Cloud
News & Commentary
Cloud & The Fuzzy Math of Shadow IT
Krishna Narayanaswamy, Founder & Chief Scientist, NetskopeCommentary
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
By Krishna Narayanaswamy Founder & Chief Scientist, Netskope, 7/10/2014
Comment3 comments  |  Read  |  Post a Comment
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Julian Waits, President & CEO, ThreatTrack SecurityCommentary
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
By Julian Waits President & CEO, ThreatTrack Security, 7/9/2014
Comment4 comments  |  Read  |  Post a Comment
6 Things That Stink About SSL
Sara Peters,
Users might not care to trust the very mechanism that's supposed to provide online trust.
By Sara Peters , 7/9/2014
Comment3 comments  |  Read  |  Post a Comment
6 Tips for Using Big Data to Hunt Cyberthreats
Timber Wolfe, Principal Security Engineer, TrainACECommentary
You need to be smart about harnessing big data to defend against today’s security threats, data breaches, and attacks.
By Timber Wolfe Principal Security Engineer, TrainACE, 7/8/2014
Comment1 Comment  |  Read  |  Post a Comment
Q&A: Panda Security Staging A Comeback
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
New Panda CEO and former IBM security executive Diego Navarrete shares his strategy and insight into turning around the security company that has fallen off the radar screen over the last couple of years.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/7/2014
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Expands Encryption, Opens First Transparency Center
Sara Peters, Quick Hits
As part of Microsoft's new privacy initiative, Outlook and OneDrive have also gotten encryption enhancements.
By Sara Peters , 7/1/2014
Comment1 Comment  |  Read  |  Post a Comment
Hacker Movies We Love & Hate
Marilyn Cohodas, Community Editor, Dark Reading
Check out Dark Reading community members' favorite hacker movie hits and misses. Then add your picks in the comments section.
By Marilyn Cohodas Community Editor, Dark Reading, 7/1/2014
Comment3 comments  |  Read  |  Post a Comment
3 Hot Cloud Security Startups Snag Funding
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Tens of millions of venture capital dollars recently have been flowing into some growing cloud security endeavors.
By Ericka Chickowski Contributing Writer, Dark Reading, 6/30/2014
Comment1 Comment  |  Read  |  Post a Comment
How Microsoft Cracks The BYOD Code: 3 Tips
Bret Arsenault, CISO, MicrosoftCommentary
Microsoft’s CISO shares best-practices for balancing employee autonomy and security in today’s bring-your-own world.
By Bret Arsenault CISO, Microsoft, 6/30/2014
Comment5 comments  |  Read  |  Post a Comment
PlugX RAT Armed With 'Time Bomb' Leverages Dropbox In Attack
Brian Prince, Contributing Writer, Dark ReadingNews
Attackers used Dropbox to update command and control settings, according to Trend Micro. The malware included a trigger date of May 5 to begin running.
By Brian Prince Contributing Writer, Dark Reading, 6/27/2014
Comment4 comments  |  Read  |  Post a Comment
3 Mobile Security Tips For SMBs
Vijay Basani, Co-Founder, President & CEO, EIQ NetworksCommentary
Everyone in an organization has to work together to combat intrusions and data loss, but this is especially true for small businesses.
By Vijay Basani Co-Founder, President & CEO, EIQ Networks, 6/27/2014
Comment5 comments  |  Read  |  Post a Comment
Dell Focuses On Security
Michael Endler, Associate Editor, InformationWeek.comCommentary
Dell made a flurry of security-minded announcements this week, highlighted by improvements to its Dropbox for Business integration.
By Michael Endler Associate Editor, InformationWeek.com, 6/26/2014
Comment5 comments  |  Read  |  Post a Comment
Cloud Security: Think Today’s Reality, Not Yesterday’s Policy
Tal Klein, VP Strategy, AdallomCommentary
SaaS, BYOD, and mobility are inseparable, yet time and time again companies attempt to compartmentalize the three when they make a move to the cloud. That's a big mistake.
By Tal Klein VP Strategy, Adallom, 6/25/2014
Comment12 comments  |  Read  |  Post a Comment
What Workplace Privacy Will Look Like In 10 Years
David Melnick, Founder & CEO, WebLife BalanceCommentary
New laws like Europe's "right to be forgotten" in Google search are just the latest examples of how quickly perceptions and practices about personal privacy in the workplace are changing.
By David Melnick Founder & CEO, WebLife Balance, 6/19/2014
Comment10 comments  |  Read  |  Post a Comment
Cloud Disaster Recovery: CIOs Must Lead
Jonathan Feldman, CIO, City of Asheville, NCCommentary
IT teams wary of public cloud often discount its value in disaster recovery. That does a disservice to the business.
By Jonathan Feldman CIO, City of Asheville, NC, 6/18/2014
Comment5 comments  |  Read  |  Post a Comment
5 Hybrid Cloud Gotchas
Kurt Marko, Contributing EditorCommentary
Mixing public and private can deliver the best of both cloud worlds. But beware management complexity, cost volatility, data protection, and other potential snafus.
By Kurt Marko Contributing Editor, 6/10/2014
Comment3 comments  |  Read  |  Post a Comment
Government Cloud Use Hits Inflection Point
Michael Biddick, CEO, Fusion PPTCommentary
New standards, security, and architectures mean the CloudFirst stars are finally coming into alignment.
By Michael Biddick CEO, Fusion PPT, 5/30/2014
Comment1 Comment  |  Read  |  Post a Comment
Money, Skills, And Hired Guns: 2014 Strategic Security Survey
Michael A. Davis, Contributing EditorCommentary
Tight budgets. A manpower crunch. More -- and more sophisticated -- threats. Are you sure you're up to this?
By Michael A. Davis Contributing Editor, 5/12/2014
Comment2 comments  |  Read  |  Post a Comment
Cloud Providers Must Share Discovered Vulnerabilities
(ISC)2 Writers Bureau, Commentary
Government agencies must band together and insist in their contracts that cloud service providers share vulnerability information.
By (ISC)2 Writers Bureau , 5/9/2014
Comment8 comments  |  Read  |  Post a Comment
Privacy, Cybercrime Headline the Infosecurity Europe Conference
Mathew J. Schwartz,
Attendees debate NSA surveillance, privacy reforms, cybercrime defenses, and sharpen their CISO skills.
By Mathew J. Schwartz , 5/2/2014
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2963
Published: 2014-07-10
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.

CVE-2014-3310
Published: 2014-07-10
The File Transfer feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center does not verify that a requested file was an offered file, which allows remote attackers to read arbitrary files via a modified request, aka Bug IDs CSCup62442 and CSCup58463.

CVE-2014-3311
Published: 2014-07-10
Heap-based buffer overflow in the file-sharing feature in WebEx Meetings Client in Cisco WebEx Meetings Server and WebEx Meeting Center allows remote attackers to execute arbitrary code via crafted data, aka Bug IDs CSCup62463 and CSCup58467.

CVE-2014-3315
Published: 2014-07-10
Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCup76308.

CVE-2014-3316
Published: 2014-07-10
The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in Cisco Unified Communications Manager allows remote authenticated users to bypass intended upload restrictions via a crafted parameter, aka Bug ID CSCup76297.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.