Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in October 2014
Keep Calm & Verify: How To Spot A Fake Online Data Dump
News  |  10/29/2014  | 
Determining whether a data dump on Pastebin or elsewhere online is legit can be time-consuming and resource-intensive. Deloitte & Touche offers tips for how to weed out the fake hacks.
20% Of 'Broadly Shared' Data Contains Regulated Info
News  |  10/23/2014  | 
Forget shadow IT. The new risk is "shadow data."
Google Expands 2-Factor Authentication For Chrome, Gmail
Quick Hits  |  10/21/2014  | 
Google issues USB keys for Chrome users to log into Google accounts and any other websites that support FIDO universal two-factor authentication -- but it's no help to mobile users.
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Commentary  |  10/17/2014  | 
Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security.
FBI Director Urges New Encryption Legislation
News  |  10/16/2014  | 
Encryption algorithms do not acknowledge "lawful access."
The Internet of Things: 7 Scary Security Scenarios
Slideshows  |  10/16/2014  | 
The IoT can be frightening when viewed from the vantage point of information security.
Berners-Lee Behind New Private Communications Network For Ultra-Privacy Conscious
Quick Hits  |  10/16/2014  | 
MeWe offers free, secure, and private communications.
Third-Party Code: Fertile Ground For Malware
Commentary  |  10/15/2014  | 
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
Hundreds Of DropBox Logins For Sale On Pastebin
Quick Hits  |  10/14/2014  | 
Trader says he's got 7 million more where those came from, but Dropbox says the accounts were expired.
Stolen Medical Data Is Now A Hot Commodity
Commentary  |  10/14/2014  | 
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Heres why.
2 Tech Challenges Preventing Online Voting In US
News  |  10/9/2014  | 
A new report explains that online voting in the US is a matter of "if, not when," but problems of anonymity and verifiability must be solved first.
How One Criminal Hacker Group Stole Credentials for 800,000 Bank Accounts
News  |  10/8/2014  | 
Proofpoint report shows how one Russian-speaking criminal organization hides from security companies.
To Combat Government Snooping, Encrypt Data Before Putting It In Cloud, Says Interop Speaker
Quick Hits  |  10/3/2014  | 
If Uncle Sam wants your data, make him come directly to you.


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...