Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in October 2016
Microsoft Launches Security Program For Azure IoT
News  |  10/31/2016  | 
As part of the program, Microsoft has partnered with security auditors who will examine customers' IoT infrastructure, find problems, and provide guidance.
Leak Of 1.3 Million Blood Donor Records Is Australia's Biggest Breach Ever
Quick Hits  |  10/31/2016  | 
Sensitive medical data of 550,000 Red Cross blood donors exposed online inadvertently in countrys most damaging data breach to date.
Preparing For Government Data Requests After Apple Vs. FBI
Preparing For Government Data Requests After Apple Vs. FBI
Dark Reading Videos  |  10/31/2016  | 
Jennifer Granick and Riana Pfefferkorn discuss lessons learned from the Apple-FBI case, and how security pros should be prepared if government data requests hit closer to home.
Is Your Business Prepared for the SaaS Tsunami?
Commentary  |  10/29/2016  | 
You dont always have to choose between security and productivity when faced with the challenges of Shadow IT.
Getting To The 'Just Right' Level Of Encryption
Commentary  |  10/26/2016  | 
The key to unlocking secure business messaging is controlling who has the key.
CloudFanta Malware Targets Victims Via Cloud Storage App
News  |  10/25/2016  | 
The malware campaign uses the Sugarsync cloud storage app to distribute malware that steals user credentials and monitors online banking activity.
Why Poor Cyber Hygiene Invites Risk
Commentary  |  10/20/2016  | 
Modern cybersecurity today is all about risk management. That means eliminating and mitigating risks where possible, and knowingly accepting those that remain.
Yahoo Demands Government Be More Transparent About Data Requests
Quick Hits  |  10/20/2016  | 
In a letter to the Director of National Intelligence, the tech company says this transparency would also help clear Yahoo's name in customer email scan case.
US GOP Senate Committee Allegedly Target Of Russian Hackers
Quick Hits  |  10/18/2016  | 
Dutch researcher finds NRSC web store among 5,900 e-commerce sites infected with malware designed to steal payment card details.
Public Wi-Fi Use Grows, Despite Security Risks
Quick Hits  |  10/18/2016  | 
Survey says although 91% of the respondents admit that public Wi-Fi is insecure, 89% still use it.
California Victims Of Yahoo Breach Pursue Claims In State, Not Federal Court
News  |  10/17/2016  | 
Plaintiffs hope to benefit from California's history of stricter cybersecurity and data privacy law.
Cloud Security Replacing Cybersecurity Industry, Says Analyst
Quick Hits  |  10/17/2016  | 
UBS predicts flat corporate spending on IT as cloud computing service providers look set to take over cybersecurity customers.
80% Of IT Pros Say Users Set Up Unapproved Cloud Services
News  |  10/13/2016  | 
Shadow IT is a growing risk concern among IT pros, with most reporting users have gone behind their backs to set up unapproved cloud services.
Executable Files, Old Exploit Kits Top Most Effective Attack Methods
News  |  10/12/2016  | 
Researchers for the new 'Hacker's Playbook' analyzed 4 million breach methods from an attacker's point of view to gauge the real risks today to enterprises.
Businesses Sacrifice Security To Get Apps Released Faster
News  |  10/11/2016  | 
As the app economy continues to drive change in IT security, businesses struggle to meet customer demands while keeping their data secure.
Online Gaming Currency Funds Cybercrime In Real Life
News  |  10/11/2016  | 
You really needed Cristiano Ronaldo or that Doomhammer. Cybercriminals will help you get it for a price, and it's not even entirely illegal.
For The Birds: Dark Reading Cartoon Caption Contest Winners
Commentary  |  10/8/2016  | 
Birdwatching-as-a-Service, live tweeting and NESTFLIX. And the winner is ...
Partners In The Battle Against Cyberthreats
Partners In The Battle Against Cyberthreats
Dark Reading Videos  |  10/6/2016  | 
George Karidis of CompuCom and Rodel Alejo from Intel stop by the Dark Reading News Desk.
Cyber-Anything-As-A-Service: Should The Government Just Outsource Everything?
Partner Perspectives  |  10/4/2016  | 
Agencies should be able to select and provision from a variety of cybersecurity services and capabilities to improve their overall effectiveness and efficiency.
IoT DDoS Attack Code Released
News  |  10/3/2016  | 
Mirai malware could signal the beginning of new trend in using Internet of Things devices as bots for DDoS attacks.
Microsoft Execs Talk Public Policy Changes For Cloud
News  |  10/3/2016  | 
Microsoft highlights security and privacy among 78 public-policy recommendations for the future of global cloud growth.
Hackers Attacked Voter Registration Systems Of 20 US States, Says Official
Quick Hits  |  10/3/2016  | 
US Homeland Security Department calls for scan of election websites and improve security even as FBI probes Russian involvement.
Grading Obama: D-
President Failed To Protect Us From The Bad Guys
Commentary  |  10/3/2016  | 
A barely passing grade from a former special agent in charge of the NYC FBI cybercrimes division for failing to create deterrents and policies that encourage self defense.
Grading Obama: C+
Administration Missed Key Opportunities To Civilize Cyberspace
Commentary  |  10/3/2016  | 
A middling grade because the President's cyber policy initiatives were reactive, laisse faire, and didnt buttress American economic opportunity.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33988
PUBLISHED: 2021-10-19
Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form.
CVE-2020-12141
PUBLISHED: 2021-10-19
An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c.
CVE-2021-29912
PUBLISHED: 2021-10-19
IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.
CVE-2021-38911
PUBLISHED: 2021-10-19
IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940.
CVE-2021-3746
PUBLISHED: 2021-10-19
A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger the issue when the state of the TPM2's volatile state is written. The highest threat from this vulnerability ...