Cloud

News & Commentary
Why Size Doesn't Matter in DDoS Attacks
Nicolai Bezsonoff, General Manager, Security Solutions, NeustarCommentary
Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."
By Nicolai Bezsonoff General Manager, Security Solutions, Neustar, 9/21/2017
Comment0 comments  |  Read  |  Post a Comment
SMBs Paid $301 Million to Ransomware Attackers
Dark Reading Staff, Quick Hits
But small- to midsized businesses are taking a tougher stand against ransomware attacks, according to a survey released today of the 2016-2017 period.
By Dark Reading Staff , 9/21/2017
Comment2 comments  |  Read  |  Post a Comment
10 Hot Cybersecurity Funding Rounds in Q3
Jai Vijayan, Freelance writer
The first two quarters of 2017 have been the most active ever in five years from a cybersecurity investment standpoint. Here's how the third quarter has shaped up.
By Jai Vijayan Freelance writer, 9/20/2017
Comment1 Comment  |  Read  |  Post a Comment
GDPR & the Rise of the Automated Data Protection Officer
Terry Ray, Chief Technology Officer, ImpervaCommentary
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
By Terry Ray Chief Technology Officer, Imperva, 9/19/2017
Comment0 comments  |  Read  |  Post a Comment
Viacom's Secret Cloud Keys Exposed
Dark Reading Staff, Quick Hits
The entertainment giant is the latest company to misconfigure its Amazon Web Services S3 cloud storage bucket.
By Dark Reading Staff , 9/19/2017
Comment1 Comment  |  Read  |  Post a Comment
Siemens' New ICS/SCADA Security Service a Sign of the Times
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Major ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/19/2017
Comment0 comments  |  Read  |  Post a Comment
Public, Hybrid Cloud Security Fears Abound
Kelly Sheridan, Associate Editor, Dark ReadingNews
Most CISOs say encryption is the most effective security tool for data in the public cloud, but only one in six encrypt all data stored there.
By Kelly Sheridan Associate Editor, Dark Reading, 9/16/2017
Comment0 comments  |  Read  |  Post a Comment
Google, Spotify Build Open-Source Community for GCP Security
Dark Reading Staff, Quick Hits
Google and Spotify create Forseti, an open-source community with tools to secure projects on the Google Cloud Platform.
By Dark Reading Staff , 9/15/2017
Comment0 comments  |  Read  |  Post a Comment
Attacking Developers Using 'Shadow Containers'
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Sagie Dulce describes why developers are such attractive targets and how the Docker API can be exploited to use one of developers' favorite tools against them in sneaky, obfuscated attacks.
By Sara Peters Senior Editor at Dark Reading, 9/15/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft's Azure 'Confidential Computing' Encrypts Data in Use
Kelly Sheridan, Associate Editor, Dark ReadingNews
Early Access program under way for new Azure cloud security feature.
By Kelly Sheridan Associate Editor, Dark Reading, 9/14/2017
Comment0 comments  |  Read  |  Post a Comment
Cloud Security's Shared Responsibility Is Foggy
Ben Johnson, Co-founder and CTO, Obsidian SecurityCommentary
Security is a two-way street. The cloud provider isn't the only one that must take precautions.
By Ben Johnson Co-founder and CTO, Obsidian Security, 9/14/2017
Comment3 comments  |  Read  |  Post a Comment
Encryption: A New Boundary for Distributed Infrastructure
Rob Enns, VP Engineering, Bracket ComputingCommentary
As the sheet metal surrounding traditional infrastructure continues to fall away, where should security functions in a cloud environment reside?
By Rob Enns VP Engineering, Bracket Computing, 9/14/2017
Comment0 comments  |  Read  |  Post a Comment
Businesses Fail to Properly Secure, Assess SSH: ISACA
Kelly Sheridan, Associate Editor, Dark ReadingQuick Hits
Frequently used but underappreciated, Secure Shell is rarely secured, assessed, documented, or managed in a systematic way, researchers report.
By Kelly Sheridan Associate Editor, Dark Reading, 9/13/2017
Comment0 comments  |  Read  |  Post a Comment
Why InfoSec Hiring Managers Miss the Oasis in the Desert
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Despite a sharp shortage of IT security professionals, a pool of potential talent is swimming below the surface.
By Dawn Kawamoto Associate Editor, Dark Reading, 9/13/2017
Comment0 comments  |  Read  |  Post a Comment
IBM Launches New Tools for Container Security
Dark Reading Staff, Quick Hits
IBM's LinuxONE Emperor II addresses container security as researchers pay closer attention to containers' security shortcomings.
By Dark Reading Staff , 9/12/2017
Comment3 comments  |  Read  |  Post a Comment
Paul Vixie: How CISOs Can Use DNS to Up Security
Tim Wilson, Editor in Chief, Dark Reading, CommentaryVideo
FarSight CEO and DNS master Paul Vixie explains how enterprises, not just telecoms and infrastructure providers, can use DNS to improve cybersecurity.
By Tim Wilson, Editor in Chief, Dark Reading , 9/11/2017
Comment0 comments  |  Read  |  Post a Comment
Cloud Security Hype Fails to Match Deployments
Dark Reading Staff, Quick Hits
Technologies like software-defined perimeter and key management as-a-service generate enthusiasm but will take years to reach mainstream adoption.
By Dark Reading Staff , 9/8/2017
Comment1 Comment  |  Read  |  Post a Comment
10% of Ransomware Attacks on SMBs Targeted IoT Devices
Dawn Kawamoto, Associate Editor, Dark ReadingNews
IoT ransomware attacks are expected to ramp up in the coming years, a new survey shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 9/7/2017
Comment0 comments  |  Read  |  Post a Comment
Sandbox-Aware Malware Foreshadows Potential Attacks
Paul Shomo,  Senior Technical Manager, Strategic Partnerships, Guidance SoftwareCommentary
For the continuous monitoring industry to remain relevant, it needs to match the vigor of sandbox vendors against targeted subversion.
By Paul Shomo Senior Technical Manager, Strategic Partnerships, Guidance Software, 9/7/2017
Comment0 comments  |  Read  |  Post a Comment
GDPR Confusion Persists Among Businesses, Survey Shows
Dark Reading Staff, Quick Hits
Top executives appear dismissive about the penalties they could face if failing to fulfill the EU's General Data Protection Regulation (GDPR) requirements.
By Dark Reading Staff , 9/6/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
To Be Ready for the Security Future, Pay Attention to the Security Past
Liz Maida, Co-founder, CEO & CTO, Uplevel Security,  9/18/2017
1.9 Billion Data Records Exposed in First Half of 2017
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/20/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Jan, check this out! I found an unhackable PC.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.