Cloud
News & Commentary
Jeremiah Grossman's Tips For Black Hat Hopefuls & More
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Founder of WhiteHat Security visits the Dark Reading News Desk to dish on the Black Hat Briefings selection process, the state of Web security, the Wassenaar Arrangement, and Flash.
By Sara Peters Senior Editor at Dark Reading, 9/4/2015
Comment0 comments  |  Read  |  Post a Comment
HyTrust Claims Advances In Virtual Data Center Ops
Charles Babcock, Editor at Large, CloudNews
VMware security partner HyTrust has been pushing new steps in virtual machine and virtual network operations, including role-based access.
By Charles Babcock Editor at Large, Cloud, 9/4/2015
Comment1 Comment  |  Read  |  Post a Comment
China's Great Cannon: The Great Firewall's More Aggressive Partner
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Crowdstrike researchers visit Dark Reading News Desk at Black Hat to describe how China went on the offensive and extended its Internet censorship efforts beyond Chinese borders.
By Sara Peters Senior Editor at Dark Reading, 9/3/2015
Comment0 comments  |  Read  |  Post a Comment
Ashley Madison CEO Resigns
Dark Reading Staff, Quick Hits
Once again, a security breach claims an executive's job, but the business plans to continue operating.
By Dark Reading Staff , 8/28/2015
Comment7 comments  |  Read  |  Post a Comment
A Virtual Tour of IBM’s SOCs, With Roger Hellman
Dark Reading Staff, CommentaryVideo
IBM's Roger Hellman visits the Dark Reading News Desk to talk about how IBM recreated a unique security operations center experience at Black Hat.
By Dark Reading Staff , 8/27/2015
Comment0 comments  |  Read  |  Post a Comment
Paul Vixie On DNS Security & Botnet Takedowns
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
Internet pioneer and CEO of Farsight Security joins the Dark Reading News Desk at Black Hat.
By Sara Peters Senior Editor at Dark Reading, 8/24/2015
Comment3 comments  |  Read  |  Post a Comment
Beware The Hidden Risk Of Business Partners In The Cloud
Sekhar Sarukkai, Co-founder & VP, Engineering, Skyhigh NetworksCommentary
Enterprises vastly underestimate the cyber risk from digital connections to vendors, suppliers, agencies, consultants -- and any company with which employees do business.
By Sekhar Sarukkai Co-founder & VP, Engineering, Skyhigh Networks, 8/20/2015
Comment1 Comment  |  Read  |  Post a Comment
ID Thieves, Blackmailers Have Lots To Gain In Ashley Madison Breach
Sara Peters, Senior Editor at Dark ReadingNews
Breach highlights need for greater anonymity controls in identity and payment mechanisms.
By Sara Peters Senior Editor at Dark Reading, 8/19/2015
Comment5 comments  |  Read  |  Post a Comment
IE Bug Exploited In Wild After Microsoft Releases Out-Of-Band Patch
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Remote code execution vulnerability in Internet Explorer versions 7 through 11 being used to drop PlugX RAT.
By Sara Peters Senior Editor at Dark Reading, 8/19/2015
Comment0 comments  |  Read  |  Post a Comment
Hackers Dump Ashley Madison User Database... Where Most People Won't Find It
Dark Reading Staff, Quick Hits
Attackers make good on doxing threat, but post database to dark web.
By Dark Reading Staff , 8/18/2015
Comment2 comments  |  Read  |  Post a Comment
Making The Security Case For A Software-Defined Perimeter
Kurt A. Mueffelmann, President & CEO, CryptzoneCommentary
With SDP, organizations can create an 'invisible' infrastructure that only authorized users and devices can access. Here’s why it’s time has come.
By Kurt A. Mueffelmann President & CEO, Cryptzone, 8/18/2015
Comment0 comments  |  Read  |  Post a Comment
June Was 'Worst Month Of Malvertising Ever'
Sara Peters, Senior Editor at Dark ReadingNews
Flash zero-days made it easier to deliver ransomware and banking Trojans, and commit click fraud.
By Sara Peters Senior Editor at Dark Reading, 8/12/2015
Comment1 Comment  |  Read  |  Post a Comment
Man-In-The-Cloud Owns Your DropBox, Google Drive -- Sans Malware
Sara Peters, Senior Editor at Dark ReadingNews
Using no malware or stolen passwords, new attack can compromise your cloud synch services and make your good files malicious.
By Sara Peters Senior Editor at Dark Reading, 8/5/2015
Comment3 comments  |  Read  |  Post a Comment
Can't Touch This: 'Hammertoss' Russian Cyberspies Hide In Plain Sight
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
APT29 cyber espionage attackers operate under the cover of legitimate services including Twitter, Github, and cloud storage services.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/29/2015
Comment4 comments  |  Read  |  Post a Comment
New Phishing Campaign Leverages Google Drive
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers believe technique is geared to take over Google SSO accounts.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2015
Comment2 comments  |  Read  |  Post a Comment
Emerging Web Infrastructure Threats
Sara Peters, Senior Editor at Dark Reading
A secure cloud relies on some weak Internet infrastructure with some new BGP vulnerabilities that will be disclosed at Black Hat USA.
By Sara Peters Senior Editor at Dark Reading, 7/23/2015
Comment2 comments  |  Read  |  Post a Comment
Microsoft Acquires Israeli Cloud Security Firm Adallom
Nathan Eddy, Freelance WriterNews
Microsoft is dropping $320 million to purchase Adallom, a cloud security specialist that has offices in Tel Aviv and Palo Alto.
By Nathan Eddy Freelance Writer, 7/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Ashley Madison Exposed: Affair Hookup Site Hacked, Member Data Posted Online
Dark Reading Staff, Quick Hits
Member data pilfered, posted in apparent hacktivist-style doxing attack.
By Dark Reading Staff , 7/20/2015
Comment10 comments  |  Read  |  Post a Comment
Darkode Shuttered But Cybercrime Still Alive And Well
Dark Reading Staff, News
Major international law enforcement takedown of exclusive criminal hacker forum highlights victory -- and challenges -- of global law enforcement of cybercrime.
By Fahmida Rashid, Contributing Editor , 7/17/2015
Comment0 comments  |  Read  |  Post a Comment
Researchers To Offer Free BGP Security Alert Tool Via Twitter
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New tool to be unveiled at Black Hat USA next month will tweet out route hijacking attacks on the Net.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/15/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9605
Published: 2015-09-04
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webup...

CVE-2015-5612
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via the caption tag of a profile image.

CVE-2015-5688
Published: 2015-09-04
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.

CVE-2015-6807
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label.

CVE-2015-6808
Published: 2015-09-04
Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.