Cloud

News & Commentary
The Security Costs of Cloud-Native Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Overhauling the 3 Pillars of Security Operations
Dave Frampton, Vice President of Security Solutions at Sumo LogicCommentary
Modern apps and the cloud mean that organizations must now rethink older security practices.
By Dave Frampton Vice President of Security Solutions at Sumo Logic, 9/18/2018
Comment1 Comment  |  Read  |  Post a Comment
Foreshadow, SGX & the Failure of Trusted Execution
Yehuda Lindell, Chief Scientist at Unbound Tech and Professor of Computer Science at Bar-Ilan UniversityCommentary
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.
By Yehuda Lindell Chief Scientist at Unbound Tech and Professor of Computer Science at Bar-Ilan University, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
The Key to Stealing a Tesla Model S
Dark Reading Staff, Quick Hits
A team of hackers finds it's possible to steal a Tesla Model S by cloning the key fob.
By Dark Reading Staff , 9/11/2018
Comment0 comments  |  Read  |  Post a Comment
British Airways Breach Linked to Ticketmaster Breach Attackers
Dark Reading Staff, Quick Hits
Magecart attackers hit airline with the same "digital skimmers" they used on the entertainment company in June, researchers say.
By Dark Reading Staff , 9/11/2018
Comment0 comments  |  Read  |  Post a Comment
Three Trend Micro Apps Caught Collecting MacOS User Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.
By Kelly Sheridan Staff Editor, Dark Reading, 9/10/2018
Comment0 comments  |  Read  |  Post a Comment
8 Attack Vectors Puncturing Cloud Environments
Kelly Sheridan, Staff Editor, Dark Reading
These methods may not yet be on your security team's radar, but given their impact, they should be.
By Kelly Sheridan Staff Editor, Dark Reading, 9/7/2018
Comment0 comments  |  Read  |  Post a Comment
Understanding & Solving the Information-Sharing Challenge
Jonathan Couch, Senior VP of Strategy, ThreatQuotientCommentary
Why cybersecurity threat feeds from intel-sharing groups diminish in value and become just another source of noise. (And what to do about it.)
By Jonathan Couch Senior VP of Strategy, ThreatQuotient, 9/6/2018
Comment1 Comment  |  Read  |  Post a Comment
The Weakest Security Links in the (Block)Chain
Drew Peck & Tim Butler, Executive Director and CEO & Founder of TegoCommentary
Despite the technology's promise to transform how business is done, there are significant limitations and potential risks at the intersection of the digital and physical worlds.
By Drew Peck & Tim Butler Executive Director and CEO & Founder of Tego, 9/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Machine Identities Need Protection, Too
Dark Reading Staff, Quick Hits
A new study shows that device identities need a level of protection that they're not getting from most organizations.
By Dark Reading Staff , 8/31/2018
Comment0 comments  |  Read  |  Post a Comment
'Celebgate' Hacker Heading to Prison
Dark Reading Staff, Quick Hits
Connecticut man gets eight months for role in attack involving leak of personal celebrity photos, including those of actress Jennifer Lawrence.
By Dark Reading Staff , 8/30/2018
Comment0 comments  |  Read  |  Post a Comment
How Can We Improve the Conversation Among Blue Teams?
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Dark Reading seeks new ways to bring defenders together to share information and best practices
By Tim Wilson, Editor in Chief, Dark Reading , 8/27/2018
Comment5 comments  |  Read  |  Post a Comment
It Takes an Average 38 Days to Patch a Vulnerability
Kelly Sheridan, Staff Editor, Dark ReadingNews
Analysis of 316 million-plus security incidents uncovers most common types of real-world attacks taking place within in-production Web apps in the AWS and Azure cloud ecosystems.
By Kelly Sheridan Staff Editor, Dark Reading, 8/22/2018
Comment1 Comment  |  Read  |  Post a Comment
Adobe Software at Center of Two Vulnerability Disclosures
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Newly discovered Photoshop and Ghostscript vulnerabilities allow remote code execution.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/22/2018
Comment0 comments  |  Read  |  Post a Comment
Hackers Use Public Cloud Features to Breach, Persist In Business Networks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks.
By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
Google Updates: Cloud HSM Beta, Binary Authorization for Kubernetes
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google's latest cloud security rollouts include early releases of its cloud-hosted security module and a container security tool to verify signed images.
By Kelly Sheridan Staff Editor, Dark Reading, 8/20/2018
Comment0 comments  |  Read  |  Post a Comment
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
Dark Reading Staff, CommentaryVideo
Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix.
By Dark Reading Staff , 8/20/2018
Comment1 Comment  |  Read  |  Post a Comment
Make a Wish: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 8/18/2018
Comment0 comments  |  Read  |  Post a Comment
Ensuring Web Applications Are Hardened, Secure
Dark Reading Staff, CommentaryVideo
Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
Simplifying Endpoint Hardening, Defense & Response
Dark Reading Staff, CommentaryVideo
Ziften CEO Mike Hamilton advocates taking complexity, time, and cost out of multi-faceted endpoint protection, with a single-agent solution for laptops, desktops, servers, and cloud VMs.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.