior Editor at Dark ReadingNews
The messiness of politics and the vulnerability of the Internet of Things in one big, unwieldy package.
By Sara Peters Senior Editor at Dark Reading, 7/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Cisco 'Everywhere': Networking Giant To Buy OpenDNS For $635 Million
Dark Reading Staff, Quick Hits
OpenDNS, which provides threat intelligence via a software-as-a-service offering, expected to enhance Cisco's existing cloud security offerings.
By Dark Reading Staff , 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
Clever CryptoWall Spreading Via New Attacks
Sara Peters, Senior Editor at Dark ReadingNews
Top ransomware doesn't waste time jumping on the latest Flash zero-day, and hops rides on click fraud campaigns, too.
By Sara Peters Senior Editor at Dark Reading, 6/29/2015
Comment3 comments  |  Read  |  Post a Comment
CSA Announces New Working Group For Cloud Security API Standards
Ericka Chickowski, Contributing Writer, Dark ReadingNews
CipherCloud, Deloitte, InfoSys, Intel Security and SAP all on board to start developing vendor-neutral guidelines that could further accelerate CASB growth
By Ericka Chickowski Contributing Writer, Dark Reading, 6/29/2015
Comment0 comments  |  Read  |  Post a Comment
4 Ways Cloud Usage Is Putting Health Data At Risk
Jai Vijayan, Freelance writerNews
A huge shadow IT problem is just one of the risks of uncontrolled cloud usage in healthcare organizations, new study shows.
By Jai Vijayan Freelance writer, 6/26/2015
Comment3 comments  |  Read  |  Post a Comment
Stealthy Fobber Malware Takes Anti-Analysis To New Heights
Sara Peters, Senior Editor at Dark ReadingNews
Built off the Tinba banking Trojan and distributed through the elusive HanJuan exploit kit, Fobber info-stealer defies researchers with layers upon layers of encryption.
By Sara Peters Senior Editor at Dark Reading, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
How To Avoid Collateral Damage In Cybercrime Takedowns
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Internet pioneer and DNS expert Paul Vixie says 'passive DNS' is way to shut down malicious servers and infrastructure without affecting innocent users.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/24/2015
Comment2 comments  |  Read  |  Post a Comment
3 Clues That Collaboration And File Sharing Tools Are Cloud Security's Weak Link
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Cloud collaboration and file sharing applications continue to raise CISOs' blood pressure.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/23/2015
Comment1 Comment  |  Read  |  Post a Comment
Security Surveys: Read With Caution
Bill Brenner, Information Security BloggerCommentary
Iím skeptical of industry surveys that tell security practitioners what they already know. Donít state the obvious. Tell us the way forward.
By Bill Brenner Information Security Blogger, 6/22/2015
Comment1 Comment  |  Read  |  Post a Comment
7 Top Security Quotes From London Technology Week
Sara Peters, Senior Editor at Dark Reading
Tech events across the city hit on IoT, smart cities, mobility and Legos.
By Sara Peters Senior Editor at Dark Reading, 6/19/2015
Comment9 comments  |  Read  |  Post a Comment
Smart Cities', IoT's Key Challenges: Security, Lack of Standards
Sara Peters, Senior Editor at Dark ReadingNews
London Technology Week: At IFSEC, futurologist Simon Moores asks who's responsible when a smart city crashes.
By Sara Peters Senior Editor at Dark Reading, 6/17/2015
Comment0 comments  |  Read  |  Post a Comment
Few Skills Needed to Build DDoS Infrastructure, Honeypot Project Shows
Jai Vijayan, Freelance writerNews
Novetta's analysis of the tactics used by attackers to exploit a flaw in Elasticsearch shows script kiddies can build DDoS attacks.
By Jai Vijayan Freelance writer, 6/11/2015
Comment0 comments  |  Read  |  Post a Comment
Smart Cities, Finance Security Hot Topics At London Technology Week
Sara Peters, Senior Editor at Dark ReadingNews
IFSEC, Interop, Black Hat, DarkReading's Crash Course, and over 100 other tech events descend upon London next week.
By Sara Peters Senior Editor at Dark Reading, 6/11/2015
Comment1 Comment  |  Read  |  Post a Comment
iOS Mail App Vulnerable To Phishing Bug
Nathan Eddy, Freelance WriterNews
An unpatched bug in Apple's Mail app for iOS mobile devices could easily fool users into giving up their iCloud passwords to phishing hackers.
By Nathan Eddy Freelance Writer, 6/11/2015
Comment1 Comment  |  Read  |  Post a Comment
The Promises And Perils Of The Healthcare Internet Of Things
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
Connected devices are working wonders for managing treatment, but their integration with consumer technology and cloud computing raises significant security issues.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 6/11/2015
Comment2 comments  |  Read  |  Post a Comment
Firewalls Sustain Foundation of Sound Security
Jody Brazil, Founder and CEO of FireMonCommentary
Simply put, organizations that cannot maintain rigid firewall enforcement are more likely to be compromised.
By Jody Brazil Founder and CEO of FireMon, 6/10/2015
Comment1 Comment  |  Read  |  Post a Comment
Why the Firewall is Increasingly Irrelevant
Asaf Cidon, CEO & Co-founder, SookasaCommentary
It will take a dramatic reimagining of security to dedicate focus to the areas where company data actually resides. It starts with tearing down the firewall.
By Asaf Cidon CEO & Co-founder, Sookasa, 6/10/2015
Comment4 comments  |  Read  |  Post a Comment
Quantifying Shadow Data In The Cloud
Ericka Chickowski, Contributing Writer, Dark Reading
Report shows how much data users really are exposing on SaaS services.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/8/2015
Comment1 Comment  |  Read  |  Post a Comment
7 Critical Criteria for Data Encryption In The Cloud
Ron Zalkind, CTO & Co-founder, CloudLockCommentary
Encrypting the huge number of data files stored in a public cloud today is like bubble-wrapping an entire house. Better to focus on the fragile items that matter.
By Ron Zalkind CTO & Co-founder, CloudLock, 6/8/2015
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: nice post
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1750
Published: 2015-07-01
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as cross-sit...

CVE-2014-1836
Published: 2015-07-01
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.

CVE-2015-0848
Published: 2015-07-01
Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image.

CVE-2015-1330
Published: 2015-07-01
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vecto...

CVE-2015-1950
Published: 2015-07-01
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report