Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in March 2018
10 Women in Security You May Not Know But Should
Slideshows  |  3/30/2018  | 
The first in a series of articles shining a spotlight on women who are quietly changing the game in cybersecurity.
FBI IC3: Tech Support Scam Losses Rose 86% in 2017
Quick Hits  |  3/29/2018  | 
Most victims are in the US, but FBI IC3 has logged cases from 85 different countries.
US Election Swing States Score Low Marks in Cybersecurity
News  |  3/29/2018  | 
C and D grades for Florida, Michigan, New Hampshire, Nevada, and Ohio, SecurityScorecard assessment shows.
Destructive and False Flag Cyberattacks to Escalate
News  |  3/28/2018  | 
Rising geopolitical tensions between the US and Russia, Iran, and others are the perfect recipe for nastier nation-state cyberattacks.
Grossman, 'RSnake' Launch Website Asset Inventory Startup
Quick Hits  |  3/27/2018  | 
Bit Discovery gets $2.7 million in seed-round funding; Alex Stamos, Jeff Moss among the investors.
Bad Bots Increasingly Hide Out in Cloud Data Centers
News  |  3/27/2018  | 
Humans accounted for nearly 58% of website traffic in 2017 -- the rest were bad and good bots.
Facebook Adds Machine Learning to Fraud Fight
Quick Hits  |  3/26/2018  | 
Machine learning tools will assist trained human reviewers who Facebook says block millions of fake accounts at the time of registration every day.
City of Atlanta Hit with Ransomware Attack
Quick Hits  |  3/23/2018  | 
FBI investigating computer outages in the city's network possibly tied to Samsam-type ransomware variant.
New Survey Illustrates Real-World Difficulties in Cloud Security
News  |  3/22/2018  | 
Depending on traditional models makes cloud security more challenging for organizations, according to a Barracuda Networks report.
Is Application Security Dead?
Commentary  |  3/22/2018  | 
The nature of the field has changed greatly because of the move to the cloud and enterprise digital transformation.
Hunting Cybercriminals with AWS Honey Tokens
News  |  3/22/2018  | 
Researchers at Black Hat Asia demonstrated how they used AWS honey tokens to detect security breaches at scale.
5 Ways to Get Ready for Public Cloud Deployment
Commentary  |  3/22/2018  | 
Syncing security and product development early is now a "must do."
7 Ways to Protect Against Cryptomining Attacks
Slideshows  |  3/22/2018  | 
Implementing basic security hygiene can go a long way in ensuring your systems and website don't get hijacked.
Supply Chain Cyberattacks Surged 200% in 2017
News  |  3/22/2018  | 
Symantec's annual Internet Security Threat Report also shows that zero-day exploits fizzled and cryptocurrency mining exploded.
SOC in Translation: 4 Common Phrases & Why They Raise Flags
Commentary  |  3/21/2018  | 
By keeping an ear out for out for catchphrases like "Just ask Stu" or "I've got a bad feeling about this," CISOs can overcome the barriers that get between business leaders and their security teams.
DHS Chief: Election Security Now Top Priority Among Critical Systems
Quick Hits  |  3/21/2018  | 
Homeland Security Secretary Kirstjen Nielsen told Congress today that her department is working to assist states with their election systems' security.
How Serverless Computing Reshapes Security
Commentary  |  3/21/2018  | 
The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.
Online Sandboxing: A Stash for Exfiltrated Data?
News  |  3/21/2018  | 
SafeBreach researchers extend leaky sandbox research to show how services like VirusTotal and Hybrid Analysis could be used to steal data from air-gapped systems.
Azure Guest Agent Design Enables Plaintext Password Theft
News  |  3/20/2018  | 
Researchers find attackers can abuse the design of Microsoft Azure Guest Agent to recover plaintext administrator passwords.
Facebook CISO Stamos to Depart from the Social Media Firm: Report
Quick Hits  |  3/20/2018  | 
Stamos will remain in his position through August, according to a report in The New York Times.
The Case for Integrating Physical Security & Cybersecurity
Commentary  |  3/20/2018  | 
Aggregating threat intel from external data sources is no longer enough. You must look inside and outside your traditional knowledge base for the best way to defend against attacks.
7 Spectre/Meltdown Symptoms That Might Be Under Your Radar
Slideshows  |  3/20/2018  | 
The Spectre/Meltdown pair has a set of major effects on computing but there are impacts on the organization that IT leaders might not have considered in the face of the immediate problem.
AMD Processor Flaws Real, But Limited
News  |  3/19/2018  | 
A vulnerability report threatened falling skies over AMD processor vulnerabilities that are real but limited in impact.
Microsoft Offers New Bug Bounties for Spectre, Meltdown-Type Flaws
Quick Hits  |  3/19/2018  | 
Microsoft is offering a short-term bug bounty program for speculative execution side-channel vulnerabilities and threats.
A Data Protection Officer's Guide to the GDPR Galaxy
Commentary  |  3/19/2018  | 
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
Cybercriminals Launder Up to $200B in Profit Per Year
News  |  3/19/2018  | 
Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year.
Who Does What in Cybersecurity at the C-Level
Slideshows  |  3/16/2018  | 
As security evolve as a corporate priority, so do the roles and responsibilities of the executive team. These seven titles are already feeling the impact.
Google Rolls Out New Security Features for Chrome Enterprise
Quick Hits  |  3/16/2018  | 
The business-friendly browser now includes new admin controls, EMM partnerships, and additions to help manage Active Directory.
The Containerization of Artificial Intelligence
Commentary  |  3/16/2018  | 
AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.
Microsoft Report: Cybersecurity's Top 3 Threats Intertwine
News  |  3/15/2018  | 
Botnets, ransomware, and simple attack methods dominate the threat landscape and build on each other to drive effectiveness.
Critical Start to Buy Advanced Threat Analytics
Quick Hits  |  3/15/2018  | 
Firms previously had teamed up in SOC services.
Palo Alto Buys Evident.io to Secure the Cloud
News  |  3/15/2018  | 
The $300 million deal is part of an industry-wide consolidation of cloud, data, and network security companies.
What CISOs Should Know About Quantum Computing
Slideshows  |  3/13/2018  | 
As quantum computing approaches real-world viability, it also poses a huge threat to today's encryption measures.
Asia's Security Leaders Feel Underprepared for Future Threats: Report
News  |  3/12/2018  | 
A new study highlights major concerns of cybersecurity leaders in Asia, where most fear critical infrastructure attacks, advanced threats, and social engineering.
FlawedAmmyy RAT Campaign Puts New Spin on Old Threat
News  |  3/12/2018  | 
A remote access Trojan, in use since 2016, has a new tactic: combining zip files with the SMB protocol to infect target systems.
Disappearing Act: Dark Reading Caption Contest Winners
Commentary  |  3/12/2018  | 
A standout field with hysterical puns about security policies, Meltdown, Amazon Web Services, and the right to be forgotten. And the winner is
CyberArk Buys Vaultive for Privileged Account Security Technology
Quick Hits  |  3/12/2018  | 
The account security firm will use Vaultive's tech to protect privileged users at heightened risk for cyberattacks.
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Commentary  |  3/12/2018  | 
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
Microsoft Windows Defender Prevents 400,000 Dofoil Infections
Quick Hits  |  3/9/2018  | 
Improved anti-malware detection prevented spread of cryptomining software this week, says Microsoft.
7 University-Connected Cyber Ranges to Know Now
Slideshows  |  3/9/2018  | 
Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals.
Gozi Trojan Using Dark Cloud Botnet in New Wave of Attacks
News  |  3/8/2018  | 
Gozi IFSB banking Trojan has rolled out new code, a new botnet and a high level of customization in the latest wave of attacks.
6 Questions to Ask Your Cloud Provider Right Now
Slideshows  |  3/5/2018  | 
Experts share the security-focused issues all businesses should explore when researching and using cloud services.
Millions of Office 365 Accounts Hit with Password Stealers
News  |  3/2/2018  | 
Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords.
How & Why the Cybersecurity Landscape Is Changing
Commentary  |  3/1/2018  | 
A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.
What Enterprises Can Learn from Medical Device Security
Commentary  |  3/1/2018  | 
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
Journey to the Cloud: Overcoming Security Risks
Partner Perspectives  |  3/1/2018  | 
Lessons learned from a global consultancy's 10-year transition from on-premises to 99% cloud-based infrastructure.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4719
PUBLISHED: 2020-09-24
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVE-2020-15604
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-24560
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...