Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in December 2019
20 Vulnerabilities to Prioritize Patching Before 2020
News  |  12/23/2019  | 
Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.
F5 Pays $1 Billion for Shape
Quick Hits  |  12/20/2019  | 
The acquisition adds fraud detection and prevention to the application delivery company's tool collection.
Google Cloud External Key Manager Now in Beta
Quick Hits  |  12/19/2019  | 
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
Trading Online? Steps to Take to Avoid Getting Phished
News  |  12/18/2019  | 
From an IT managers perspective, any employee using such a mobile app on a phone they also use for business opens up risks to the corporate network.
'Password' Falls in the Ranks of Favorite Bad Passwords
News  |  12/18/2019  | 
Facebook, Google named worst password breach offenders.
Higher Degree, Higher Salary? Not for Some Security Pros
News  |  12/17/2019  | 
Turns out, skill beats experience and an academic degree doesn't guarantee higher compensation for five security positions.
Data Security Startup Satori Cyber Launches with $5.25M Seed Round
News  |  12/17/2019  | 
Satori Cyber aims to help businesses better protect and govern their information with its Secure Data Access Cloud.
Fortinet Buys CyberSponse for SOAR Capabilities
Quick Hits  |  12/13/2019  | 
It plans to integrate CyberSponse's SOAR platform into the Fortinet Security Fabric.
Endpoint Protection: Dark Reading Caption Contest Winners
Commentary  |  12/13/2019  | 
Trojans, knights, and medieval wordplay. And the winners are ...
Lessons Learned from 7 Big Breaches in 2019
Slideshows  |  12/13/2019  | 
Capital One, Macy's, FEMA, and others: key takeaways from the year's most notable breaches.
Smart Building Security Awareness Grows
News  |  12/12/2019  | 
In 2020, expect to hear more about smart building security.
Big Changes Are Coming to Security Analytics & Operations
Commentary  |  12/11/2019  | 
New ESG research points to fundamental problems, a need for scalable security data pipelines, and a migration to the public cloud.
Data Leak Week: Billions of Sensitive Files Exposed Online
News  |  12/10/2019  | 
A total of 2.7 billion email addresses, 1 billion email account passwords, and nearly 800,000 applications for copies of birth certificate were found on unsecured cloud buckets.
Microsoft Fixes Windows Zero-Day on Lightest Patch Tuesday of 2019
News  |  12/10/2019  | 
This month's batch of security updates addresses 36 CVEs, seven of which are rated Critical and one of which has been exploited in the wild.
Only 53% of Security Pros Have Ownership of Workforce IAM
Quick Hits  |  12/10/2019  | 
Most practitioners report an increase in identities, but many don't have control over how those identities are protected from a range of attacks.
10 Notable Cybersecurity Acquisitions of 2019, Part 2
Slideshows  |  12/9/2019  | 
As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.
4 Tips to Run Fast in the Face of Digital Transformation
Commentary  |  12/9/2019  | 
This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.
With Aporeto, Palo Alto Looks Away from the Firewall and Toward the Future
News  |  12/5/2019  | 
Seeing its firewall sales softening, the security vendor makes another acquisition to reorient itself for the cloud era.
Microsoft Defender ATP Brings EDR Capabilities to macOS
Quick Hits  |  12/5/2019  | 
Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.
Navigating Security in the Cloud
Commentary  |  12/4/2019  | 
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
Leveraging the Cloud for Cyber Intelligence
Commentary  |  12/3/2019  | 
How fusing output datasets and sharing information can create a real-time understanding of suspicious activity across your enterprise.
Microsoft Fixes Flaw Threatening Azure Accounts
Quick Hits  |  12/2/2019  | 
Researchers detail a bug they found in some of Microsoft's OAuth 2.0 applications.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Hunny, I looked every where for the dorritos. 
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8567
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...
CVE-2020-8569
PUBLISHED: 2021-01-21
Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when: - The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass. - The snapshot-controller crashes, ...
CVE-2020-8570
PUBLISHED: 2021-01-21
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executi...
CVE-2020-8554
PUBLISHED: 2021-01-21
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typicall...