Cloud
News & Commentary
Shellshocked: A Future Of ‘Hair On Fire’ Bugs
Paul Vixie, Chairman & CEO, Farsight Security, Inc.Commentary
Most computers affected by Bash will be updated within 10 years. The rest will be vulnerable for the lifespans of all humans now living. This should concern us. But then, global warming should also concern us.
By Paul Vixie Chairman & CEO, Farsight Security, Inc., 9/26/2014
Comment22 comments  |  Read  |  Post a Comment
Amazon Reboots Cloud Servers, Xen Bug Blamed
Charles Babcock, Editor At Large, InformationWeek Commentary
Amazon tells customers it has to patch and reboot 10% of its EC2 cloud servers before Oct. 1.
By Charles Babcock Editor At Large, InformationWeek , 9/26/2014
Comment4 comments  |  Read  |  Post a Comment
'Shellshock' Bash Bug Impacts Basically Everything, Exploits Appear In Wild
Sara Peters, Senior Editor at Dark ReadingNews
CGI-based web servers are the biggest target, but other web servers, hosting services, embedded systems, Mac OSX, and IoT endpoints are all at risk.
By Sara Peters Senior Editor at Dark Reading, 9/25/2014
Comment6 comments  |  Read  |  Post a Comment
How SaaS Adoption Is Changing Cloud Security
Tal Klein, VP Strategy, AdallomCommentary
Sanctioning cloud-based services requires a new approach to security that "assumes breach" and accounts for the limitations of endpoint and perimeter defenses.
By Tal Klein VP Strategy, Adallom, 9/25/2014
Comment6 comments  |  Read  |  Post a Comment
Apple CEO: We Don't Covet Your Data
Thomas Claburn, Editor-at-LargeCommentary
Apple CEO Tim Cook highlights the company's commitment to privacy in an open letter.
By Thomas Claburn Editor-at-Large, 9/18/2014
Comment13 comments  |  Read  |  Post a Comment
Data Privacy Etiquette: It's Not Just For Kids
Lysa Myers, Security Researcher, ESETCommentary
Children are the innocent victims of the worst effects of social media. That’s why it’s vital for adults to establish privacy values that are safe for them -- and the rest of us.
By Lysa Myers Security Researcher, ESET, 9/17/2014
Comment10 comments  |  Read  |  Post a Comment
Meet The Next Next-Gen Firewall
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Or at least the latest iteration of one of the oldest-running security tools that continues to evolve and transform with the times.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/16/2014
Comment3 comments  |  Read  |  Post a Comment
Dyre Straits: Why This Cloud Attack's Different
Kaushik Narayan, Co-Founder and CTO at Skyhigh NetworksCommentary
Dyre is a new breed of Trojan, attacking cloud apps and using the cloud as a delivery vehicle.
By Kaushik Narayan Co-Founder and CTO at Skyhigh Networks, 9/12/2014
Comment4 comments  |  Read  |  Post a Comment
Privacy, Security & The Geography Of Data Protection
Malte Pollmann, CEO, UtimacoCommentary
Data generation is global, so why do different parts of the world react differently to the same threat of security breaches and backdoors?
By Malte Pollmann CEO, Utimaco, 9/11/2014
Comment6 comments  |  Read  |  Post a Comment
Apple iCloud Hack's Other Victim: Cloud Trust
Charles Babcock, Editor At Large, InformationWeek Commentary
Our flash poll finds users feel more vulnerable about cloud security in general. No wonder: Apple's opening statement of indignation now sounds a little hollow.
By Charles Babcock Editor At Large, InformationWeek , 9/10/2014
Comment2 comments  |  Read  |  Post a Comment
'Kyle & Stan' Parks Malvertising On Amazon, YouTube
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Windows and Macs alike are at risk to sophisticated mutating malware.
By Sara Peters Senior Editor at Dark Reading, 9/8/2014
Comment7 comments  |  Read  |  Post a Comment
In Cloud We Trust: A New Model
Evelyn De Souza & Richard Noguera, Cloud Security Alliance Data Governance Chair & Cloud Compliance & Data Privacy Strategy Leader, CiscoCommentary
The solution to the problem of data security in the public cloud will require more than a traditional compliance-driven approach.
By Evelyn De Souza & Richard Noguera Cloud Security Alliance Data Governance Chair & Cloud Compliance & Data Privacy Strategy Leader, Cisco, 9/4/2014
Comment11 comments  |  Read  |  Post a Comment
Celeb Hack: Is Apple Telling All It Knows?
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? You’re darn tootin'!
By Dave Kearns Analyst, Kuppinger-Cole, 9/3/2014
Comment14 comments  |  Read  |  Post a Comment
Apple Not Hacked In Celebrity Nude Photo Breaches
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
"Very targeted attack" on celebrities' Apple usernames, passwords, security questions -- iCloud, Find My iPhone not breached, Apple says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/2/2014
Comment9 comments  |  Read  |  Post a Comment
Sony, XBox Victims Of DDoS, Hacktivist Threats
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Hacktivists from Anonymous and from a presumed Islamic extremist group targeted a variety of online gaming services.
By Sara Peters Senior Editor at Dark Reading, 8/26/2014
Comment7 comments  |  Read  |  Post a Comment
27 Million South Koreans Victimized In Online Gaming Heist
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
16 suspects arrested in South Korea as authorities pursue additional suspects, including a Chinese hacker.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/25/2014
Comment6 comments  |  Read  |  Post a Comment
All In For The Coming World of 'Things'
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
At a Black Hat round table, experts discuss the strategies necessary to lock down the Internet of Things, the most game-changing concept in Internet history.
By Don Bailey Founder & CEO, Lab Mouse Security, 8/25/2014
Comment6 comments  |  Read  |  Post a Comment
Wanted: Cloud Brokers
Jonathan Feldman, CIO, City of Asheville, NCCommentary
Do you know the ins and outs of cloud software stacks and security? Got the finesse to break through cultural resistance? Then you may have found your next career.
By Jonathan Feldman CIO, City of Asheville, NC, 8/21/2014
Comment3 comments  |  Read  |  Post a Comment
Website Attack Attempts Via Vegas Rose During Black Hat, DEF CON
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Data snapshot from Imperva shows major jump in malicious activity during security and hacker conferences in Sin City.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 8/20/2014
Comment4 comments  |  Read  |  Post a Comment
Cloud Apps & Security: When Sharing Matters
Krishna Narayanaswamy, Founder & Chief Scientist, NetskopeCommentary
Sharing documents and data is happening all over the cloud today but not all sharing activity carries equal risk.
By Krishna Narayanaswamy Founder & Chief Scientist, Netskope, 8/18/2014
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.