Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in January 2020
What It's Like to Be a CISO: Check Point Security Leader Weighs In
News  |  1/31/2020  | 
Jony Fischbein shares the concerns and practices that are top-of-mind in his daily work leading security at Check Point Software.
Ashley Madison Breach Returns with Extortion Campaign
Quick Hits  |  1/31/2020  | 
The recent attack messages use new techniques to extort Bitcoin payments from Ashley Madison users hit in massive 2015 data breach.
Two Vulnerabilities Found in Microsoft Azure Infrastructure
News  |  1/30/2020  | 
Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched.
How To Keep Your Privacy and Data Secure While Working With a Remote Team
News  |  1/30/2020  | 
Implementing basic strategies can ensure your remote team's work will be secure, data will be protected, and you'll be far less exposed to security risks.
United Nations Data Breach Started with Microsoft SharePoint Bug
Quick Hits  |  1/30/2020  | 
A remote code execution flaw enabled a breach of UN offices in Geneva and Vienna, as well as the Office of the High Commissioner for Human Rights.
Inside the Check Point Research Team's Investigation Process
News  |  1/29/2020  | 
The team sheds light on how their organization works and what they're watching in the threat landscape.
NFL, Multiple NFL Teams' Twitter Accounts Hacked and Hijacked
Quick Hits  |  1/28/2020  | 
Hackers claiming to be from the hacktivist group OurMine temporarily took over Twitter accounts of the NFL and several teams in the league.
New Zoom Bug Prompts Security Fix, Platform Changes
News  |  1/28/2020  | 
A newly discovered Zoom vulnerability would have enabled an attacker to join active meetings and access audio, video, and documents shared.
NSA Offers Guidance on Mitigating Cloud Flaws
Quick Hits  |  1/23/2020  | 
A new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources.
For Mismanaged SOCs, The Price Is Not Right
News  |  1/22/2020  | 
New research finds security operations centers suffer high turnover and yield mediocre results for the investment they require.
Eight Flaws in MSP Software Highlight Potential Ransomware Vector
News  |  1/22/2020  | 
An attack chain of vulnerabilities in ConnectWise's software for MSPs has similarities to some of the details of the August attack on Texas local and state agencies.
Startup Privafy Raises $22M with New Approach to Network Security
Quick Hits  |  1/22/2020  | 
The company today disclosed an approach to data security designed to protect against modern threats at a lower cost than complex network tools.
FireEye Buys Cloudvisory
Quick Hits  |  1/21/2020  | 
The purchase is intended to bring new cloud capabilities to the FireEye Helix security platform.
Nearly 75% of SD-WAN Owners Lack Confidence Post-Digital Transformation
Quick Hits  |  1/21/2020  | 
More businesses think SD-WAN will reduce WAN costs, but only 37% think SD-WANs will help defend against malware and other threats.
Mobile Banking Malware Up 50% in First Half of 2019
News  |  1/17/2020  | 
A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.
7 Ways to Get the Most Out of a Penetration Test
Slideshows  |  1/17/2020  | 
You'll get the best results when youre clear on what you want to accomplish from a pen test.
Active Directory Needs an Update: Here's Why
Commentary  |  1/16/2020  | 
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.
Google Lets iPhone Users Turn Device into Security Key
News  |  1/15/2020  | 
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
How SD-WAN Helps Achieve Data Security and Threat Protection
Commentary  |  1/15/2020  | 
Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility.
Google: Chrome Will Remove Third-Party Cookies and Tracking
Quick Hits  |  1/14/2020  | 
It's "not about blocking" but removing them altogether, the company said.
Processor Vulnerabilities Put Virtual Workloads at Risk
Commentary  |  1/14/2020  | 
Meltdown, Spectre exploits will likely lead to customers making tradeoffs between performance and security of applications, especially virtual and cloud-based apps
Microsoft to Officially End Support for Windows 7, Server 2008
News  |  1/13/2020  | 
Windows 7 and Server 2008 will continue to work after Jan. 14, 2020, but will no longer receive security updates.
Study Points to Lax Focus on Cybersecurity
News  |  1/10/2020  | 
Despite ranking at the top of respondents' concerns, organizations still show gaps in acting on cybersecurity, Society for Information Management (SIM) report finds.
AWS Issues 'Urgent' Warning for Database Users to Update Certs
Quick Hits  |  1/9/2020  | 
Users of AWS Aurora, DocumentDB, and RDS databases must download and install a fresh certificate and rotate the certificate authority.
Google's Project Zero Policy Change Mandates 90-Day Disclosure
Quick Hits  |  1/8/2020  | 
The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.
The "Art of Cloud War" for Business-Critical Data
Commentary  |  1/8/2020  | 
How business executives' best intentions may be negatively affecting security and risk mitigation strategies -- and exposing weaknesses in organizational defenses.
Cloudflare Adds New Endpoint, Web Security Service
News  |  1/7/2020  | 
"Teams" and a new browser security acquisition expand the cloud firm's security offerings.
Mimecast Acquires Segasec to Boost Phishing Defense
Quick Hits  |  1/6/2020  | 
Segasec's technology will be integrated into Mimecast's email and Web security services to identify malicious domains.
Continental Drift: Is Digital Sovereignty Splitting Global Data Centers?
News  |  1/3/2020  | 
The recent proposal by Germany, backed by France, to fuse the infrastructures of Europe's cloud providers could challenge every data center storing a European's data.
Organizations May 'Uncloud' Over Security, Budgetary Concerns
Commentary  |  1/3/2020  | 
While most cloud vendors forecast continued adoption and growth, some customers are taking a harder look at the cloud services they're using


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-4170
PUBLISHED: 2022-01-16
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-0235
PUBLISHED: 2022-01-16
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-0238
PUBLISHED: 2022-01-16
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2021-44537
PUBLISHED: 2022-01-15
ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.
CVE-2021-33828
PUBLISHED: 2022-01-15
The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.