Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in October 2014
Keep Calm & Verify: How To Spot A Fake Online Data Dump
News  |  10/29/2014  | 
Determining whether a data dump on Pastebin or elsewhere online is legit can be time-consuming and resource-intensive. Deloitte & Touche offers tips for how to weed out the fake hacks.
20% Of 'Broadly Shared' Data Contains Regulated Info
News  |  10/23/2014  | 
Forget shadow IT. The new risk is "shadow data."
Google Expands 2-Factor Authentication For Chrome, Gmail
Quick Hits  |  10/21/2014  | 
Google issues USB keys for Chrome users to log into Google accounts and any other websites that support FIDO universal two-factor authentication -- but it's no help to mobile users.
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Commentary  |  10/17/2014  | 
Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security.
FBI Director Urges New Encryption Legislation
News  |  10/16/2014  | 
Encryption algorithms do not acknowledge "lawful access."
The Internet of Things: 7 Scary Security Scenarios
Slideshows  |  10/16/2014  | 
The IoT can be frightening when viewed from the vantage point of information security.
Berners-Lee Behind New Private Communications Network For Ultra-Privacy Conscious
Quick Hits  |  10/16/2014  | 
MeWe offers free, secure, and private communications.
Third-Party Code: Fertile Ground For Malware
Commentary  |  10/15/2014  | 
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
Hundreds Of DropBox Logins For Sale On Pastebin
Quick Hits  |  10/14/2014  | 
Trader says he's got 7 million more where those came from, but Dropbox says the accounts were expired.
Stolen Medical Data Is Now A Hot Commodity
Commentary  |  10/14/2014  | 
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Heres why.
2 Tech Challenges Preventing Online Voting In US
News  |  10/9/2014  | 
A new report explains that online voting in the US is a matter of "if, not when," but problems of anonymity and verifiability must be solved first.
How One Criminal Hacker Group Stole Credentials for 800,000 Bank Accounts
News  |  10/8/2014  | 
Proofpoint report shows how one Russian-speaking criminal organization hides from security companies.
To Combat Government Snooping, Encrypt Data Before Putting It In Cloud, Says Interop Speaker
Quick Hits  |  10/3/2014  | 
If Uncle Sam wants your data, make him come directly to you.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises Are Assessing Cybersecurity Risk in Today's Environment
The adoption of cloud services spurred by the COVID-19 pandemic has resulted in pressure on cyber-risk professionals to focus on vulnerabilities and new exposures that stem from pandemic-driven changes. Many cybersecurity pros expect fundamental, long-term changes to their organization's computing and data security due to the shift to more remote work and accelerated cloud adoption. Download this report from Dark Reading to learn more about their challenges and concerns.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24976
PUBLISHED: 2022-01-24
The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a Reflected Cross-Site Scripting
CVE-2021-24985
PUBLISHED: 2022-01-24
The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting issues
CVE-2021-24989
PUBLISHED: 2022-01-24
The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a logged in admin delete arbitrary posts from the blog
CVE-2021-25008
PUBLISHED: 2022-01-24
The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue
CVE-2021-25013
PUBLISHED: 2022-01-24
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts