Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in December 2020
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Commentary  |  12/29/2020  | 
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
HelpSystems Acquires Data Security Firm Vera
Quick Hits  |  12/24/2020  | 
The purchase is intended to increase London-based HelpSystems' file collaboration security capabilities.
Microsoft Ups Security of Azure AD, Identity
News  |  12/22/2020  | 
A roundup of Microsoft's recent security news and updates that focus on protecting identity.
CISA: SolarWinds Not the Only Initial Attack Vector in Massive Breach
Quick Hits  |  12/17/2020  | 
Agency says it has "evidence of additional initial access vectors" besides SolarWinds' Orion software.
51% of WFH Parents Say Children Have Accessed Work Accounts
Quick Hits  |  12/17/2020  | 
In addition, 14% of surveyed parents who are working from home say their children have access to their work devices, new data shows.
VPNs, MFA & the Realities of Remote Work
Commentary  |  12/17/2020  | 
The work-from-home-era is accelerating cloud-native service adoption.
Twitter Fined in Irish GDPR Action
Quick Hits  |  12/15/2020  | 
The $547K fine results from an issue Twitter reported in 2019.
Medical Imaging Leaks Highlight Unhealthy Security Practices
News  |  12/15/2020  | 
More than 45 million unique images, such as X-rays and MRI scans, are accessible to anyone on the Internet, security firm says.
7 Security Tips for Gamers
Slideshows  |  12/11/2020  | 
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
Cloud Identity and Access Management: Understanding the Chain of Access
Commentary  |  12/10/2020  | 
Here's where enterprises encounter challenges with cloud IAM and the best practices they should follow to correct these mistakes.
Google Shares Cloud Security Tips
News  |  12/10/2020  | 
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.
Black Hat Europe: Dark Reading Video News Desk Coverage
News  |  12/10/2020  | 
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
Former Microsoft Cloud Security Leads Unveil New Startup
Quick Hits  |  12/9/2020  | 
Wiz has raised $100 million since its January launch and plans to help businesses with visibility into cloud security threats.
Navigating the Security Maze in a New Era of Cyberthreats
Commentary  |  12/9/2020  | 
Multiple, dynamic threats have reshaped the cyber-risk landscape; ignore them at your peril.
Attackers Know Microsoft 365 Better Than You Do
Commentary  |  12/8/2020  | 
Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.
Microsoft Cloud Security Exec Talks New Tech, WFH, Gamification
News  |  12/4/2020  | 
Gunter Ollmann explains the benefits of CSPM technology, how IT security teams have evolved, and how the pandemic has shaped security.
Researchers Discover New Obfuscation-As-a-Service Platform
News  |  12/3/2020  | 
Researchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps.
Common Container Manager Is Vulnerable to Dangerous Exploit
Quick Hits  |  12/3/2020  | 
Container manager vulnerability is one of several weaknesses and vulnerabilities recently disclosed for Docker.
Cloud Security Threats for 2021
Commentary  |  12/3/2020  | 
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
Open Source Flaws Take Years to Find But Just a Month to Fix
News  |  12/2/2020  | 
Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.
Security Slipup Exposes Health Records & Lab Results
Quick Hits  |  12/2/2020  | 
NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online.
Call Fraud Operator Ordered to Pay $9M to Victims
Quick Hits  |  12/1/2020  | 
Indian national will serve 20 years in prison for running a large call center fraud operation.
2020 Cybersecurity Holiday Gift Guide for Kids
Slideshows  |  12/1/2020  | 
Grab some wrapping paper: These STEM toys and games are sure to spark creativity and hone coding and logic skills among a future generation of cybersecurity pros.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34362
PUBLISHED: 2021-10-22
A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. If exploited, this vulnerability allow remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of Media Streaming add-on: QTS 5.0.0: Media ...
CVE-2021-41127
PUBLISHED: 2021-10-21
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot...
CVE-2021-41169
PUBLISHED: 2021-10-21
Sulu is an open-source PHP content management system based on the Symfony framework. In versions before 1.6.43 are subject to stored cross site scripting attacks. HTML input into Tag names is not properly sanitized. Only admin users are allowed to create tags. Users are advised to upgrade.
CVE-2021-27746
PUBLISHED: 2021-10-21
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
CVE-2021-36869
PUBLISHED: 2021-10-21
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.