Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in February 2018
The State of Application Penetration Testing
News  |  2/28/2018  | 
Data from real-world pen tests shows configuration errors and cross-site scripting are the most commonly found vulnerabilities.
Zero-Day Attacks Major Concern in Hybrid Cloud
News  |  2/28/2018  | 
Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
Virtual Private Networks: Why Their Days Are Numbered
Partner Perspectives  |  2/28/2018  | 
As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.
SAML Flaw Lets Hackers Assume Users' Identities
News  |  2/27/2018  | 
Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Splunk to Acquire Phantom
Quick Hits  |  2/27/2018  | 
$350 million deal scheduled to close Q1 2018.
Adobe Flash Vulnerability Reappears in Malicious Word Files
News  |  2/26/2018  | 
CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.
7 Key Stats that Size Up the Cybercrime Deluge
Slideshows  |  2/26/2018  | 
Updated data on zero-days, IoT threats, cryptomining and economic costs should keep eyebrows raised in 2018.
6 Cybersecurity Trends to Watch
Commentary  |  2/26/2018  | 
Expect more as the year goes on: more breaches, more IoT attacks, more fines
93% of Cloud Applications Aren't Enterprise-Ready
News  |  2/23/2018  | 
The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
10 Can't-Miss Talks at Black Hat Asia
Slideshows  |  2/23/2018  | 
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
7 Cryptominers & Cryptomining Botnets You Can't Ignore
Slideshows  |  2/21/2018  | 
Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.
Facebook Aims to Make Security More Social
News  |  2/20/2018  | 
Facebook's massive user base creates an opportunity to educate billions on security.
Siemens Leads Launch of Global Cybersecurity Initiative
News  |  2/16/2018  | 
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
FedEx Customer Data Exposed on Unsecured S3 Server
Quick Hits  |  2/16/2018  | 
Thousands of documents from US and international citizens were exposed on an Amazon S3 bucket configured for public access.
Democracy & DevOps: What Is the Proper Role for Security?
Commentary  |  2/15/2018  | 
Security experts need a front-row seat in the application development process but not at the expense of the business.
Oracle Buys Zenedge for Cloud Security
Quick Hits  |  2/15/2018  | 
Oracle announces its acquisition of Zenedge, which focuses on cloud-based network and infrastructure security.
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
News  |  2/14/2018  | 
The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
Microsoft Adds Windows Defender ATP Support to Windows 7, 8.1
Quick Hits  |  2/12/2018  | 
Microsoft brings Windows Defender ATP down-level support to older versions of Windows for businesses transitioning to Windows 10.
Man Formerly on FBI Most Wanted List Pleads Guilty in 'Scareware' Hack
Quick Hits  |  2/7/2018  | 
Latvian man ran bulletproof Web hosting service that served cybercriminals.
New Zero-Day Ransomware Evades Microsoft, Google Cloud Malware Detection
News  |  2/7/2018  | 
Shurl0ckr, a form of Gojdue ransomware, was not detected on SharePoint or Google Drive.
Top Cloud Security Misconceptions Plaguing Enterprises
Partner Perspectives  |  2/7/2018  | 
Contrary to popular opinion, there is no one single cloud. There are a wealth of cloud-based providers that own dedicated server space across the globe. Heres how to find the best fit for your company.
Security vs. Speed: The Risk of Rushing to the Cloud
News  |  2/6/2018  | 
Companies overlook critical security steps as they move to adopt the latest cloud applications and services.
2017 Smashed World's Records for Most Data Breaches, Exposed Information
News  |  2/6/2018  | 
Five mega-breaches last year accounted for more than 72% of all data records exposed in 2017.
Mastering Security in the Zettabyte Era
Commentary  |  2/5/2018  | 
Many businesses are ill-equipped to deal with potential risks posed by billions of connected devices, exponential data growth, and an unprecedented number of cyber threats. Here's how to prepare.
3 Ways Hackers Steal Your Company's Mobile Data
Commentary  |  2/2/2018  | 
The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.
Securing Cloud-Native Apps
Commentary  |  2/1/2018  | 
A useful approach for securing cloud-native platforms can be adapted for securing apps running on top of the platform as well.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5615
PUBLISHED: 2020-08-04
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-5616
PUBLISHED: 2020-08-04
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] fre...
CVE-2020-5617
PUBLISHED: 2020-08-04
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.
CVE-2020-11583
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-11584
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.