Cloud
News & Commentary
Top 10 Web Hacking Techniques For 2015
Ericka Chickowski, Contributing Writer, Dark Reading
The most influential research on vulnerabilities and exploits, as voted on by the security community.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/27/2016
Comment1 Comment  |  Read  |  Post a Comment
Mexican Voter Database Exposed
Dark Reading Staff, Quick Hits
Unsecured database leads to 'leak' of private information of 87 million Mexican voters.
By Dark Reading Staff , 4/26/2016
Comment7 comments  |  Read  |  Post a Comment
Mea Culpa: Time To Build Security Into Connectivity
Mark Hoover, CEO, Vidder, Inc.Commentary
How those of us who spent decades developing faster, easier, and more scalable networking technology have made the lives of our security counterparts a living hell.
By Mark Hoover CEO, Vidder, Inc., 4/21/2016
Comment0 comments  |  Read  |  Post a Comment
Google Finds 800,000 Websites Breached Worldwide
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
In the past year, the search engine giant has detected close to 800,000 sites infected with drive-by download malware and other malicious content aimed at nabbing unsuspecting visitors.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/18/2016
Comment2 comments  |  Read  |  Post a Comment
Privacy Debate: Apple & Google Today; AWS or Azure Tomorrow?
Kennet Westby, Founding Partner, President & COO, CoalfireCommentary
Why the recent fight over mobile phone security and encryption is moving to the cloud.
By Kennet Westby Founding Partner, President & COO, Coalfire, 4/18/2016
Comment1 Comment  |  Read  |  Post a Comment
Cloud Stampede Is On, But Who's Watching Security?
Charles Babcock, Editor at Large, CloudNews
A survey by Intel and the Cloud Security Alliance finds that the use of cloud services is increasing, but more in-depth security measures are needed.
By Charles Babcock Editor at Large, Cloud, 4/18/2016
Comment2 comments  |  Read  |  Post a Comment
Rethinking Application Security With Microservices Architectures
Ranga Rajagopalan, Chief Technology Officer, Avi NetworksCommentary
The advantages offered by the container model go against many of the assumptions of traditional security mechanisms. Here are 5 new concepts & 4 best practices you’ll need to understand.
By Ranga Rajagopalan Chief Technology Officer, Avi Networks, 4/15/2016
Comment1 Comment  |  Read  |  Post a Comment
Is Cloud Security An Exaggerated Concern?
Raj Samani , Chief Technology Officer of Intel Security’s Europe, Middle East and Africa division
Research indicates the challenge has never been about security, but about transparency.
By Raj Samani Chief Technology Officer of Intel Security’s Europe, Middle East and Africa division, 4/14/2016
Comment1 Comment  |  Read  |  Post a Comment
EU Privacy Officials Push Back On Privacy Shield
Sara Peters, Senior Editor at Dark ReadingNews
Better than Safe Harbor, but not good enough. Should we care what they think?
By Sara Peters Senior Editor at Dark Reading, 4/13/2016
Comment1 Comment  |  Read  |  Post a Comment
10 Cybersecurity Twitter Profiles To Watch
Sean Martin, CISSP | President, imsmartin
If you’re responsible for an information security program, check out these influencers to follow.
By Sean Martin CISSP | President, imsmartin, 4/7/2016
Comment3 comments  |  Read  |  Post a Comment
Understanding The Cloud Threat Surface
Ron Zalkind, CTO & Co-founder, CloudLockCommentary
How today’s borderless environment creates new threat vectors from third-party apps, brute force password attacks, and login attempts with stolen credentials.
By Ron Zalkind CTO & Co-founder, CloudLock, 4/6/2016
Comment9 comments  |  Read  |  Post a Comment
How to Hack Your Own Car
Craig Smith, CEO, Theia LabsCommentary
As vehicles become more software-driven, car manufacturers are keeping the inner workings of electronics systems more secretive. Here's one way to maintain security updates and still preserve your 'freedom to tinker.'
By Craig Smith CEO, Theia Labs, 4/5/2016
Comment4 comments  |  Read  |  Post a Comment
CAs Need To Force Rules Around Trust
Adam Shostack, Founder, Stealth StartupCommentary
Google Symantec flap reveals worrisome weakness in the CA system.
By Adam Shostack Founder, Stealth Startup, 4/4/2016
Comment0 comments  |  Read  |  Post a Comment
'FBiOS' Case Heading For A New Firestorm
Jonathan Braverman, Legal and Compliance Officer, CymmetriaCommentary
The surprise developments in the FBI v Apple case offer little reason to celebrate for encryption and privacy advocates.
By Jonathan Braverman Legal and Compliance Officer, Cymmetria, 3/30/2016
Comment1 Comment  |  Read  |  Post a Comment
Cybercrime: A Black Market Price List From The Dark Web
Ericka Chickowski, Contributing Writer, Dark Reading
What does it cost for malware, stolen identities and other tools of the cybercriminal trade? Probably less than you think.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/30/2016
Comment0 comments  |  Read  |  Post a Comment
FBI Investigating MedStar Health Computer Hack
Dark Reading Staff, Quick Hits
Questions over whether malware that infected the network of a Washington-based healthcare firm MedStar Health Inc., is ransomware.
By Dark Reading Staff , 3/29/2016
Comment2 comments  |  Read  |  Post a Comment
Survey Shows Cloud Infrastructure Security A Major Challenge
Dark Reading Staff, Quick Hits
Two-thirds of IT security professionals say that network security has become more difficult over the last two years with growing complexity in managing heterogeneous network environments.
By Dark Reading Staff , 3/29/2016
Comment2 comments  |  Read  |  Post a Comment
Most Federal Agencies Have Suffered A Data Breach
Dark Reading Staff, Quick Hits
Vormetric report indicates that security spending in federal agencies hampers modern security techniques to safeguard critical data.
By Dark Reading Staff , 3/28/2016
Comment1 Comment  |  Read  |  Post a Comment
How To Share Threat Intelligence Through CISA: 10 Things To Know
Sara Peters, Senior Editor at Dark ReadingNews
If you want those liability protections the Cybersecurity Information Sharing Act promised, you must follow DHS's new guidelines.
By Sara Peters Senior Editor at Dark Reading, 3/26/2016
Comment3 comments  |  Read  |  Post a Comment
DOJ Indicts 7 Iranian Hackers For Attacks On US Banks And New York Dam
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Iranian government-backed hackers allegedly behind massive DDoS campaign from 2011- to 2013 against US financial sector, and 2013 breach of Windows XP server at a dam.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/24/2016
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "At least our data usage is way down since we had him fixed."
Current Issue
Understanding & Managing the Mobile Security Threat
Mobile devices are increasing IT security risk. Is your enterprise ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Join us as Dark Reading editors speak with IT security hiring experts about improving IT career prospects.