Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in December 2019
20 Vulnerabilities to Prioritize Patching Before 2020
News  |  12/23/2019  | 
Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.
F5 Pays $1 Billion for Shape
Quick Hits  |  12/20/2019  | 
The acquisition adds fraud detection and prevention to the application delivery company's tool collection.
Google Cloud External Key Manager Now in Beta
Quick Hits  |  12/19/2019  | 
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
Trading Online? Steps to Take to Avoid Getting Phished
News  |  12/18/2019  | 
From an IT managers perspective, any employee using such a mobile app on a phone they also use for business opens up risks to the corporate network.
'Password' Falls in the Ranks of Favorite Bad Passwords
News  |  12/18/2019  | 
Facebook, Google named worst password breach offenders.
Higher Degree, Higher Salary? Not for Some Security Pros
News  |  12/17/2019  | 
Turns out, skill beats experience and an academic degree doesn't guarantee higher compensation for five security positions.
Data Security Startup Satori Cyber Launches with $5.25M Seed Round
News  |  12/17/2019  | 
Satori Cyber aims to help businesses better protect and govern their information with its Secure Data Access Cloud.
Fortinet Buys CyberSponse for SOAR Capabilities
Quick Hits  |  12/13/2019  | 
It plans to integrate CyberSponse's SOAR platform into the Fortinet Security Fabric.
Endpoint Protection: Dark Reading Caption Contest Winners
Commentary  |  12/13/2019  | 
Trojans, knights, and medieval wordplay. And the winners are ...
Lessons Learned from 7 Big Breaches in 2019
Slideshows  |  12/13/2019  | 
Capital One, Macy's, FEMA, and others: key takeaways from the year's most notable breaches.
Smart Building Security Awareness Grows
News  |  12/12/2019  | 
In 2020, expect to hear more about smart building security.
Big Changes Are Coming to Security Analytics & Operations
Commentary  |  12/11/2019  | 
New ESG research points to fundamental problems, a need for scalable security data pipelines, and a migration to the public cloud.
Data Leak Week: Billions of Sensitive Files Exposed Online
News  |  12/10/2019  | 
A total of 2.7 billion email addresses, 1 billion email account passwords, and nearly 800,000 applications for copies of birth certificate were found on unsecured cloud buckets.
Microsoft Fixes Windows Zero-Day on Lightest Patch Tuesday of 2019
News  |  12/10/2019  | 
This month's batch of security updates addresses 36 CVEs, seven of which are rated Critical and one of which has been exploited in the wild.
Only 53% of Security Pros Have Ownership of Workforce IAM
Quick Hits  |  12/10/2019  | 
Most practitioners report an increase in identities, but many don't have control over how those identities are protected from a range of attacks.
10 Notable Cybersecurity Acquisitions of 2019, Part 2
Slideshows  |  12/9/2019  | 
As mergers and acquisitions continued to shape the security industry throughout 2019, these deals were most significant.
4 Tips to Run Fast in the Face of Digital Transformation
Commentary  |  12/9/2019  | 
This gridiron-inspired advice will guarantee your digital transformation success and keep your data safe.
With Aporeto, Palo Alto Looks Away from the Firewall and Toward the Future
News  |  12/5/2019  | 
Seeing its firewall sales softening, the security vendor makes another acquisition to reorient itself for the cloud era.
Microsoft Defender ATP Brings EDR Capabilities to macOS
Quick Hits  |  12/5/2019  | 
Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.
Navigating Security in the Cloud
Commentary  |  12/4/2019  | 
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
Leveraging the Cloud for Cyber Intelligence
Commentary  |  12/3/2019  | 
How fusing output datasets and sharing information can create a real-time understanding of suspicious activity across your enterprise.
Microsoft Fixes Flaw Threatening Azure Accounts
Quick Hits  |  12/2/2019  | 
Researchers detail a bug they found in some of Microsoft's OAuth 2.0 applications.


Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4230
PUBLISHED: 2020-02-19
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.
CVE-2019-4429
PUBLISHED: 2020-02-19
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162886.
CVE-2019-4457
PUBLISHED: 2020-02-19
IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and 6.0.6.1 could allow an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 163654.
CVE-2019-4640
PUBLISHED: 2020-02-19
IBM Security Secret Server 10.7 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code which could result in an attacker executing malicious code. IBM X-Force ID: 170046.
CVE-2020-4135
PUBLISHED: 2020-02-19
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.