Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in January 2021
Cloud Security Startup Armo Emerges from Stealth with $4.5M
Quick Hits  |  1/29/2021  | 
Armo's platform was developed to protect cloud-native workloads and provide DevOps teams with greater visibility and control.
2020 Marked a Renaissance in DDoS Attacks
News  |  1/29/2021  | 
Amid the global pandemic, cybercriminals ramped up use of one of the oldest attack techniques around.
Microsoft Security Business Exceeds $10B in Revenue
Quick Hits  |  1/27/2021  | 
Microsoft's security division has grown more than 40% year-over-year, the company reports alongside security product updates.
Security's Inevitable Shift to the Edge
Commentary  |  1/27/2021  | 
As the edge becomes the place for DDoS mitigation, Web app security, and other controls, SASE is the management platform to handle them all.
Startup Offers Free Version of its 'Passwordless' Technology
News  |  1/26/2021  | 
Beyond Identity co-founders hope to move the needle in eliminating the need for passwords, but experts say killing passwords altogether won't be easy.
How to Better Secure Your Microsoft 365 Environment
Slideshows  |  1/25/2021  | 
Security experts offer Microsoft 365 security guidance as more attackers target enterprise cloud environments.
Cloud Jacking: The Bold New World of Enterprise Cybersecurity
Commentary  |  1/21/2021  | 
Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers.
SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics
News  |  1/19/2021  | 
Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack.
'Chimera' Threat Group Abuses Microsoft & Google Cloud Services
Quick Hits  |  1/14/2021  | 
Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.
Businesses Struggle with Cloud Availability as Attackers Take Aim
News  |  1/14/2021  | 
Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.
NSA Recommends Using Only 'Designated' DNS Resolvers
Quick Hits  |  1/14/2021  | 
Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH.
Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
News  |  1/13/2021  | 
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
The Data-Centric Path to Zero Trust
Commentary  |  1/13/2021  | 
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
Nissan Source Code Leaked via Misconfigured Git Server
Quick Hits  |  1/6/2021  | 
Leaked information includes source code of Nissan mobile apps, diagnostics tool, and market research tools and data, among other assets.
6 Open Source Tools for Your Security Team
Slideshows  |  1/6/2021  | 
Open source tools can be great additions to your cloud security arsenal. Here are a half-dozen to get you started.
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Commentary  |  1/4/2021  | 
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28968
PUBLISHED: 2021-10-22
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
CVE-2020-28969
PUBLISHED: 2021-10-22
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
CVE-2020-36485
PUBLISHED: 2021-10-22
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
CVE-2020-36486
PUBLISHED: 2021-10-22
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.
CVE-2020-36488
PUBLISHED: 2021-10-22
An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands.