Cloud
News & Commentary
'Shadow' Cloud Services Rampant In Government Networks
Jai Vijayan, Freelance writerNews
Survey finds public sector employees use unmanaged cloud services just as much as private employees.
By Jai Vijayan Freelance writer, 2/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Superfish Compromises All SSL Connections On Lenovo Gear
Sara Peters, Senior Editor at Dark ReadingNews
More than just pre-installed adware on some Lenovo laptops, Superfish acts as a man-in-the-middle certificate authority, hijacking every SSL session the laptop makes.
By Sara Peters Senior Editor at Dark Reading, 2/19/2015
Comment10 comments  |  Read  |  Post a Comment
Malvertising Gets Boost From Malicious Browser Plug-ins
Dark Reading Staff, Quick Hits
Cisco discovers malicious browser add-ons that serve up unwanted and sometimes infected ads.
By Dark Reading Staff , 2/12/2015
Comment0 comments  |  Read  |  Post a Comment
Box Giving Customers Control Over Encryption Keys
Sara Peters, Senior Editor at Dark ReadingNews
Box says they've eliminated the last major barrier to cloud adoption, even in highly regulated organizations.
By Sara Peters Senior Editor at Dark Reading, 2/10/2015
Comment1 Comment  |  Read  |  Post a Comment
Enterprises Underestimate Actual Shadow Cloud Risks
Jai Vijayan, Freelance writerNews
More than 85 percent of cloud applications used in the workplace are unsanctioned, study shows.
By Jai Vijayan Freelance writer, 2/3/2015
Comment3 comments  |  Read  |  Post a Comment
New Adobe Flash 0-Day Used In Malvertising Campaign
Sara Peters, Senior Editor at Dark ReadingNews
The latest in a series of recent Flash vulnerabilities and malvertising exploits that are hard for users to avoid.
By Sara Peters Senior Editor at Dark Reading, 2/2/2015
Comment5 comments  |  Read  |  Post a Comment
ZeroAccess Click-Fraud Botnet Back In Action Again
Sara Peters, Senior Editor at Dark ReadingNews
After a six-month hiatus, the much-diminished P2P botnet is up to its old tricks.
By Sara Peters Senior Editor at Dark Reading, 1/29/2015
Comment1 Comment  |  Read  |  Post a Comment
Facebook Messenger: Classically Bad AppSec
Daniel Riedel, CEO, New ContextCommentary
Facebook offers a textbook example of what the software industry needs to do to put application security in the forefront of software development.
By Daniel Riedel CEO, New Context, 1/21/2015
Comment2 comments  |  Read  |  Post a Comment
Insider Threats in the Cloud: 6 Harrowing Tales
Kaushik Narayan, Co-Founder and CTO at Skyhigh NetworksCommentary
The cloud has vastly expanded the scope of rogue insiders. Read on to discover the latest threat actors and scenarios.
By Kaushik Narayan Co-Founder and CTO at Skyhigh Networks, 1/13/2015
Comment5 comments  |  Read  |  Post a Comment
Cloud Services Adoption: Rates, Reasons & Security Fears
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Concern over data breaches and privacy are two reasons enterprises in the European Union didn’t increase their use of cloud services in 2014, according to the EU’s recent Eurostat report.
By Dave Kearns Analyst, Kuppinger-Cole, 1/12/2015
Comment3 comments  |  Read  |  Post a Comment
20 Startups To Watch In 2015
Ericka Chickowski, Contributing Writer, Dark Reading
Check our list of security startups sure to start (or continue) making waves in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/29/2014
Comment6 comments  |  Read  |  Post a Comment
Shadow IT: Not The Risk You Think
Tal Klein, VP Strategy, AdallomCommentary
Enterprise cloud services such as Box, Office 365, Salesforce, and Google Apps can make a better case for being called sanctioned than many legacy, on-premises, IT-provisioned applications.
By Tal Klein VP Strategy, Adallom, 12/12/2014
Comment1 Comment  |  Read  |  Post a Comment
Universal Multi-Factor Authentication Steps Closer To The Mainstream
Sara Peters, Senior Editor at Dark ReadingNews
The FIDO Alliance today finalized two universal authentication standards and one of its founding members, Nok Nok Labs, closed on $8.5 million of financing.
By Sara Peters Senior Editor at Dark Reading, 12/9/2014
Comment0 comments  |  Read  |  Post a Comment
Q&A: Internet Encryption As The New Normal
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Internet Architecture Board chairman Russ Housley explains what the IAB's game-changing statement about encryption means for the future of the Net.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/1/2014
Comment6 comments  |  Read  |  Post a Comment
Dangers Of Shopping Are Evolving
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Point-of-sale malware is making brick-and-mortar shopping more dangerous. Online, attackers are beginning to value user accounts with payment information attached more than credit card details themselves.
By Sara Peters Senior Editor at Dark Reading, 11/26/2014
Comment6 comments  |  Read  |  Post a Comment
6 Million+ Email Accounts Worldwide Exposed In Past 3 Months
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Spike in number of stolen accounts likely due to uptick in major data breaches, researchers say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/25/2014
Comment4 comments  |  Read  |  Post a Comment
Underground Carders Abusing Charities To Verify Stolen Payment Data
Sara Peters, Senior Editor at Dark ReadingNews
Charities' weak fraud controls make things easier on donors and criminals alike.
By Sara Peters Senior Editor at Dark Reading, 11/25/2014
Comment2 comments  |  Read  |  Post a Comment
Cloud Security By The Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Quantifying the perceptions around cloud security practices.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/21/2014
Comment8 comments  |  Read  |  Post a Comment
New Certification Authority To Offer Free Certs For HTTPS
Sara Peters, Senior Editor at Dark ReadingNews
The Electronic Frontier Foundation's new certificate authority aims to make getting a domain validation TLS cert so easy, you can't resist.
By Sara Peters Senior Editor at Dark Reading, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
The Rise Of The Resilient Mobile Botnet
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report on what researchers call one of the 'most sophisticated mobile botnets online' shows how profitable mobile malware has become.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/19/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1414
Published: 2015-02-27
Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory.

CVE-2015-2072
Published: 2015-02-27
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or...

CVE-2015-2075
Published: 2015-02-27
SAP BussinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.

CVE-2015-2076
Published: 2015-02-27
The Auditing service in SAP BussinessObjects Edge 4.0 allows remote attackers to obtains sensitive information by reading an audit event, aka SAP Note 2011395.

CVE-2015-2101
Published: 2015-02-27
Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.