Cloud

News & Commentary
Modern Cybersecurity Demands a Different Corporate Mindset
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 6/15/2018
Comment0 comments  |  Read  |  Post a Comment
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer
Here are eight measures to take to ensure the security of your containerized application environment.
By Jai Vijayan Freelance writer, 6/14/2018
Comment0 comments  |  Read  |  Post a Comment
DDoS Amped Up: DNS, Memcached Attacks Rise
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
China and the US are the world's leading sources of distributed denial-of-service botnet attacks.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/13/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark ReadingNews
The most critical vulnerability, experts say, affects Windows Domain Name Systems, while another lets attackers hack Cortana from the lock screen.
By Kelly Sheridan Staff Editor, Dark Reading, 6/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Fewer Phishing Attacks Hit More Diverse Targets
Kelly Sheridan, Staff Editor, Dark ReadingNews
Nearly 300 brands were hit with phishing attacks in Q1, with cloud storage providers now among the top 10 most targeted.
By Kelly Sheridan Staff Editor, Dark Reading, 6/11/2018
Comment0 comments  |  Read  |  Post a Comment
CrowdStrike Launches $1 Million Security Breach Warranty
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Covers all costs of a data breach that occurs within the systems protected by its EPP Complete endpoint security service.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Launches Second INsecurity Conference
Tim Wilson, Editor in Chief, Dark Reading, News
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
By Tim Wilson, Editor in Chief, Dark Reading , 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Web Application Firewalls Adjust to Secure the Cloud
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cloud-based WAFs protect applications without the costs and complexity of on-prem hardware. Here's what to keep in mind as you browse the growing market.
By Kelly Sheridan Staff Editor, Dark Reading, 6/4/2018
Comment0 comments  |  Read  |  Post a Comment
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Ken Mills, General Manager of IoT, Surveillance and Security, Dell EMCCommentary
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
By Ken Mills General Manager of IoT, Surveillance and Security, Dell EMC, 6/4/2018
Comment0 comments  |  Read  |  Post a Comment
Google Groups Misconfiguration Exposes Corporate Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings.
By Kelly Sheridan Staff Editor, Dark Reading, 6/1/2018
Comment0 comments  |  Read  |  Post a Comment
Cybercrime Is Skyrocketing as the World Goes Digital
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
If cybercrime were a country, it would have the 13th highest GDP in the world.
By Marc Wilczek Digital Strategist & CIO Advisor, 6/1/2018
Comment0 comments  |  Read  |  Post a Comment
The Good News about Cross-Domain Identity Management
Rich Chetwynd, Head of Developer Experience, OneLoginCommentary
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
By Rich Chetwynd Head of Developer Experience, OneLogin, 5/31/2018
Comment2 comments  |  Read  |  Post a Comment
Windows 'Double Kill' Attack Code Found in RIG Exploit Kit
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft issued a fix for the remote code execution zero-day vulnerability in May, but research shows businesses have slowed their patching processes post-Meltdown.
By Kelly Sheridan Staff Editor, Dark Reading, 5/30/2018
Comment0 comments  |  Read  |  Post a Comment
Mobile Malware Moves to Mine Monero (and Other Currencies)
Dark Reading Staff, Quick Hits
A new report shows that cryptocurrencies tend to be the focus of a growing number of malicious apps.
By Dark Reading Staff , 5/30/2018
Comment1 Comment  |  Read  |  Post a Comment
Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/29/2018
Comment0 comments  |  Read  |  Post a Comment
Alexa Mishap Hints at Potential Enterprise Security Risk
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/29/2018
Comment7 comments  |  Read  |  Post a Comment
FireMon to Buy Lumeta
Kelly Sheridan, Staff Editor, Dark ReadingNews
Network security policy vendor looks to expand its offerings to real-time situational awareness on-premise and in the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 5/29/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways Third Parties Can Trip Up Your Security
Jai Vijayan, Freelance writer
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
By Jai Vijayan Freelance writer, 5/29/2018
Comment0 comments  |  Read  |  Post a Comment
Security Lags in Enterprise Cloud Migration
Dark Reading Staff, Quick Hits
Cloud security is falling farther behind as companies migrate more and more of their workloads to public cloud infrastructures.
By Dark Reading Staff , 5/25/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
Sara Peters, Senior Editor at Dark ReadingNews
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
By Sara Peters Senior Editor at Dark Reading, 5/25/2018
Comment12 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
6 Ways Greed Has a Negative Effect on Cybersecurity
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA ,  6/11/2018
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10997
PUBLISHED: 2018-06-17
Etere EtereWeb before 28.1.20 has a pre-authentication blind SQL injection in the POST parameters txUserName and txPassword.
CVE-2018-11218
PUBLISHED: 2018-06-17
Memory Corruption was discovered in the cmsgpack library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2 because of stack-based buffer overflows.
CVE-2018-11219
PUBLISHED: 2018-06-17
An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking.
CVE-2018-10377
PUBLISHED: 2018-06-17
PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data.
CVE-2018-10969
PUBLISHED: 2018-06-17
SQL injection vulnerability in the Pie Register plugin before 3.0.10 for WordPress allows remote attackers to execute arbitrary SQL commands via the invitation codes grid.