Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in December 2020
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Commentary  |  12/29/2020  | 
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
HelpSystems Acquires Data Security Firm Vera
Quick Hits  |  12/24/2020  | 
The purchase is intended to increase London-based HelpSystems' file collaboration security capabilities.
Microsoft Ups Security of Azure AD, Identity
News  |  12/22/2020  | 
A roundup of Microsoft's recent security news and updates that focus on protecting identity.
CISA: SolarWinds Not the Only Initial Attack Vector in Massive Breach
Quick Hits  |  12/17/2020  | 
Agency says it has "evidence of additional initial access vectors" besides SolarWinds' Orion software.
51% of WFH Parents Say Children Have Accessed Work Accounts
Quick Hits  |  12/17/2020  | 
In addition, 14% of surveyed parents who are working from home say their children have access to their work devices, new data shows.
VPNs, MFA & the Realities of Remote Work
Commentary  |  12/17/2020  | 
The work-from-home-era is accelerating cloud-native service adoption.
Twitter Fined in Irish GDPR Action
Quick Hits  |  12/15/2020  | 
The $547K fine results from an issue Twitter reported in 2019.
Medical Imaging Leaks Highlight Unhealthy Security Practices
News  |  12/15/2020  | 
More than 45 million unique images, such as X-rays and MRI scans, are accessible to anyone on the Internet, security firm says.
7 Security Tips for Gamers
Slideshows  |  12/11/2020  | 
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
Cloud Identity and Access Management: Understanding the Chain of Access
Commentary  |  12/10/2020  | 
Here's where enterprises encounter challenges with cloud IAM and the best practices they should follow to correct these mistakes.
Google Shares Cloud Security Tips
News  |  12/10/2020  | 
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.
Black Hat Europe: Dark Reading Video News Desk Coverage
News  |  12/10/2020  | 
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
Former Microsoft Cloud Security Leads Unveil New Startup
Quick Hits  |  12/9/2020  | 
Wiz has raised $100 million since its January launch and plans to help businesses with visibility into cloud security threats.
Navigating the Security Maze in a New Era of Cyberthreats
Commentary  |  12/9/2020  | 
Multiple, dynamic threats have reshaped the cyber-risk landscape; ignore them at your peril.
Attackers Know Microsoft 365 Better Than You Do
Commentary  |  12/8/2020  | 
Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.
Microsoft Cloud Security Exec Talks New Tech, WFH, Gamification
News  |  12/4/2020  | 
Gunter Ollmann explains the benefits of CSPM technology, how IT security teams have evolved, and how the pandemic has shaped security.
Researchers Discover New Obfuscation-As-a-Service Platform
News  |  12/3/2020  | 
Researchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps.
Common Container Manager Is Vulnerable to Dangerous Exploit
Quick Hits  |  12/3/2020  | 
Container manager vulnerability is one of several weaknesses and vulnerabilities recently disclosed for Docker.
Cloud Security Threats for 2021
Commentary  |  12/3/2020  | 
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
Open Source Flaws Take Years to Find But Just a Month to Fix
News  |  12/2/2020  | 
Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.
Security Slipup Exposes Health Records & Lab Results
Quick Hits  |  12/2/2020  | 
NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online.
Call Fraud Operator Ordered to Pay $9M to Victims
Quick Hits  |  12/1/2020  | 
Indian national will serve 20 years in prison for running a large call center fraud operation.
2020 Cybersecurity Holiday Gift Guide for Kids
Slideshows  |  12/1/2020  | 
Grab some wrapping paper: These STEM toys and games are sure to spark creativity and hone coding and logic skills among a future generation of cybersecurity pros.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37759
PUBLISHED: 2021-07-31
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2021-37760
PUBLISHED: 2021-07-31
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2020-26564
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFil...
CVE-2020-26565
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.
CVE-2020-26806
PUBLISHED: 2021-07-31
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.