Cloud
News & Commentary
IRS Breach Exposes 100,000 Taxpayers' Tax Returns, Other Data
Dark Reading Staff, Quick Hits
Online 'Get Transcript' service accessed from February to mid-May.
By Dark Reading Staff , 5/26/2015
Comment2 comments  |  Read  |  Post a Comment
A Threat Intelligence-Sharing Reality-Check
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Many organizations employ sharing one-way (gathering) and mainly for 'CYA,' experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/26/2015
Comment0 comments  |  Read  |  Post a Comment
Google: Account Recovery Security Questions Not Very Secure
Jai Vijayan, Freelance writerNews
An analysis of millions of answers to security questions show many are predictable and easily guessable, says Google.
By Jai Vijayan Freelance writer, 5/22/2015
Comment2 comments  |  Read  |  Post a Comment
Data Encryption In The Cloud: Square Pegs In Round Holes
Thomas Ristenpart, Asst. Professor, Computer Sciences, University of WisconsinCommentary
Conventional encryption is a surefire solution for protecting sensitive data -- except when it breaks cloud applications. “Format-preserving” encryption could change all that.
By Thomas Ristenpart Asst. Professor, Computer Sciences, University of Wisconsin, 5/21/2015
Comment0 comments  |  Read  |  Post a Comment
Half Of Retail, Healthcare Sites 'Always Vulnerable'
Sara Peters, Senior Editor at Dark ReadingNews
Finding vulnerabilities in custom web applications isn't the major problem; fixing them in a timely fashion is, a new report from WhiteHat Security finds.
By Sara Peters Senior Editor at Dark Reading, 5/21/2015
Comment0 comments  |  Read  |  Post a Comment
Logjam Encryption Flaw Threatens Secure Communications On Web
Jai Vijayan, Freelance writerNews
Most major browsers, websites that support export ciphers impacted
By Jai Vijayan Freelance writer, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Polish Security Firm Discloses Unpatched Security Flaws in Google App Engine
Jai Vijayan, Freelance writerNews
Google was given enough time to respond researcher says.
By Jai Vijayan Freelance writer, 5/15/2015
Comment0 comments  |  Read  |  Post a Comment
Experts' Opinions Mixed On VENOM Vulnerability
Sara Peters, Senior Editor at Dark ReadingNews
Some say the virtualization vuln could be worse than Heartbleed, while others advise to patch, but don't panic.
By Sara Peters Senior Editor at Dark Reading, 5/14/2015
Comment2 comments  |  Read  |  Post a Comment
Cloud Security Alliance, Waverley Labs Collaborate On Open-Source Software-Defined Perimeter Spec
Jai Vijayan, Freelance writerNews
SDPs offer enterprises an alternative to traditional perimeter tools for protecting network assets, says CSA, Waverley
By Jai Vijayan Freelance writer, 5/13/2015
Comment0 comments  |  Read  |  Post a Comment
VENOM Zero-Day May Affect Thousands Of Cloud, Virtualization Products
Sara Peters, Senior Editor at Dark ReadingNews
Critical vulnerability in the open-source QEMU hypervisor lets attackers break out of a virtual machine, execute code on a host machine and access all the other VMs on the host.
By Sara Peters Senior Editor at Dark Reading, 5/13/2015
Comment6 comments  |  Read  |  Post a Comment
Verizon 2015 Data Breach Cover Puzzler Solved: Defending Champs Win
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The 2015 DBIR Cover Challenge is as highly anticipated by some as the DBIR report itself.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/12/2015
Comment0 comments  |  Read  |  Post a Comment
Protecting The Data Lifecycle From Network To Cloud
Gerry Grealish, CMO, PerspecsysCommentary
Enterprises are pushing more sensitive and regulated data into the public cloud than ever before. But the journey carries many new risks.
By Gerry Grealish CMO, Perspecsys, 5/12/2015
Comment0 comments  |  Read  |  Post a Comment
10 Security Questions To Ask A Cloud Service Provider
Ericka Chickowski, Contributing Writer, Dark Reading
Help the business assess the risks of cloud services with these handy questions.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/12/2015
Comment2 comments  |  Read  |  Post a Comment
PHP Hash Comparison Weakness A Threat To Websites, Researcher Says
Jai Vijayan, Freelance writerNews
Flaw could allow attackers to compromise user accounts, WhiteHat Security's Robert Hansen -- aka "RSnake" -- says in new finding on 'Magic Hash' vulnerability.
By Jai Vijayan Freelance writer, 5/9/2015
Comment2 comments  |  Read  |  Post a Comment
White House Evaluating New Court Ruling Declaring NSA Data-Collection Program Illegal
Jai Vijayan, Freelance writerNews
Administration will continue to work with Congress to reform surveillance laws, NSC spokesman says.
By Jai Vijayan Freelance writer, 5/7/2015
Comment1 Comment  |  Read  |  Post a Comment
Vixie Proposes 'Cooling-Off Period' For New Domains To Deter Cybercrime
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Short trial period would help detect malicious use of domain names, Internet expert says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/6/2015
Comment9 comments  |  Read  |  Post a Comment
Law Enforcement Finding Few Allies On Encryption
Sara Peters, Senior Editor at Dark ReadingNews
Cloud providers, mobile device manufacturers, private citizens, and a bipartisan Congressional committee are lining up on the opposite side.
By Sara Peters Senior Editor at Dark Reading, 5/5/2015
Comment3 comments  |  Read  |  Post a Comment
Google's Urs Hoelzle: Cloud Will Soon Be More Secure
Charles Babcock, Editor at Large, CloudNews
Google's chief data center architect, Urs Hoelzle, says cloud security will improve faster than enterprise security in the next few years.
By Charles Babcock Editor at Large, Cloud, 4/30/2015
Comment12 comments  |  Read  |  Post a Comment
Bringing Tokenization To Secure Payments & Beyond
Sara Peters, Senior Editor at Dark ReadingNews
HYPR aims to do for everything else what ApplePay has done for payments
By Sara Peters Senior Editor at Dark Reading, 4/28/2015
Comment5 comments  |  Read  |  Post a Comment
Cisco Offers Free Decryption Tool For Ransomware Victims
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Tool decrypts, unlocks files hit by TeslaCrypt ransomware attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/28/2015
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

CVE-2015-2922
Published: 2015-05-27
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.