Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Cloud
Page 1 / 2   >   >>
When AI Becomes the Hacker
News  |  5/13/2021  | 
Bruce Schneier explores the potential dangers of artificial intelligence (AI) systems gone rogue in society.
66% of CISOs Feel Unprepared for Cyberattacks
Quick Hits  |  5/12/2021  | 
More than half of CISOs surveyed are more concerned about a cyberattack in 2021 than in 2020, researchers report.
Vulnerable Protocols Leave Firms Open to Further Compromises
News  |  5/12/2021  | 
Companies may no longer have Internet-facing file servers or weakly secured Web servers, but attackers that get by the perimeter have a wide-open landscape of vulnerability.
Most Organizations Feel More Vulnerable to Breaches Amid Pandemic
Quick Hits  |  5/7/2021  | 
More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds.
Cloud-Native Businesses Struggle With Security
News  |  5/6/2021  | 
More companies moved to cloud-native infrastructure in the past year, and security incidents and malware moved right along with them.
Wanted: The (Elusive) Cybersecurity 'All-Star'
News  |  5/5/2021  | 
Separate workforce studies by (ISC) and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.
Dark Reading Celebrates 15th Anniversary
Commentary  |  5/3/2021  | 
Cybersecurity news site begins 16th year with plans to improve site, deliver more content on cyber threats and best practices.
7 Modern-Day Cybersecurity Realities
Slideshows  |  4/30/2021  | 
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
The Challenge of Securing Non-People Identities
Commentary  |  4/29/2021  | 
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.
Is Your Cloud Raining Sensitive Data?
Commentary  |  4/28/2021  | 
Learn common Kubernetes vulnerabilities and ways to avoid them.
Password Manager Suffers 'Supply Chain' Attack
Quick Hits  |  4/23/2021  | 
A software update to Click Studios' Passwordstate password manager contained malware.
SOC 2 Attestation Tips for SaaS Companies
Commentary  |  4/23/2021  | 
Attestation helps SaaS vendors demonstrate that digital security is a primary focus.
Name That Toon: Greetings, Earthlings
Commentary  |  4/22/2021  | 
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
2020 Changed Identity Forever; What's Next?
Commentary  |  4/20/2021  | 
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.
SolarWinds: A Catalyst for Change & a Cry for Collaboration
Commentary  |  4/19/2021  | 
Cybersecurity is more than technology or safeguards like zero trust; mostly, it's about collaboration.
Security Gaps in IoT Access Control Threaten Devices and Users
News  |  4/16/2021  | 
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
Pandemic Pushes Bot Operators to Redirect Efforts
News  |  4/15/2021  | 
As demand for travel, lodging, and concerts plummeted in 2020, bot traffic moved to more popular activities, such as e-commerce, healthcare, and government sites.
Thycotic & Centrify Merge to Form Cloud Identity Security Firm
Quick Hits  |  4/14/2021  | 
The combined entity will expand on both companies' privileged access management tools and expects to debut a new brand this year.
Dark Reading to Upgrade Site Design, Performance
Commentary  |  4/13/2021  | 
Improvements will make site content easier to navigate, faster, and more functional.
5 Objectives for Establishing an API-First Security Strategy
Commentary  |  4/13/2021  | 
With APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever.
Omdia Research Spotlight: XDR
Commentary  |  4/12/2021  | 
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
8 Security & Privacy Apps to Share With Family and Friends
Slideshows  |  4/9/2021  | 
Mobile apps to recommend to the people in your life who want to improve their online security and privacy.
Cartoon Caption Winner: Something Seems Afoul
Commentary  |  4/7/2021  | 
And the winner of Dark Readings's March cartoon caption contest is ...
Security Falls Short in Rapid COVID Cloud Migration
Quick Hits  |  4/6/2021  | 
The quick pivot to the cloud for remote support also ushered in risks.
7 Security Strategies as Employees Return to the Office
Slideshows  |  4/1/2021  | 
More sooner than later, employees will be making their way back to the office. Here's how security pros can plan for the next new normal.
The Role of Visibility in Securing Cloud Applications
Commentary  |  4/1/2021  | 
Traditional data center approaches aren't built for securing modern cloud applications.
3 Ways Vendors Can Inspire Customer Trust Amid Breaches
Commentary  |  3/31/2021  | 
As customers rely more on cloud storage and remote workforces, the probability of a breach increases.
Security on a Shoestring? More Budget Means More Detection
News  |  3/30/2021  | 
Companies that spend the smallest share of their IT budget on security see fewer threats, but that's not good news.
In the Rush to Embrace Hybrid Cloud, Don't Forget About Security
Commentary  |  3/30/2021  | 
Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
Moving from DevOps to CloudOps: The Four-Box Problem
Commentary  |  3/26/2021  | 
With SOC teams running services on multiple cloud platforms, their big concern is how to roll up configuration of 200+ servers in a comprehensive way.
Exec Order Could Force Software Vendors to Disclose Breaches to Federal Gov't Customers
Quick Hits  |  3/25/2021  | 
A decision on the order, which contains several recommendations, is still forthcoming.
The CIO's Shifting Role: Improving Security With Shared Responsibility
Commentary  |  3/25/2021  | 
CIOs must create a culture centered around cybersecurity that is easily visible and manageable.
6 Tips for Limiting Damage From Third-Party Attacks
Slideshows  |  3/25/2021  | 
The ability to protect your organization from third-party attacks will become increasingly critical as attackers try to maximize the effectiveness of their malicious campaigns.
Anti-Spoofing for Email Gains Adoption, but Enforcement Lags
News  |  3/23/2021  | 
More organizations adopt sender authentication, but strict quarantining or rejection of unauthenticated messages remains uncommon.
CSA & ISACA Team Up on Cloud Auditing Certificate
News  |  3/22/2021  | 
The Certificate of Cloud Auditing Knowledge aims to fill a gap in the market for cloud IT auditing as more organizations work in cloud environments.
Qualys CEO Courtot Departs for Health Reasons
Quick Hits  |  3/22/2021  | 
The well-known security industry entrepreneur initially took a leave of absence in February.
Top 3 Cybersecurity Lessons Learned From the Pandemic
Commentary  |  3/22/2021  | 
Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.
On the Road to Good Cloud Security: Are We There Yet?
Commentary  |  3/22/2021  | 
Misconfigured infrastructure is IT pros' top cloud security concern, but they're conflicted on how to address it in practice.
Verkada Attacker Charged With Wire Fraud, Conspiracy in US
News  |  3/19/2021  | 
Swiss national Till Kottmann and co-conspirators are accused of breaking into dozens of US companies and government entities.
SolarWinds-Linked Attackers Target Microsoft 365 Mailboxes
Quick Hits  |  3/19/2021  | 
Researchers observe attackers altering mailbox folders to assign read-only permissions to any authenticated user on a target machine.
CISA Issues Advisory on TrickBot Campaigns
Quick Hits  |  3/17/2021  | 
US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn security teams to guard against the advanced Trojan malware.
Enterprises Wrestle With Executive Social Media Risk Management
Commentary  |  3/17/2021  | 
Survey indicates enterprises have a lot of work to do reduce cybersecurity risks around executive social media use.
IronNet Cybersecurity to Go Public in Merger
Quick Hits  |  3/16/2021  | 
Company intends for the deal to drive adoption of its Collective Defense Platform.
Combating Call Center Fraud in the Age of COVID
Commentary  |  3/16/2021  | 
With many agents now working from home, call centers require new technology, new processes, and a new way of thinking about security.
Lookout Acquires SASE Cloud Provider CipherCloud
Quick Hits  |  3/15/2021  | 
Deal signals a focus on the cloud for mobile security firm.
Verkada Breach Demonstrates Danger of Overprivileged Users
News  |  3/15/2021  | 
In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.
Hiding in Plain Sight: Protecting Enterprises from the 'New' Shadow IT
Commentary  |  3/10/2021  | 
Three steps to fight this increasingly vexing problem.
Call Recorder iPhone App Flaw Uncovered
Quick Hits  |  3/10/2021  | 
Researcher finds thousands of recorded calls easily accessible to others.
Microsoft Patch Tuesday Fixes 82 CVEs, Internet Explorer Zero-Day
News  |  3/9/2021  | 
The monthly rollout follows last week's emergency Microsoft Exchange Server patch covering seven CVEs, four of which are under attack.
Leaked Development Secrets a Major Issue for Repositories
News  |  3/9/2021  | 
Every day, more than 5,000 private keys, database connection strings, certificates, and passwords are leaked to GitHub repositories, putting applications at risk.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-29623
PUBLISHED: 2021-05-13
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A read of uninitialized memory was found in Exiv2 versions v0.27.3 and earlier. Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying th...
CVE-2021-32917
PUBLISHED: 2021-05-13
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by default, even if neither of the users has an XMPP account on the local server, allowing unrestricted use of the server's bandwidth.
CVE-2021-32918
PUBLISHED: 2021-05-13
An issue was discovered in Prosody before 0.11.9. Default settings are susceptible to remote unauthenticated denial-of-service (DoS) attacks via memory exhaustion when running under Lua 5.2 or Lua 5.3.
CVE-2021-32919
PUBLISHED: 2021-05-13
An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...
CVE-2021-32920
PUBLISHED: 2021-05-13
Prosody before 0.11.9 allows Uncontrolled CPU Consumption via a flood of SSL/TLS renegotiation requests.