Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in December 2018
Attackers Use Google Cloud to Target US, UK Banks
Quick Hits  |  12/26/2018  | 
Employees at financial services firms hit with an email attack campaign abusing a Google Cloud storage service.
Spending Spree: What's on Security Investors' Minds for 2019
News  |  12/26/2018  | 
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
Security 101: How Businesses and Schools Bridge the Talent Gap
News  |  12/20/2018  | 
Security experts share the skills companies are looking for, the skills students are learning, and how to best find talent you need.
US Indicts 2 APT10 Members for Years-Long Hacking Campaign
Quick Hits  |  12/20/2018  | 
In an indictment unsealed this morning, the US ties China's state security agency to a widespread campaign of personal and corporate information theft.
How to Remotely Brick a Server
News  |  12/19/2018  | 
Researchers demonstrate the process of remotely bricking a server, which carries serious and irreversible consequences for businesses.
Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots
Commentary  |  12/19/2018  | 
While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
Shhhhh! The Secret to Secrets Management
Commentary  |  12/17/2018  | 
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
Who Are You, Really? A Peek at the Future of Identity
News  |  12/14/2018  | 
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
2019 Attacker Playbook
Slideshows  |  12/14/2018  | 
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
Education Gets an 'F' for Cybersecurity
Quick Hits  |  12/13/2018  | 
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
Bug Hunting Paves Path to Infosec Careers
News  |  12/12/2018  | 
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
Arctic Wolf Buys RootSecure
Quick Hits  |  12/12/2018  | 
The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.
49% of Cloud Databases Left Unencrypted
News  |  12/11/2018  | 
Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.
New Google+ Breach Will Lead to Early Service Shutdown
Quick Hits  |  12/10/2018  | 
A breach affecting more than 52 million users was patched, but not before leading to the company rethinking the future of the service.
6 Cloud Security Predictions for 2019
Commentary  |  12/10/2018  | 
How the fast pace of cloud computing adoption in 2018 will dramatically change the security landscape next year.
'Simplify Everything': Google Talks Container Security in 2019
News  |  12/7/2018  | 
Google Cloud's container security lead shares predictions, best practices, and what's top of mind for customers.
Kubernetes Vulnerability Hits Top of Severity Scale
News  |  12/6/2018  | 
The security issue strikes at some of the basic reasons for the rising popularity of containers as an architecture and Kubernetes as an orchestration mechanism.
A Shift from Cybersecurity to Cyber Resilience: 6 Steps
Commentary  |  12/5/2018  | 
Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.
Google Cloud Security Command Center Now in Beta
News  |  12/5/2018  | 
The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.
Microsoft, Mastercard Aim to Change Identity Management
News  |  12/3/2018  | 
A new partnership wants to improve how people use and manage the virtual identities that govern their lives online.


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...