Cloud
News & Commentary
Emerging Web Infrastructure Threats
Sara Peters, Senior Editor at Dark Reading
A secure cloud relies on some weak Internet infrastructure with some new BGP vulnerabilities that will be disclosed at Black Hat USA.
By Sara Peters Senior Editor at Dark Reading, 7/23/2015
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Acquires Israeli Cloud Security Firm Adallom
Nathan Eddy, Freelance WriterNews
Microsoft is dropping $320 million to purchase Adallom, a cloud security specialist that has offices in Tel Aviv and Palo Alto.
By Nathan Eddy Freelance Writer, 7/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Ashley Madison Exposed: Affair Hookup Site Hacked, Member Data Posted Online
Dark Reading Staff, Quick Hits
Member data pilfered, posted in apparent hacktivist-style doxing attack.
By Dark Reading Staff , 7/20/2015
Comment8 comments  |  Read  |  Post a Comment
Darkode Shuttered But Cybercrime Still Alive And Well
Dark Reading Staff, News
Major international law enforcement takedown of exclusive criminal hacker forum highlights victory -- and challenges -- of global law enforcement of cybercrime.
By Fahmida Rashid, Contributing Editor , 7/17/2015
Comment0 comments  |  Read  |  Post a Comment
Researchers To Offer Free BGP Security Alert Tool Via Twitter
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New tool to be unveiled at Black Hat USA next month will tweet out route hijacking attacks on the Net.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/15/2015
Comment0 comments  |  Read  |  Post a Comment
Inside A Vicious DDoS Attack
Anthony Lye, President & CEO Chief Executive Officer, HotSchedulesCommentary
What it's really like to fend off a relentless distributed denial-of-service attack.
By Anthony Lye President & CEO Chief Executive Officer, HotSchedules, 7/14/2015
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Radio: Firewall Smackdown
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Is there a future for the venerable firewall? Security CEOs Asaf Cidon of Sookasa and Jody Brazil of FireMon debate the issues in our latest radio show.
By Marilyn Cohodas Community Editor, Dark Reading, 7/13/2015
Comment1 Comment  |  Read  |  Post a Comment
How To Make Internet Voting Secure
Jai Vijayan, Freelance writerNews
To be effective, an Internet voting system has to auditable every step of the way, a new study says.
By Jai Vijayan Freelance writer, 7/10/2015
Comment2 comments  |  Read  |  Post a Comment
3 Reasons Why Giving Government A Backdoor Is A Bad Idea
Jai Vijayan, Freelance writerNews
Exceptional access of the kind being demanded by the FBI and others is unworkable and impractical, security researchers say
By Jai Vijayan Freelance writer, 7/9/2015
Comment6 comments  |  Read  |  Post a Comment
OpenSSL Fixes High-Severity, Narrow-Scope Vulnerability
Sara Peters, Senior Editor at Dark ReadingNews
Bug allows attackers to issue invalid certificates, but is difficult to exploit and only affects OpenSSL versions released since last month.
By Sara Peters Senior Editor at Dark Reading, 7/9/2015
Comment0 comments  |  Read  |  Post a Comment
New Google Search Poisoning Method Cloaks With PDF Docs
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Using PDF documents to keyword stuff is growing in popularity as it circumvents anti-cloaking mechanisms in Google's algorithms.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/7/2015
Comment0 comments  |  Read  |  Post a Comment
Cloud & The Security Skills Gap
David Holmes, World-Wide Security Evangelist, F5CommentaryVideo
F5 Network security evangelist David Holmes tells how cloud outsourcing can help companies fill the talent gap in three critical areas of enterprise security.
By David Holmes World-Wide Security Evangelist, F5, 7/6/2015
Comment0 comments  |  Read  |  Post a Comment
Harvard Suffers Data Breach Spanning Multiple Schools, Administration Networks
Jai Vijayan, Freelance writerNews
Investigation so far shows email and system login info may have been compromised, university says.
By Jai Vijayan Freelance writer, 7/2/2015
Comment2 comments  |  Read  |  Post a Comment
Smart Cities' 4 Biggest Security Challenges
Sara Peters, Senior Editor at Dark ReadingNews
The messiness of politics and the vulnerability of the Internet of Things in one big, unwieldy package.
By Sara Peters Senior Editor at Dark Reading, 7/1/2015
Comment4 comments  |  Read  |  Post a Comment
Cisco 'Everywhere': Networking Giant To Buy OpenDNS For $635 Million
Dark Reading Staff, Quick Hits
OpenDNS, which provides threat intelligence via a software-as-a-service offering, expected to enhance Cisco's existing cloud security offerings.
By Dark Reading Staff , 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
Getting To Yes: Negotiating Technology Innovation & Security Risk
Tsion Gonen , Chief Strategy Office, Gemalto, Identity & Data ProtectionCommentary
As enterprises look for ways to leverage the cloud, mobility, Big Data, and social media for competitive advantage, CISOs can no longer give blanket refusals to IT experimentation.
By Tsion Gonen Chief Strategy Office, Gemalto, Identity & Data Protection, 6/30/2015
Comment0 comments  |  Read  |  Post a Comment
Clever CryptoWall Spreading Via New Attacks
Sara Peters, Senior Editor at Dark ReadingNews
Top ransomware doesn't waste time jumping on the latest Flash zero-day, and hops rides on click fraud campaigns, too.
By Sara Peters Senior Editor at Dark Reading, 6/29/2015
Comment4 comments  |  Read  |  Post a Comment
CSA Announces New Working Group For Cloud Security API Standards
Ericka Chickowski, Contributing Writer, Dark ReadingNews
CipherCloud, Deloitte, InfoSys, Intel Security and SAP all on board to start developing vendor-neutral guidelines that could further accelerate CASB growth
By Ericka Chickowski Contributing Writer, Dark Reading, 6/29/2015
Comment0 comments  |  Read  |  Post a Comment
4 Ways Cloud Usage Is Putting Health Data At Risk
Jai Vijayan, Freelance writerNews
A huge shadow IT problem is just one of the risks of uncontrolled cloud usage in healthcare organizations, new study shows.
By Jai Vijayan Freelance writer, 6/26/2015
Comment3 comments  |  Read  |  Post a Comment
Stealthy Fobber Malware Takes Anti-Analysis To New Heights
Sara Peters, Senior Editor at Dark ReadingNews
Built off the Tinba banking Trojan and distributed through the elusive HanJuan exploit kit, Fobber info-stealer defies researchers with layers upon layers of encryption.
By Sara Peters Senior Editor at Dark Reading, 6/25/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by srreeee
Current Conversations well said
In reply to: Re: It's is the Internet
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4692
Published: 2015-07-27
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

CVE-2015-1840
Published: 2015-07-26
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space cha...

CVE-2015-1872
Published: 2015-07-26
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via craft...

CVE-2015-2847
Published: 2015-07-26
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.

CVE-2015-2848
Published: 2015-07-26
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!