Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in February 2018
The State of Application Penetration Testing
News  |  2/28/2018  | 
Data from real-world pen tests shows configuration errors and cross-site scripting are the most commonly found vulnerabilities.
Zero-Day Attacks Major Concern in Hybrid Cloud
News  |  2/28/2018  | 
Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
Virtual Private Networks: Why Their Days Are Numbered
Partner Perspectives  |  2/28/2018  | 
As companies move to the cloud and depend less on physical servers and network connections, their reliance on VPNs for security will eventually evolve, if not disappear altogether.
SAML Flaw Lets Hackers Assume Users' Identities
News  |  2/27/2018  | 
Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Splunk to Acquire Phantom
Quick Hits  |  2/27/2018  | 
$350 million deal scheduled to close Q1 2018.
Adobe Flash Vulnerability Reappears in Malicious Word Files
News  |  2/26/2018  | 
CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.
7 Key Stats that Size Up the Cybercrime Deluge
Slideshows  |  2/26/2018  | 
Updated data on zero-days, IoT threats, cryptomining and economic costs should keep eyebrows raised in 2018.
6 Cybersecurity Trends to Watch
Commentary  |  2/26/2018  | 
Expect more as the year goes on: more breaches, more IoT attacks, more fines
93% of Cloud Applications Aren't Enterprise-Ready
News  |  2/23/2018  | 
The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
10 Can't-Miss Talks at Black Hat Asia
Slideshows  |  2/23/2018  | 
With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
7 Cryptominers & Cryptomining Botnets You Can't Ignore
Slideshows  |  2/21/2018  | 
Cryptominers have emerged as a major threat to organizations worldwide. Here are seven you cannot afford to ignore.
Facebook Aims to Make Security More Social
News  |  2/20/2018  | 
Facebook's massive user base creates an opportunity to educate billions on security.
Siemens Leads Launch of Global Cybersecurity Initiative
News  |  2/16/2018  | 
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
FedEx Customer Data Exposed on Unsecured S3 Server
Quick Hits  |  2/16/2018  | 
Thousands of documents from US and international citizens were exposed on an Amazon S3 bucket configured for public access.
Democracy & DevOps: What Is the Proper Role for Security?
Commentary  |  2/15/2018  | 
Security experts need a front-row seat in the application development process but not at the expense of the business.
Oracle Buys Zenedge for Cloud Security
Quick Hits  |  2/15/2018  | 
Oracle announces its acquisition of Zenedge, which focuses on cloud-based network and infrastructure security.
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
News  |  2/14/2018  | 
The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
Microsoft Adds Windows Defender ATP Support to Windows 7, 8.1
Quick Hits  |  2/12/2018  | 
Microsoft brings Windows Defender ATP down-level support to older versions of Windows for businesses transitioning to Windows 10.
Man Formerly on FBI Most Wanted List Pleads Guilty in 'Scareware' Hack
Quick Hits  |  2/7/2018  | 
Latvian man ran bulletproof Web hosting service that served cybercriminals.
New Zero-Day Ransomware Evades Microsoft, Google Cloud Malware Detection
News  |  2/7/2018  | 
Shurl0ckr, a form of Gojdue ransomware, was not detected on SharePoint or Google Drive.
Top Cloud Security Misconceptions Plaguing Enterprises
Partner Perspectives  |  2/7/2018  | 
Contrary to popular opinion, there is no one single cloud. There are a wealth of cloud-based providers that own dedicated server space across the globe. Heres how to find the best fit for your company.
Security vs. Speed: The Risk of Rushing to the Cloud
News  |  2/6/2018  | 
Companies overlook critical security steps as they move to adopt the latest cloud applications and services.
2017 Smashed World's Records for Most Data Breaches, Exposed Information
News  |  2/6/2018  | 
Five mega-breaches last year accounted for more than 72% of all data records exposed in 2017.
Mastering Security in the Zettabyte Era
Commentary  |  2/5/2018  | 
Many businesses are ill-equipped to deal with potential risks posed by billions of connected devices, exponential data growth, and an unprecedented number of cyber threats. Here's how to prepare.
3 Ways Hackers Steal Your Company's Mobile Data
Commentary  |  2/2/2018  | 
The most effective data exfiltration prevention strategies are those that are as rigorous in vetting traffic entering the network as they are traffic leaving it.
Securing Cloud-Native Apps
Commentary  |  2/1/2018  | 
A useful approach for securing cloud-native platforms can be adapted for securing apps running on top of the platform as well.


7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...