Cloud

News & Commentary
GDPR Suit Filed Against Amazon, Apple
Dark Reading Staff, Quick Hits
An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.
By Dark Reading Staff , 1/18/2019
Comment0 comments  |  Read  |  Post a Comment
8 Tips for Monitoring Cloud Security
Kelly Sheridan, Staff Editor, Dark Reading
Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 1/18/2019
Comment1 Comment  |  Read  |  Post a Comment
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Ofer Amitai, CEO, PortnoxCommentary
The network no longer provides an air gap against external threats, but access devices can take up the slack.
By Ofer Amitai CEO, Portnox, 1/17/2019
Comment2 comments  |  Read  |  Post a Comment
Former IBM Security Execs Launch Cloud Data Security Startup
Kelly Sheridan, Staff Editor, Dark ReadingNews
Sonrai Security, the brainchild of two execs from IBM Security and Q1 Labs, debuts with $18.5 million in Series A funding.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
Who Takes Responsibility for Cyberattacks in the Cloud?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new CSA report addresses the issue of breach responsibility as more organizations move ERP application data the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 1/11/2019
Comment2 comments  |  Read  |  Post a Comment
Reddit Alerts Users to Possible Account Breaches
Dark Reading Staff, Quick Hits
User lockouts, combined with requirements for new passwords, indicate an attack on accounts at the popular social media platform.
By Dark Reading Staff , 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
Container Deployments Bring Security Woes at DevOps Speed
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Nearly half of all companies know that they're deploying containers with security flaws, according to a new survey.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/9/2019
Comment0 comments  |  Read  |  Post a Comment
Security at the Speed of DevOps: Maturity, Orchestration, and Detection
Kamal Shah, CEO at StackRoxCommentary
Container and microservices technologies, including the orchestrator Kubernetes, create an extraordinary opportunity to build infrastructure and applications that are secure by design.
By Kamal Shah CEO at StackRox, 1/9/2019
Comment0 comments  |  Read  |  Post a Comment
New 'Crypto Dusting' Attack Gives Cash, Takes Reputation
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
This new form of crypto wallet fraud enlists unwary consumers and companies to help defeat anti-money laundering methods for law enforcement and regulators.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Your Life Is the Attack Surface: The Risks of IoT
Jason Haddix, Vice President of Researcher Growth at BugcrowdCommentary
To protect yourself, you must know where you're vulnerable and these tips can help.
By Jason Haddix Vice President of Researcher Growth at Bugcrowd, 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Sophos Buys Cloud Security Company
Dark Reading Staff, Quick Hits
Deal gives Sophos a new AI-based cloud security platform.
By Dark Reading Staff , 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Report: Consumers Buy New Smart Devices But Don't Trust Them
Dark Reading Staff, Quick Hits
The gap between acceptance and trust for new smart devices is huge, according to a new survey.
By Dark Reading Staff , 1/7/2019
Comment1 Comment  |  Read  |  Post a Comment
Managing Security in Today's Compliance and Regulatory Environment
Andrew Williams, Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, CoalfireCommentary
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
By Andrew Williams Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, Coalfire, 1/4/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers Use Google Cloud to Target US, UK Banks
Dark Reading Staff, Quick Hits
Employees at financial services firms hit with an email attack campaign abusing a Google Cloud storage service.
By Dark Reading Staff , 12/26/2018
Comment3 comments  |  Read  |  Post a Comment
Spending Spree: What's on Security Investors' Minds for 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 12/26/2018
Comment2 comments  |  Read  |  Post a Comment
Security 101: How Businesses and Schools Bridge the Talent Gap
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts share the skills companies are looking for, the skills students are learning, and how to best find talent you need.
By Kelly Sheridan Staff Editor, Dark Reading, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
US Indicts 2 APT10 Members for Years-Long Hacking Campaign
Dark Reading Staff, Quick Hits
In an indictment unsealed this morning, the US ties China's state security agency to a widespread campaign of personal and corporate information theft.
By Dark Reading Staff , 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
How to Remotely Brick a Server
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers demonstrate the process of remotely bricking a server, which carries serious and irreversible consequences for businesses.
By Kelly Sheridan Staff Editor, Dark Reading, 12/19/2018
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots
Phillip Maddux, Principal Application Security Researcher & Advisor at Signal SciencesCommentary
While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
By Phillip Maddux Principal Application Security Researcher & Advisor at Signal Sciences, 12/19/2018
Comment0 comments  |  Read  |  Post a Comment
Shhhhh! The Secret to Secrets Management
Mark B. Cooper, President and Founder, PKI SolutionsCommentary
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
By Mark B. Cooper President and Founder, PKI Solutions, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Government Shutdown Brings Certificate Lapse Woes
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.