Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in December 2017
China Shuts Down 13,000 Websites for Breaking Internet Laws
Quick Hits  |  12/29/2017  | 
The government says its rules are to protect security and stability, but some say they are repressive.
Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation
Commentary  |  12/29/2017  | 
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.
17 Things We Should Have Learned in 2017 But Probably Didn't
Commentary  |  12/29/2017  | 
The worm has returned and the Yahoos have all been exposed, but did 2017 teach us any genuinely new lessons we shouldn't already have known?
Rapid Growth in Security Market Raises Question: How to Pick a Startup
News  |  12/28/2017  | 
VCs weigh in with their advice on how to select a startup with staying power when purchasing security solutions and services.
CISOs Play Rising Role In Business
News  |  12/26/2017  | 
CISO hiring trends show more external hires, longer tenures, and an increase in MBAs as tech pros are required to understand the business.
Businesses Go on Pre-Holiday Cloud Acquisition Spree
News  |  12/21/2017  | 
VMware, McAfee, and Trend Micro announce a series of acquisitions that indicate a strong focus on cloud security.
US Census Bureau: Data Exposed in Alteryx Leak Already Public
Quick Hits  |  12/21/2017  | 
The US Census Bureau says no personally identifiable information it collected was compromised in this week's Alteryx leak.
Why Network Visibility Is Critical to Removing Security Blind Spots
Commentary  |  12/21/2017  | 
You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.
Be a More Effective CISO by Aligning Security to the Business
Partner Perspectives  |  12/21/2017  | 
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
Massive Cloud Leak Exposes Alteryx, Experian, US Census Bureau Data
Quick Hits  |  12/19/2017  | 
A misconfigured Amazon Web Services S3 storage bucket exposed sensitive data on consumers' financial histories, contact information, and mortgage ownership.
Telegram RAT Escapes Detection via Cloud Apps
Quick Hits  |  12/18/2017  | 
Netskope discovers a new RAT using Dropbox for its payload host and Telegram Messenger for command and control.
Top 8 Cybersecurity Skills IT Pros Need in 2018
Slideshows  |  12/18/2017  | 
Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.
Google Sheds Light on Data Encryption Practices
News  |  12/13/2017  | 
Google explains the details of how it secures information in the cloud and encrypts data in transit.
8 Steps for Building an IT Security Career Path Program
Slideshows  |  12/13/2017  | 
A cybersecurity career-path program can help with talent retention and recruitment.
Microsoft Azure AD Connect Flaw Elevates Employee Privilege
News  |  12/12/2017  | 
An improper default configuration gives employees unnecessary administrative privilege without their knowledge, making them ideal targets for hackers.
Employees on Public WiFi Rarely Face Man-in-the-Middle Attacks
News  |  12/12/2017  | 
Employees' corporate mobile devices are connected to WiFi networks on average 74% of the time.
Oracle Product Rollout Underscores Need for Trust in the Cloud
News  |  12/11/2017  | 
Oracle updates its Identity SOC and management cloud with security tools to verify and manage users trusted with access to cloud-based data and applications.
Microsoft Issues Emergency Patch for 'Critical' Flaw in Windows Security
Quick Hits  |  12/8/2017  | 
Remote code execution vulnerability in Microsoft Malware Protection Engine was found by UK spy agency's National Cyber Security Centre (NCSC).
Android Ransomware Kits on the Rise in the Dark Web
News  |  12/7/2017  | 
More than 5,000 Android ransomware kit listings have been spotted so far this year, with the median price range hitting $200.
Rutkowska: Trust Makes Us Vulnerable
News  |  12/7/2017  | 
Offensive security researcher Joanna Rutkowska explains why trust in technology can put users at risk.
Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin
Quick Hits  |  12/7/2017  | 
Breach occurred just prior to bitcoin's debut on two major US exchanges, the AP reports.
Attacker 'Dwell Time' Average Dips Slightly to 86 Days
News  |  12/7/2017  | 
Real-world incident response investigation data from CrowdStrike reveals attacker trends with fileless malware, ransomware, and other weapons.
NIST Releases New Cybersecurity Framework Draft
News  |  12/6/2017  | 
Updated version includes changes to some existing guidelines - and adds some new ones.
Most Retailers Haven't Fully Tested Their Breach Response Plans
Quick Hits  |  12/6/2017  | 
More than 20% lack a breach response plan altogether, a new survey shows.
Study: Simulated Attacks Uncover Real-World Problems in IT Security
News  |  12/5/2017  | 
Some 70% of simulated attacks on real networks were able to move laterally within the network, while more than half infiltrated the perimeter and exfiltrated data.
Android Developer Tools Contain Vulnerabilities
Quick Hits  |  12/5/2017  | 
Several of the most popular cloud-based and downloadable tools Android developers use are affected.
FBI, Europol, Microsoft, ESET Team Up, Dismantle One of World's Largest Malware Operations
News  |  12/4/2017  | 
Avalanche, aka Gamarue, aka Wauchos, malware enterprise spanned hundreds of botnets and 88 different malware families.
PayPal's TIO Networks Suffered Data Breach Exposing Data on 1.6 Million Customers
Quick Hits  |  12/4/2017  | 
PayPal states TIO Networks, a payment processing company it acquired this summer, is not part of its network and PayPal remains unaffected by the breach.
Tips for Writing Better Infosec Job Descriptions
News  |  12/4/2017  | 
Security leaders frustrated with their talent search may be searching for the wrong skills and qualifications.
Sallie Mae CISO: 4 Technologies That Will Shape IT Security
News  |  12/1/2017  | 
'The world as we know it will vanish,' according to Jerry Archer.


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...