Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in October 2019
New Office 365 Phishing Scam Leaves A Voicemail
Quick Hits  |  10/31/2019  | 
A fake voice message lures victims to a fake Microsoft 365 login page that prompts them to enter credentials.
Security Pros Fear Insider Attacks Stem from Cloud Apps
Quick Hits  |  10/30/2019  | 
More than half of security practitioners surveyed say insider attack detection has grown more difficult since migrating to cloud.
Why Cloud-Native Applications Need Cloud-Native Security
Commentary  |  10/29/2019  | 
Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.
Google Cloud Adds New Security Management Tools to G Suite
Quick Hits  |  10/29/2019  | 
Desktop devices that log into G Suite will have device management enabled by default, streamlining processes for IT admins.
40% of Security Pros Job Hunting as Satisfaction Drops
News  |  10/24/2019  | 
Symptoms of job dissatisfaction creep into an industry already plagued with gaps in diversity and work-life balance.
Eight-Hour DDoS Attack Struck AWS Customers
Quick Hits  |  10/24/2019  | 
Google Cloud Platform suffered issues around the same time as Amazon Web Services but claims they were not caused by DDoS.
NordVPN Breached Via Data Center Provider's Error
Quick Hits  |  10/22/2019  | 
The VPN company said that one of its 3,000 servers in a third-party data center was open to exploitation through a misconfigured management tool.
Autoclerk Database Spills 179GB of Customer, US Government Data
Quick Hits  |  10/22/2019  | 
An open Elasticsearch database exposed hundreds of thousands of hotel booking reservations, compromising data from full names to room numbers.
Researchers Turn Alexa and Google Home Into Credential Thieves
Quick Hits  |  10/21/2019  | 
Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.
Trend Micro Buys Cloud Conformity to Fight Cloud Competition
Quick Hits  |  10/21/2019  | 
The cloud security posture management startup was acquired for a reported $70 million.
In a Crowded Endpoint Security Market, Consolidation Is Underway
News  |  10/18/2019  | 
Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.
Phishing Campaign Targets Stripe Credentials, Financial Data
News  |  10/17/2019  | 
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.
State of SMB Insecurity by the Numbers
Slideshows  |  10/17/2019  | 
SMBs still perceive themselves at low risk from cyberthreats in spite of attack statistics that paint a different pictur
Cozy Bear Emerges from Hibernation to Hack EU Ministries
News  |  10/17/2019  | 
The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.
SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance
Quick Hits  |  10/16/2019  | 
The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.
Google Cloud Launches Security Health Analytics in Beta
Quick Hits  |  10/16/2019  | 
The tool is designed to help identify misconfigurations and compliance violations in the Google Cloud Platform.
Cryptojacking Worm Targets and Infects 2,000 Docker Hosts
News  |  10/16/2019  | 
Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.
Symantec Adds Endpoint Security Tool to Revamp Portfolio
Quick Hits  |  10/15/2019  | 
Symantec Endpoint Security aims to deliver protection, detection, threat hunting, and response in a single tool.
Sophos for Sale: Thoma Bravo Offers $3.9B
News  |  10/14/2019  | 
Sophos' board of directors plans to unanimously recommend the offer to the company's shareholders.
Pitney Bowes Hit by Ransomware
Quick Hits  |  10/14/2019  | 
The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
When Using Cloud, Paranoia Can Pay Off
News  |  10/14/2019  | 
Journalists are increasingly concerned about what cloud providers may access or share with governments - and companies should worry as well.
7 SMB Security Tips That Will Keep Your Company Safe
Slideshows  |  10/11/2019  | 
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
Imperva Details Response to Customer Database Exposure
Quick Hits  |  10/10/2019  | 
The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.
Akamai Snaps Up ChameleonX to Tackle Magecart
Quick Hits  |  10/10/2019  | 
The Israel-based ChameleonX aims to protect websites from cyberattacks targeting payment data.
How to Think Like a Hacker
Commentary  |  10/10/2019  | 
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
Magecart Attack on Volusion Highlights Supply Chain Dangers
News  |  10/10/2019  | 
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
Network Security Must Transition into the Cloud Era
Commentary  |  10/10/2019  | 
An integrated approach is the best way to provide organizations with the tools they need to decrease the attack surface and use strong security controls.
How the Software-Defined Perimeter Is Redefining Access Control
Commentary  |  10/9/2019  | 
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
Microsoft Issues 9 Critical Security Patches
News  |  10/8/2019  | 
None of the total 59 patches were for previously known vulnerabilities nor are any under active attack, Microsoft reports.
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Commentary  |  10/8/2019  | 
As in any battle, understanding and exploiting the terrain often dictates the outcome.
7 Considerations Before Adopting Security Standards
Slideshows  |  10/8/2019  | 
Here's what to think through as you prepare your organization for standards compliance.
Lack of Role Models, Burnout & Pay Disparity Hold Women Back
News  |  10/7/2019  | 
New ISACA data emphasizes a gap between men and women who share their opinions on underrepresentation of women and equal pay in the tech industry.
20M Russians' Personal Tax Records Exposed in Data Leak
Quick Hits  |  10/3/2019  | 
An unprotected Elasticsearch cluster contained personally identifiable information on Russian citizens from 2009 to 2016.
New Silent Starling Attack Group Puts Spin on BEC
News  |  10/2/2019  | 
The West African cybergang has successfully infiltrated more than 500 companies using a tactic dubbed 'vendor email compromise.'
Google's 'Password Checkup' Tool Tells You When Passwords Are Leaked
Quick Hits  |  10/2/2019  | 
The feature will check the strength of saved passwords and alert users when they're compromised in a breach.
Controlling Data Leakage in Cloud Test-Dev Environments
Commentary  |  10/2/2019  | 
The focus on digital transformation and compressing development release cycles is appealing, but that means security can be left behind. How should security practitioners address this challenge?
Cisco Webex & Zoom Bug Lets Attackers Spy on Conference Calls
News  |  10/1/2019  | 
The "Prying-Eye" vulnerability could let intruders scan for unprotected meeting IDs and snoop on conference calls.


Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...