Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in January 2020
What It's Like to Be a CISO: Check Point Security Leader Weighs In
News  |  1/31/2020  | 
Jony Fischbein shares the concerns and practices that are top-of-mind in his daily work leading security at Check Point Software.
Ashley Madison Breach Returns with Extortion Campaign
Quick Hits  |  1/31/2020  | 
The recent attack messages use new techniques to extort Bitcoin payments from Ashley Madison users hit in massive 2015 data breach.
Two Vulnerabilities Found in Microsoft Azure Infrastructure
News  |  1/30/2020  | 
Researchers detail the process of finding two flaws in the Azure Stack architecture and Azure App Service, both of which have been patched.
How To Keep Your Privacy and Data Secure While Working With a Remote Team
News  |  1/30/2020  | 
Implementing basic strategies can ensure your remote team's work will be secure, data will be protected, and you'll be far less exposed to security risks.
United Nations Data Breach Started with Microsoft SharePoint Bug
Quick Hits  |  1/30/2020  | 
A remote code execution flaw enabled a breach of UN offices in Geneva and Vienna, as well as the Office of the High Commissioner for Human Rights.
Inside the Check Point Research Team's Investigation Process
News  |  1/29/2020  | 
The team sheds light on how their organization works and what they're watching in the threat landscape.
NFL, Multiple NFL Teams' Twitter Accounts Hacked and Hijacked
Quick Hits  |  1/28/2020  | 
Hackers claiming to be from the hacktivist group OurMine temporarily took over Twitter accounts of the NFL and several teams in the league.
New Zoom Bug Prompts Security Fix, Platform Changes
News  |  1/28/2020  | 
A newly discovered Zoom vulnerability would have enabled an attacker to join active meetings and access audio, video, and documents shared.
NSA Offers Guidance on Mitigating Cloud Flaws
Quick Hits  |  1/23/2020  | 
A new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources.
For Mismanaged SOCs, The Price Is Not Right
News  |  1/22/2020  | 
New research finds security operations centers suffer high turnover and yield mediocre results for the investment they require.
Eight Flaws in MSP Software Highlight Potential Ransomware Vector
News  |  1/22/2020  | 
An attack chain of vulnerabilities in ConnectWise's software for MSPs has similarities to some of the details of the August attack on Texas local and state agencies.
Startup Privafy Raises $22M with New Approach to Network Security
Quick Hits  |  1/22/2020  | 
The company today disclosed an approach to data security designed to protect against modern threats at a lower cost than complex network tools.
FireEye Buys Cloudvisory
Quick Hits  |  1/21/2020  | 
The purchase is intended to bring new cloud capabilities to the FireEye Helix security platform.
Nearly 75% of SD-WAN Owners Lack Confidence Post-Digital Transformation
Quick Hits  |  1/21/2020  | 
More businesses think SD-WAN will reduce WAN costs, but only 37% think SD-WANs will help defend against malware and other threats.
Mobile Banking Malware Up 50% in First Half of 2019
News  |  1/17/2020  | 
A new report from Check Point recaps the cybercrime trends, statistics, and vulnerabilities that defined the security landscape in 2019.
7 Ways to Get the Most Out of a Penetration Test
Slideshows  |  1/17/2020  | 
You'll get the best results when youre clear on what you want to accomplish from a pen test.
Active Directory Needs an Update: Here's Why
Commentary  |  1/16/2020  | 
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.
Google Lets iPhone Users Turn Device into Security Key
News  |  1/15/2020  | 
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
How SD-WAN Helps Achieve Data Security and Threat Protection
Commentary  |  1/15/2020  | 
Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility.
Google: Chrome Will Remove Third-Party Cookies and Tracking
Quick Hits  |  1/14/2020  | 
It's "not about blocking" but removing them altogether, the company said.
Processor Vulnerabilities Put Virtual Workloads at Risk
Commentary  |  1/14/2020  | 
Meltdown, Spectre exploits will likely lead to customers making tradeoffs between performance and security of applications, especially virtual and cloud-based apps
Microsoft to Officially End Support for Windows 7, Server 2008
News  |  1/13/2020  | 
Windows 7 and Server 2008 will continue to work after Jan. 14, 2020, but will no longer receive security updates.
Study Points to Lax Focus on Cybersecurity
News  |  1/10/2020  | 
Despite ranking at the top of respondents' concerns, organizations still show gaps in acting on cybersecurity, Society for Information Management (SIM) report finds.
AWS Issues 'Urgent' Warning for Database Users to Update Certs
Quick Hits  |  1/9/2020  | 
Users of AWS Aurora, DocumentDB, and RDS databases must download and install a fresh certificate and rotate the certificate authority.
Google's Project Zero Policy Change Mandates 90-Day Disclosure
Quick Hits  |  1/8/2020  | 
The updated disclosure policy aims to achieve more thorough and improved patch development, Google reports.
The "Art of Cloud War" for Business-Critical Data
Commentary  |  1/8/2020  | 
How business executives' best intentions may be negatively affecting security and risk mitigation strategies -- and exposing weaknesses in organizational defenses.
Cloudflare Adds New Endpoint, Web Security Service
News  |  1/7/2020  | 
"Teams" and a new browser security acquisition expand the cloud firm's security offerings.
Mimecast Acquires Segasec to Boost Phishing Defense
Quick Hits  |  1/6/2020  | 
Segasec's technology will be integrated into Mimecast's email and Web security services to identify malicious domains.
Continental Drift: Is Digital Sovereignty Splitting Global Data Centers?
News  |  1/3/2020  | 
The recent proposal by Germany, backed by France, to fuse the infrastructures of Europe's cloud providers could challenge every data center storing a European's data.
Organizations May 'Uncloud' Over Security, Budgetary Concerns
Commentary  |  1/3/2020  | 
While most cloud vendors forecast continued adoption and growth, some customers are taking a harder look at the cloud services they're using


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Hunny, I looked every where for the dorritos. 
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8567
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
CVE-2020-8569
PUBLISHED: 2021-01-21
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, ...
CVE-2020-8570
PUBLISHED: 2021-01-21
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executi...
CVE-2020-8554
PUBLISHED: 2021-01-21
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typicall...