Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in October 2019
New Office 365 Phishing Scam Leaves A Voicemail
Quick Hits  |  10/31/2019  | 
A fake voice message lures victims to a fake Microsoft 365 login page that prompts them to enter credentials.
Security Pros Fear Insider Attacks Stem from Cloud Apps
Quick Hits  |  10/30/2019  | 
More than half of security practitioners surveyed say insider attack detection has grown more difficult since migrating to cloud.
Why Cloud-Native Applications Need Cloud-Native Security
Commentary  |  10/29/2019  | 
Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.
Google Cloud Adds New Security Management Tools to G Suite
Quick Hits  |  10/29/2019  | 
Desktop devices that log into G Suite will have device management enabled by default, streamlining processes for IT admins.
40% of Security Pros Job Hunting as Satisfaction Drops
News  |  10/24/2019  | 
Symptoms of job dissatisfaction creep into an industry already plagued with gaps in diversity and work-life balance.
Eight-Hour DDoS Attack Struck AWS Customers
Quick Hits  |  10/24/2019  | 
Google Cloud Platform suffered issues around the same time as Amazon Web Services but claims they were not caused by DDoS.
NordVPN Breached Via Data Center Provider's Error
Quick Hits  |  10/22/2019  | 
The VPN company said that one of its 3,000 servers in a third-party data center was open to exploitation through a misconfigured management tool.
Autoclerk Database Spills 179GB of Customer, US Government Data
Quick Hits  |  10/22/2019  | 
An open Elasticsearch database exposed hundreds of thousands of hotel booking reservations, compromising data from full names to room numbers.
Researchers Turn Alexa and Google Home Into Credential Thieves
Quick Hits  |  10/21/2019  | 
Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.
Trend Micro Buys Cloud Conformity to Fight Cloud Competition
Quick Hits  |  10/21/2019  | 
The cloud security posture management startup was acquired for a reported $70 million.
In a Crowded Endpoint Security Market, Consolidation Is Underway
News  |  10/18/2019  | 
Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.
Phishing Campaign Targets Stripe Credentials, Financial Data
News  |  10/17/2019  | 
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.
State of SMB Insecurity by the Numbers
Slideshows  |  10/17/2019  | 
SMBs still perceive themselves at low risk from cyberthreats in spite of attack statistics that paint a different pictur
Cozy Bear Emerges from Hibernation to Hack EU Ministries
News  |  10/17/2019  | 
The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.
SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance
Quick Hits  |  10/16/2019  | 
The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.
Google Cloud Launches Security Health Analytics in Beta
Quick Hits  |  10/16/2019  | 
The tool is designed to help identify misconfigurations and compliance violations in the Google Cloud Platform.
Cryptojacking Worm Targets and Infects 2,000 Docker Hosts
News  |  10/16/2019  | 
Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.
Symantec Adds Endpoint Security Tool to Revamp Portfolio
Quick Hits  |  10/15/2019  | 
Symantec Endpoint Security aims to deliver protection, detection, threat hunting, and response in a single tool.
Sophos for Sale: Thoma Bravo Offers $3.9B
News  |  10/14/2019  | 
Sophos' board of directors plans to unanimously recommend the offer to the company's shareholders.
Pitney Bowes Hit by Ransomware
Quick Hits  |  10/14/2019  | 
The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
When Using Cloud, Paranoia Can Pay Off
News  |  10/14/2019  | 
Journalists are increasingly concerned about what cloud providers may access or share with governments - and companies should worry as well.
7 SMB Security Tips That Will Keep Your Company Safe
Slideshows  |  10/11/2019  | 
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
Imperva Details Response to Customer Database Exposure
Quick Hits  |  10/10/2019  | 
The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.
Akamai Snaps Up ChameleonX to Tackle Magecart
Quick Hits  |  10/10/2019  | 
The Israel-based ChameleonX aims to protect websites from cyberattacks targeting payment data.
How to Think Like a Hacker
Commentary  |  10/10/2019  | 
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
Magecart Attack on Volusion Highlights Supply Chain Dangers
News  |  10/10/2019  | 
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
Network Security Must Transition into the Cloud Era
Commentary  |  10/10/2019  | 
An integrated approach is the best way to provide organizations with the tools they need to decrease the attack surface and use strong security controls.
How the Software-Defined Perimeter Is Redefining Access Control
Commentary  |  10/9/2019  | 
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
Microsoft Issues 9 Critical Security Patches
News  |  10/8/2019  | 
None of the total 59 patches were for previously known vulnerabilities nor are any under active attack, Microsoft reports.
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Commentary  |  10/8/2019  | 
As in any battle, understanding and exploiting the terrain often dictates the outcome.
7 Considerations Before Adopting Security Standards
Slideshows  |  10/8/2019  | 
Here's what to think through as you prepare your organization for standards compliance.
Lack of Role Models, Burnout & Pay Disparity Hold Women Back
News  |  10/7/2019  | 
New ISACA data emphasizes a gap between men and women who share their opinions on underrepresentation of women and equal pay in the tech industry.
20M Russians' Personal Tax Records Exposed in Data Leak
Quick Hits  |  10/3/2019  | 
An unprotected Elasticsearch cluster contained personally identifiable information on Russian citizens from 2009 to 2016.
New Silent Starling Attack Group Puts Spin on BEC
News  |  10/2/2019  | 
The West African cybergang has successfully infiltrated more than 500 companies using a tactic dubbed 'vendor email compromise.'
Google's 'Password Checkup' Tool Tells You When Passwords Are Leaked
Quick Hits  |  10/2/2019  | 
The feature will check the strength of saved passwords and alert users when they're compromised in a breach.
Controlling Data Leakage in Cloud Test-Dev Environments
Commentary  |  10/2/2019  | 
The focus on digital transformation and compressing development release cycles is appealing, but that means security can be left behind. How should security practitioners address this challenge?
Cisco Webex & Zoom Bug Lets Attackers Spy on Conference Calls
News  |  10/1/2019  | 
The "Prying-Eye" vulnerability could let intruders scan for unprotected meeting IDs and snoop on conference calls.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4719
PUBLISHED: 2020-09-24
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVE-2020-15604
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-24560
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...