Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in March 2021
3 Ways Vendors Can Inspire Customer Trust Amid Breaches
Commentary  |  3/31/2021  | 
As customers rely more on cloud storage and remote workforces, the probability of a breach increases.
Security on a Shoestring? More Budget Means More Detection
News  |  3/30/2021  | 
Companies that spend the smallest share of their IT budget on security see fewer threats, but that's not good news.
In the Rush to Embrace Hybrid Cloud, Don't Forget About Security
Commentary  |  3/30/2021  | 
Cloud service providers typically only secure the infrastructure itself, while customers are responsible for their data and application security.
Moving from DevOps to CloudOps: The Four-Box Problem
Commentary  |  3/26/2021  | 
With SOC teams running services on multiple cloud platforms, their big concern is how to roll up configuration of 200+ servers in a comprehensive way.
Exec Order Could Force Software Vendors to Disclose Breaches to Federal Gov't Customers
Quick Hits  |  3/25/2021  | 
A decision on the order, which contains several recommendations, is still forthcoming.
The CIO's Shifting Role: Improving Security With Shared Responsibility
Commentary  |  3/25/2021  | 
CIOs must create a culture centered around cybersecurity that is easily visible and manageable.
6 Tips for Limiting Damage From Third-Party Attacks
Slideshows  |  3/25/2021  | 
The ability to protect your organization from third-party attacks will become increasingly critical as attackers try to maximize the effectiveness of their malicious campaigns.
Anti-Spoofing for Email Gains Adoption, but Enforcement Lags
News  |  3/23/2021  | 
More organizations adopt sender authentication, but strict quarantining or rejection of unauthenticated messages remains uncommon.
CSA & ISACA Team Up on Cloud Auditing Certificate
News  |  3/22/2021  | 
The Certificate of Cloud Auditing Knowledge aims to fill a gap in the market for cloud IT auditing as more organizations work in cloud environments.
Qualys CEO Courtot Departs for Health Reasons
Quick Hits  |  3/22/2021  | 
The well-known security industry entrepreneur initially took a leave of absence in February.
Top 3 Cybersecurity Lessons Learned From the Pandemic
Commentary  |  3/22/2021  | 
Defending an enterprise of fully remote employees and their devices at this scale and speed had never been done before. Now, we do it every day.
On the Road to Good Cloud Security: Are We There Yet?
Commentary  |  3/22/2021  | 
Misconfigured infrastructure is IT pros' top cloud security concern, but they're conflicted on how to address it in practice.
Verkada Attacker Charged With Wire Fraud, Conspiracy in US
News  |  3/19/2021  | 
Swiss national Till Kottmann and co-conspirators are accused of breaking into dozens of US companies and government entities.
SolarWinds-Linked Attackers Target Microsoft 365 Mailboxes
Quick Hits  |  3/19/2021  | 
Researchers observe attackers altering mailbox folders to assign read-only permissions to any authenticated user on a target machine.
CISA Issues Advisory on TrickBot Campaigns
Quick Hits  |  3/17/2021  | 
US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn security teams to guard against the advanced Trojan malware.
Enterprises Wrestle With Executive Social Media Risk Management
Commentary  |  3/17/2021  | 
Survey indicates enterprises have a lot of work to do reduce cybersecurity risks around executive social media use.
IronNet Cybersecurity to Go Public in Merger
Quick Hits  |  3/16/2021  | 
Company intends for the deal to drive adoption of its Collective Defense Platform.
Combating Call Center Fraud in the Age of COVID
Commentary  |  3/16/2021  | 
With many agents now working from home, call centers require new technology, new processes, and a new way of thinking about security.
Lookout Acquires SASE Cloud Provider CipherCloud
Quick Hits  |  3/15/2021  | 
Deal signals a focus on the cloud for mobile security firm.
Verkada Breach Demonstrates Danger of Overprivileged Users
News  |  3/15/2021  | 
In re-evaluating supply chains, companies should classify vendors with super admin privileges to devices or backdoors as a significant threat.
Hiding in Plain Sight: Protecting Enterprises from the 'New' Shadow IT
Commentary  |  3/10/2021  | 
Three steps to fight this increasingly vexing problem.
Call Recorder iPhone App Flaw Uncovered
Quick Hits  |  3/10/2021  | 
Researcher finds thousands of recorded calls easily accessible to others.
Microsoft Patch Tuesday Fixes 82 CVEs, Internet Explorer Zero-Day
News  |  3/9/2021  | 
The monthly rollout follows last week's emergency Microsoft Exchange Server patch covering seven CVEs, four of which are under attack.
Leaked Development Secrets a Major Issue for Repositories
News  |  3/9/2021  | 
Every day, more than 5,000 private keys, database connection strings, certificates, and passwords are leaked to GitHub repositories, putting applications at risk.
Look to Banking as a Model for Stopping Crime-as-a-Service
Commentary  |  3/9/2021  | 
The first step toward prevention is understanding the six most common CaaS services.
Intel, Microsoft Aim for Breakthrough in DARPA Encryption Project
News  |  3/8/2021  | 
Together, the vendor giants aim to make "in use" encryption -- also known as "fully homomorphic encryption" -- economical and practical.
Microsoft Adopted an 'Aggressive' Strategy for Sharing SolarWinds Attack Intel
News  |  3/5/2021  | 
Rob Lefferts, corporate vice president for Microsoft 365 Security in Security and Compliance, explains the company's approach to keeping its customers and the industry apprised and updated on its findings from the now-infamous attack.
Secure Laptops & the Enterprise of the Future
Commentary  |  3/4/2021  | 
The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
Microsoft Ignite Brings Security & Compliance Updates
News  |  3/2/2021  | 
Microsoft announces support for data loss prevention in Google Chrome, co-authoring of protected files, and more at Ignite 2021.
Google Partners With Insurers to Create Risk Protection Program
Quick Hits  |  3/2/2021  | 
Google Cloud, Allianz, and Munich Re teamed up to build a program that aims to reduce risk and potentially cut costs for customers.
Why Cloud Security Risks Have Shifted to Identities and Entitlements
Commentary  |  3/2/2021  | 
Traditional security tools focus on the network perimeter, leaving user and service accounts vulnerable to hackers.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25968
PUBLISHED: 2021-10-19
In “OpenCMS�, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when the...
CVE-2021-20836
PUBLISHED: 2021-10-19
Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files.
CVE-2021-41154
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.1...
CVE-2021-41155
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix...
CVE-2021-41152
PUBLISHED: 2021-10-18
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on t...