Cloud
News & Commentary
Lessons from Verizon: Managing Cloud Security for Partners
Tim Prendergast, Founder & CEO, Evident.io
The recent Verizon breach data exposed by an insecure Amazon S3 bucket highlights the need for enterprises to have visibility into how partners and other stakeholders keep their data secure.
By Tim Prendergast Founder & CEO, Evident.io, 7/25/2017
Comment0 comments  |  Read  |  Post a Comment
Weather.com, Fusion Expose Data Via Google Groups Config Error
Kelly Sheridan, Associate Editor, Dark ReadingNews
Companies that leaked data accidentally chose the sharing setting "public on the Internet," which enabled anyone on the Web to access all information contained in the messages
By Kelly Sheridan Associate Editor, Dark Reading, 7/24/2017
Comment1 Comment  |  Read  |  Post a Comment
7 Hardware & Firmware Hacks Highlighted at Black Hat 2017
Ericka Chickowski, Contributing Writer, Dark Reading
Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/24/2017
Comment0 comments  |  Read  |  Post a Comment
Dark Reading News Desk Live at Black Hat USA 2017
Dark Reading Staff, Commentary
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
By Dark Reading Staff , 7/21/2017
Comment3 comments  |  Read  |  Post a Comment
Using DevOps to Move Faster than Attackers
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/20/2017
Comment5 comments  |  Read  |  Post a Comment
98% of Companies Favor Integrating Security with DevOps
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A majority of companies are either planning or have launched an integrated DevOps and security team, a new report shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
Most Office 365 Admins Rely on Recycle Bin for Data Backup
Kelly Sheridan, Associate Editor, Dark ReadingNews
Nearly 66% of Office 365 administrators use Recycle Bin to back up their data, a practice that could leave data lost and unrecoverable.
By Kelly Sheridan Associate Editor, Dark Reading, 7/19/2017
Comment5 comments  |  Read  |  Post a Comment
Catastrophic Cloud Attack Costs Would Rival that of Hurricane Damages
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Lloyd's of London estimates multi-billion-dollar loss figures in worst-case scenarios of a major zero-day exploit or massive cloud outage.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
4 Steps to Securing Citizen-Developed Apps
Mike Lemire, Compliance & Information Security Officer at  Quick BaseCommentary
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
By Mike Lemire Compliance & Information Security Officer at Quick Base, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
Dow Jones Data Leak Results from an AWS Configuration Error
Kelly Sheridan, Associate Editor, Dark ReadingNews
Security pros expect to see more incidents like the Dow Jones leak, which exposed customers' personal information following a public cloud configuration error.
By Kelly Sheridan Associate Editor, Dark Reading, 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
Zero-Day Exploit Surfaces that May Affect Millions of IoT Users
Dark Reading Staff, Quick Hits
A zero-day vulnerability dubbed Devil's Ivy is discovered in a widely used third-party toolkit called gSOAP.
By Dark Reading Staff , 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
Apple iOS Malware Growth Outpaces that of Android
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Number of iOS devices running malicious apps more than tripled in three consecutive quarters, while infected Android devices remained largely flat, report shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
New IBM Mainframe Encrypts All the Things
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Next-generation Z series features the elusive goal of full data encryption - from an application, cloud service, or database in transit or at rest.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/17/2017
Comment1 Comment  |  Read  |  Post a Comment
FBI Issues Warning on IoT Toy Security
Dark Reading Staff, Quick Hits
IoT toys are more than fun and games and can potentially lead to a violation of children's privacy and safety, the Federal Bureau of Investigation warned Monday.
By Dark Reading Staff , 7/17/2017
Comment1 Comment  |  Read  |  Post a Comment
AWS S3 Breaches: What to Do & Why
Rob Enns, VP Engineering, Bracket ComputingCommentary
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
By Rob Enns VP Engineering, Bracket Computing, 7/17/2017
Comment0 comments  |  Read  |  Post a Comment
Cloud AV Can Serve as an Avenue for Exfiltration
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/14/2017
Comment0 comments  |  Read  |  Post a Comment
Study: Backdoors Found on 73% of Compromised Websites
Dark Reading Staff, Quick Hits
No such thing as 'too small to hack,' according to research from SMB security provider SiteLock.
By Dark Reading Staff , 7/13/2017
Comment0 comments  |  Read  |  Post a Comment
US Voters Consider Russia the Largest Security Risk to Elections
Dark Reading Staff, Quick Hits
Nearly half of US voters believe Russia is the largest security risk for elections in the nation, according to a survey.
By Dark Reading Staff , 7/13/2017
Comment5 comments  |  Read  |  Post a Comment
How Security Pros Can Help Protect Patients from Medical Data Theft
Reza Chapman, Managing Director, Cybersecurity, for Accenture's Global  Healthcare BusinessCommentary
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
By Reza Chapman Managing Director, Cybersecurity, for Accenture's Global Healthcare Business, 7/13/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.