Cloud

News & Commentary
At RSAC, SOC 'Sees' User Behaviors
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/20/2018
Comment0 comments  |  Read  |  Post a Comment
Data Visibility, Control Top Cloud Concerns at RSA
Kelly Sheridan, Staff Editor, Dark ReadingNews
As the traditional perimeter dissolves and sensitive data moves to the cloud, security experts at RSA talk about how they're going to protect it.
By Kelly Sheridan Staff Editor, Dark Reading, 4/18/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft to Roll Out Azure Sphere for IoT Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
Azure Sphere, now in preview, is a three-part program designed to secure the future of connected devices and powered by its own custom version of Linux.
By Kelly Sheridan Staff Editor, Dark Reading, 4/16/2018
Comment0 comments  |  Read  |  Post a Comment
INsecurity Conference Seeks Security Pros to Speak on Best Practices
Tim Wilson, Editor in Chief, Dark Reading, News
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
By Tim Wilson, Editor in Chief, Dark Reading , 4/16/2018
Comment0 comments  |  Read  |  Post a Comment
Large Majority of Businesses Store Sensitive Data in Cloud Despite Lack of Trust
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers report 97% of survey respondents use some type of cloud service but continue to navigate issues around visibility and control.
By Kelly Sheridan Staff Editor, Dark Reading, 4/16/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Non-Financial Data Types to Secure
Curtis Franklin Jr., Senior Editor at Dark Reading
Credit card and social security numbers aren't the only sensitive information that requires protection.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/14/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Steps to a Smooth, Secure Cloud Transition
Kelly Sheridan, Staff Editor, Dark Reading
Security leaders share their top steps to keep in mind as your organization moves data and applications to the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 4/13/2018
Comment0 comments  |  Read  |  Post a Comment
Uber Agrees to New FTC Settlement Over 2016 Breach Disclosure
Dark Reading Staff, Quick Hits
Uber has agreed to an updated settlement with the FTC after news of its massive 2016 data breach.
By Dark Reading Staff , 4/12/2018
Comment0 comments  |  Read  |  Post a Comment
Microsegmentation: Strong Security in Small Packages
Avishai Wool, Co-Founder and CTO at AlgoSecCommentary
A deep dive into how organizations can effectively devise and implement microsegmentation in a software-defined networking data center.
By Avishai Wool Co-Founder and CTO at AlgoSec, 4/12/2018
Comment1 Comment  |  Read  |  Post a Comment
On-Premise Security Tools Struggle to Survive in the Cloud
Kelly Sheridan, Staff Editor, Dark ReadingNews
Businesses say their current security tools aren't effective in the cloud but hesitate to adopt cloud-based security systems.
By Kelly Sheridan Staff Editor, Dark Reading, 4/10/2018
Comment1 Comment  |  Read  |  Post a Comment
CA Acquires SourceClear
Dark Reading Staff, Quick Hits
CA adds software composition analysis capabilities to Veracode lineup through acquisition.
By Dark Reading Staff , 4/9/2018
Comment0 comments  |  Read  |  Post a Comment
Serverless Architectures: A Paradigm Shift in Application Security
Ory Segal, CTO, PureSecCommentary
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
By Ory Segal CTO, PureSec, 4/9/2018
Comment0 comments  |  Read  |  Post a Comment
Best Buy the Latest Victim of Third-Party Security Breach
Dark Reading Staff, Quick Hits
Retailer says customer payment and other information may have been exposed via the breach of [24]7.ai online chat provider.
By Dark Reading Staff , 4/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Unpatched Vulnerabilities the Source of Most Data Breaches
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New studies show how patching continues to dog most organizations - with real consequences.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/5/2018
Comment0 comments  |  Read  |  Post a Comment
Misconfigured Clouds Compromise 424% More Records in 2017
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybercriminals are increasingly aware of misconfigured systems and they're taking advantage, report IBM X-Force researchers.
By Kelly Sheridan Staff Editor, Dark Reading, 4/4/2018
Comment0 comments  |  Read  |  Post a Comment
Active Cyber Defense Is an Opportunity, Not a Threat
Markus Jakobsson, Chief Scientist at AgariCommentary
If honest citizens can be tracked online with cookies and beacons that share where we are and what we are doing, then why should security professionals restrict their ability to hack attackers?
By Markus Jakobsson Chief Scientist at Agari, 4/4/2018
Comment0 comments  |  Read  |  Post a Comment
7 Deadly Security Sins of Web Applications
Ericka Chickowski, Contributing Writer, Dark Reading
The top ways organizations open themselves up to damaging Web app attacks.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/3/2018
Comment1 Comment  |  Read  |  Post a Comment
Hudson's Bay Brands Hacked, 5 Million Credit Card Accounts Stolen
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The infamous Carbanak/FIN7 cybercrime syndicate breached Saks and Lord & Taylor and is now selling some of the stolen credit card accounts on the Dark Web.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/2/2018
Comment0 comments  |  Read  |  Post a Comment
Qualys Buys 1Mobility Software Assets
Dark Reading Staff, Quick Hits
Qualys has purchased the software assets of 1Mobility for an undisclosed sum.
By Dark Reading Staff , 4/2/2018
Comment0 comments  |  Read  |  Post a Comment
Is Security Accelerating Your Business?
Ameesh Divatia, Co-Founder & CEO of BaffleCommentary
With an ever-growing list of security and compliance requirements, security can hinder or slow business initiatives. Is your security department stuck in slow gear or can it go faster?
By Ameesh Divatia Co-Founder & CEO of Baffle, 4/2/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by carlm21
Current Conversations good one
In reply to: Re: Pardon me but ......
Post Your Own Reply
More Conversations
PR Newswire
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer,  4/17/2018
Securing Social Media: National Safety, Privacy Concerns
Kelly Sheridan, Staff Editor, Dark Reading,  4/19/2018
Firms More Likely to Tempt Security Pros With Big Salaries than Invest in Training
Sara Peters, Senior Editor at Dark Reading,  4/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.