Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in October 2018
Qualys Snaps Up Container Firm
Quick Hits  |  10/31/2018  | 
Plans to use Layered Insight's technology to add runtime capabilities and automated enforcement to its container security tool.
How the Power of Quantum Can Be Used Against Us
Commentary  |  10/31/2018  | 
There has been a palpable shift from volumetric attacks to "quantum attacks," and they look to be one of the biggest cybersecurity challenges on the rise today.
9 Traits of A Strong Infosec Resume
Slideshows  |  10/31/2018  | 
Security experts share insights on which skills and experiences are most helpful to job hunters looking for their next gig.
The Case for MarDevSecOps
Commentary  |  10/30/2018  | 
Why security must lead the integration of marketing into the collaborative security and development model in the cloud.
Security Implications of IBM-Red Hat Merger Unclear
News  |  10/29/2018  | 
But enterprises and open source community likely have little to be concerned about, industry experts say.
Windows Defender: First Full Antivirus Tool to Run in a Sandbox
News  |  10/29/2018  | 
Sandboxed version now available to Windows Insiders and anyone else who force-enables it in Windows 10 version 1703 and above.
AppSec Is Dead, but Software Security Is Alive & Well
Commentary  |  10/29/2018  | 
Application security must be re-envisioned to support software security. It's time to shake up your processes.
3 Keys to Reducing the Threat of Ransomware
Commentary  |  10/26/2018  | 
Following these steps could mean the difference between an inconvenience and a multimillion-dollar IT system rebuild -- for the public and private sectors alike.
Side-Channel Attack Exposes User Accounts on Facebook, XBox, Other Social Sites
News  |  10/25/2018  | 
Researcher will demonstrate at Black Hat Europe his team's recent discovery: a way to exploit popular user-blocking feature on social media and other sites.
Securing Serverless: Attacking an AWS Account via a Lambda Function
Commentary  |  10/25/2018  | 
Its not every day that someone lets you freely wreak havoc on their account just to find out what happens when you do.
Securing Severless: Defend or Attack?
Commentary  |  10/25/2018  | 
The best way to protect your cloud infrastructure is to pay attention to the fundamentals of application security, identity access management roles, and follow configuration best-practices.
Windows 7 End-of-Life: Are You Ready?
News  |  10/24/2018  | 
Microsoft will terminate support for Windows 7 in January 2020, but some there's still some confusion among enterprises about when the OS officially gets retired.
Benefits of DNS Service Locality
Commentary  |  10/24/2018  | 
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
Former HS Teacher Admits to 'Celebgate' Hack
Quick Hits  |  10/23/2018  | 
Christopher Brannan accessed full iCloud backups, photos, and other personal data belonging to more than 200 victims.
7 Ways a Collaboration System Could Wreck Your IT Security
Slideshows  |  10/18/2018  | 
The same traits that make collaboration systems so useful for team communications can help hackers, too.
Oracle Issues Massive Collection of Critical Security Updates
Quick Hits  |  10/17/2018  | 
The software updates from Oracle address a record number of vulnerabilities.
(ISC) : Global Cybersecurity Workforce Short 3 Million People
News  |  10/17/2018  | 
With the skills gap still wide, security leaders explain the challenges of hiring and retaining security experts.
Startup Spun Out of Securosis Secures $2.5 Million Seed Investment
News  |  10/17/2018  | 
DistruptOps officially rolls out its SaaS for automating control of cloud operations and security.
The Three Dimensions of the Threat Intelligence Scale Problem
Commentary  |  10/17/2018  | 
To succeed, organizations must be empowered to reduce their attack surface and staff overload so they can get more out of their existing firewall and threat intelligence investments.
A Cybersecurity Weak Link: Linux and IoT
Commentary  |  10/16/2018  | 
Linux powers many of the IoT devices on which we've come to rely -- something that enterprises must address.
Rapid7 Acquires tCell
Quick Hits  |  10/16/2018  | 
The purchase brings together a cloud security platform with a web application firewall.
6 Reasons Why Employees Violate Security Policies
Slideshows  |  10/16/2018  | 
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
6 Security Trends for 2018/2019
News  |  10/15/2018  | 
Speaking at the Gartner Symposium/ITxpo, analyst Peter Firstbrook's list of trends is likely to inform executive committee conversations for the next 12 months.
Millions of Voter Records Found for Sale on the Dark Web
Quick Hits  |  10/15/2018  | 
Voter registration databases from 19 US states are being hawked in an underground hacking forum, researchers say.
Facebook Update: 30 Million Users Actually Hit in its Recent Breach
News  |  10/12/2018  | 
The good news: That number is less than the original estimate of 50 million. The bad news: It might not have been the only attack.
Window Snyder Shares Her Plans for Intel Security
News  |  10/11/2018  | 
The security leader, known for her role in securing Microsoft, Apple, and Mozilla, discusses her new gig and what she's working on now.
Google Adds New Identity, Security Tools to Cloud Platform
News  |  10/11/2018  | 
A wave of cloud news includes new tools for identity and access management and policies for stronger controls on cloud resources.
Imperva to Be Acquired by Thoma Bravo for $2.1 Billion
Quick Hits  |  10/10/2018  | 
But two law firms are investigating whether the security vendor breached its fiduciary duty to shareholders by not actively seeking buyers offering a higher price.
Google+ Vulnerability Hits Service, Leads to Shutdown
News  |  10/9/2018  | 
In response to the breach, Google is changing policies, modifying APIs, and shutting down Google+.
Git Gets Patched for Newly Found Flaw
Quick Hits  |  10/9/2018  | 
A vulnerability in Git could allow an attacker to place malicious, auto-executing code in a sub-module.
Microsoft Fixes Privilege Escalation 0Day Under Active Attack
News  |  10/9/2018  | 
This month's Patch Tuesday includes 49 patches, two of which are ranked Critical, and two security advisories.
New Domains: A Wide-Open Playing Field for Cybercrime
Commentary  |  10/9/2018  | 
As bad actors increasingly exploit new domains for financial gain and other nefarious purposes, security teams need to employ policies and practices to neutralize the threat in real time. Here's why and how.
12 AppSec Activities Enterprises Can't Afford to Skip
Slideshows  |  10/5/2018  | 
The latest Building Security in Maturity Model (BSIMM9) report offers a statistically backed, bare-minimum benchmark for software security initiatives.
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Commentary  |  10/5/2018  | 
Technology such as Apple's device trust score that decides "you" is not you is a good thing. But only if it works well.
7 Steps to Start Your Risk Assessment
Slideshows  |  10/4/2018  | 
Risk assessment can be complex, but it's vital for making good decisions about IT security. Here are steps to start you down the path toward a meaningful risk assessment process.
GDPR Report Card: Some Early Gains but More Work Ahead
Commentary  |  10/4/2018  | 
US companies paid the most, to date, to meet the EU's General Data Protection Regulation, according to a recent study, but UK companies made greater progress in achieving compliance goals.
Malware Outbreak Causes Disruptions, Closures at Canadian Restaurant Chain
News  |  10/3/2018  | 
But Recipe Unlimited denies it was the victim of a ransomware attack, as some have reported.
Palo Alto Networks Buys RedLock to Strengthen Cloud Security
Quick Hits  |  10/3/2018  | 
The transaction, valued at $173 million, is intended to bring analytics and threat detection to Palo Alto Networks' cloud security offering.
Putting Security on Par with DevOps
Commentary  |  10/3/2018  | 
Inside the cloud, innovation and automation shouldn't take a toll on protection.
100,000-Plus Home Routers Hijacked in Campaign to Steal Banking Credentials
News  |  10/3/2018  | 
The GhostDNS campaign, which has been mainly targeting consumers in Brazil, has exploded in scope since August.
Hacker 'AlfabetoVirtual' Pleads Guilty to NYC Comptroller, West Point Website Defacements
Quick Hits  |  10/2/2018  | 
Two felony counts each carry a maximum 10-year prison sentence.
The Award for Most Dangerous Celebrity Goes To
Quick Hits  |  10/2/2018  | 
A new study highlights which celebrities are associated with the most malicious websites, making them risky search subjects.
Exclusive: Cisco, Duo Execs Share Plans for the Future
News  |  10/1/2018  | 
Cisco's Gee Rittenhouse and Duo's Dug Song offer ideas and goals for the merged companies as Duo folds under the Cisco umbrella.


Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10560
PUBLISHED: 2020-03-30
An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file path with a weak cryptographic rand() can be used to read any file with the permissions of the webserver. This can lead to further compromise. The attacker must conduct a brute-force attack against the S...
CVE-2020-5527
PUBLISHED: 2020-03-30
When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource co...
CVE-2020-5551
PUBLISHED: 2020-03-30
Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the re...
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.