Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in March 2018
10 Women in Security You May Not Know But Should
Slideshows  |  3/30/2018  | 
The first in a series of articles shining a spotlight on women who are quietly changing the game in cybersecurity.
FBI IC3: Tech Support Scam Losses Rose 86% in 2017
Quick Hits  |  3/29/2018  | 
Most victims are in the US, but FBI IC3 has logged cases from 85 different countries.
US Election Swing States Score Low Marks in Cybersecurity
News  |  3/29/2018  | 
C and D grades for Florida, Michigan, New Hampshire, Nevada, and Ohio, SecurityScorecard assessment shows.
Destructive and False Flag Cyberattacks to Escalate
News  |  3/28/2018  | 
Rising geopolitical tensions between the US and Russia, Iran, and others are the perfect recipe for nastier nation-state cyberattacks.
Grossman, 'RSnake' Launch Website Asset Inventory Startup
Quick Hits  |  3/27/2018  | 
Bit Discovery gets $2.7 million in seed-round funding; Alex Stamos, Jeff Moss among the investors.
Bad Bots Increasingly Hide Out in Cloud Data Centers
News  |  3/27/2018  | 
Humans accounted for nearly 58% of website traffic in 2017 -- the rest were bad and good bots.
Facebook Adds Machine Learning to Fraud Fight
Quick Hits  |  3/26/2018  | 
Machine learning tools will assist trained human reviewers who Facebook says block millions of fake accounts at the time of registration every day.
City of Atlanta Hit with Ransomware Attack
Quick Hits  |  3/23/2018  | 
FBI investigating computer outages in the city's network possibly tied to Samsam-type ransomware variant.
New Survey Illustrates Real-World Difficulties in Cloud Security
News  |  3/22/2018  | 
Depending on traditional models makes cloud security more challenging for organizations, according to a Barracuda Networks report.
Is Application Security Dead?
Commentary  |  3/22/2018  | 
The nature of the field has changed greatly because of the move to the cloud and enterprise digital transformation.
Hunting Cybercriminals with AWS Honey Tokens
News  |  3/22/2018  | 
Researchers at Black Hat Asia demonstrated how they used AWS honey tokens to detect security breaches at scale.
5 Ways to Get Ready for Public Cloud Deployment
Commentary  |  3/22/2018  | 
Syncing security and product development early is now a "must do."
7 Ways to Protect Against Cryptomining Attacks
Slideshows  |  3/22/2018  | 
Implementing basic security hygiene can go a long way in ensuring your systems and website don't get hijacked.
Supply Chain Cyberattacks Surged 200% in 2017
News  |  3/22/2018  | 
Symantec's annual Internet Security Threat Report also shows that zero-day exploits fizzled and cryptocurrency mining exploded.
SOC in Translation: 4 Common Phrases & Why They Raise Flags
Commentary  |  3/21/2018  | 
By keeping an ear out for out for catchphrases like "Just ask Stu" or "I've got a bad feeling about this," CISOs can overcome the barriers that get between business leaders and their security teams.
DHS Chief: Election Security Now Top Priority Among Critical Systems
Quick Hits  |  3/21/2018  | 
Homeland Security Secretary Kirstjen Nielsen told Congress today that her department is working to assist states with their election systems' security.
How Serverless Computing Reshapes Security
Commentary  |  3/21/2018  | 
The new division of responsibility moves some security concerns off a business's plate while changing priorities for other risks.
Online Sandboxing: A Stash for Exfiltrated Data?
News  |  3/21/2018  | 
SafeBreach researchers extend leaky sandbox research to show how services like VirusTotal and Hybrid Analysis could be used to steal data from air-gapped systems.
Azure Guest Agent Design Enables Plaintext Password Theft
News  |  3/20/2018  | 
Researchers find attackers can abuse the design of Microsoft Azure Guest Agent to recover plaintext administrator passwords.
Facebook CISO Stamos to Depart from the Social Media Firm: Report
Quick Hits  |  3/20/2018  | 
Stamos will remain in his position through August, according to a report in The New York Times.
The Case for Integrating Physical Security & Cybersecurity
Commentary  |  3/20/2018  | 
Aggregating threat intel from external data sources is no longer enough. You must look inside and outside your traditional knowledge base for the best way to defend against attacks.
7 Spectre/Meltdown Symptoms That Might Be Under Your Radar
Slideshows  |  3/20/2018  | 
The Spectre/Meltdown pair has a set of major effects on computing but there are impacts on the organization that IT leaders might not have considered in the face of the immediate problem.
AMD Processor Flaws Real, But Limited
News  |  3/19/2018  | 
A vulnerability report threatened falling skies over AMD processor vulnerabilities that are real but limited in impact.
Microsoft Offers New Bug Bounties for Spectre, Meltdown-Type Flaws
Quick Hits  |  3/19/2018  | 
Microsoft is offering a short-term bug bounty program for speculative execution side-channel vulnerabilities and threats.
A Data Protection Officer's Guide to the GDPR Galaxy
Commentary  |  3/19/2018  | 
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
Cybercriminals Launder Up to $200B in Profit Per Year
News  |  3/19/2018  | 
Cybercrime funds make up 8-10% of all illegal profits laundered and amount to $80-200 billion each year.
Who Does What in Cybersecurity at the C-Level
Slideshows  |  3/16/2018  | 
As security evolve as a corporate priority, so do the roles and responsibilities of the executive team. These seven titles are already feeling the impact.
Google Rolls Out New Security Features for Chrome Enterprise
Quick Hits  |  3/16/2018  | 
The business-friendly browser now includes new admin controls, EMM partnerships, and additions to help manage Active Directory.
The Containerization of Artificial Intelligence
Commentary  |  3/16/2018  | 
AI automates repetitive tasks and alleviates mundane functions that often haunt decision makers. But it's still not a sure substitute for security best practices.
Microsoft Report: Cybersecurity's Top 3 Threats Intertwine
News  |  3/15/2018  | 
Botnets, ransomware, and simple attack methods dominate the threat landscape and build on each other to drive effectiveness.
Critical Start to Buy Advanced Threat Analytics
Quick Hits  |  3/15/2018  | 
Firms previously had teamed up in SOC services.
Palo Alto Buys Evident.io to Secure the Cloud
News  |  3/15/2018  | 
The $300 million deal is part of an industry-wide consolidation of cloud, data, and network security companies.
What CISOs Should Know About Quantum Computing
Slideshows  |  3/13/2018  | 
As quantum computing approaches real-world viability, it also poses a huge threat to today's encryption measures.
Asia's Security Leaders Feel Underprepared for Future Threats: Report
News  |  3/12/2018  | 
A new study highlights major concerns of cybersecurity leaders in Asia, where most fear critical infrastructure attacks, advanced threats, and social engineering.
FlawedAmmyy RAT Campaign Puts New Spin on Old Threat
News  |  3/12/2018  | 
A remote access Trojan, in use since 2016, has a new tactic: combining zip files with the SMB protocol to infect target systems.
Disappearing Act: Dark Reading Caption Contest Winners
Commentary  |  3/12/2018  | 
A standout field with hysterical puns about security policies, Meltdown, Amazon Web Services, and the right to be forgotten. And the winner is
CyberArk Buys Vaultive for Privileged Account Security Technology
Quick Hits  |  3/12/2018  | 
The account security firm will use Vaultive's tech to protect privileged users at heightened risk for cyberattacks.
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Commentary  |  3/12/2018  | 
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
Microsoft Windows Defender Prevents 400,000 Dofoil Infections
Quick Hits  |  3/9/2018  | 
Improved anti-malware detection prevented spread of cryptomining software this week, says Microsoft.
7 University-Connected Cyber Ranges to Know Now
Slideshows  |  3/9/2018  | 
Universities are beginning to add cyber ranges to the facilities for teaching cyber security to students and professionals.
Gozi Trojan Using Dark Cloud Botnet in New Wave of Attacks
News  |  3/8/2018  | 
Gozi IFSB banking Trojan has rolled out new code, a new botnet and a high level of customization in the latest wave of attacks.
6 Questions to Ask Your Cloud Provider Right Now
Slideshows  |  3/5/2018  | 
Experts share the security-focused issues all businesses should explore when researching and using cloud services.
Millions of Office 365 Accounts Hit with Password Stealers
News  |  3/2/2018  | 
Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords.
How & Why the Cybersecurity Landscape Is Changing
Commentary  |  3/1/2018  | 
A comprehensive new report from Cisco should "scare the pants off" enterprise security leaders.
What Enterprises Can Learn from Medical Device Security
Commentary  |  3/1/2018  | 
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
Journey to the Cloud: Overcoming Security Risks
Partner Perspectives  |  3/1/2018  | 
Lessons learned from a global consultancy's 10-year transition from on-premises to 99% cloud-based infrastructure.


Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We are really excited about our new two tone authentication system!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29440
PUBLISHED: 2020-11-30
Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoof...
CVE-2020-29441
PUBLISHED: 2020-11-30
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronou...
CVE-2020-4127
PUBLISHED: 2020-11-30
HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user's system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 F...
CVE-2020-11867
PUBLISHED: 2020-11-30
Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.
CVE-2020-16849
PUBLISHED: 2020-11-30
An issue was discovered on Canon MF237w 06.07 devices. An "Improper Handling of Length Parameter Inconsistency" issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information.