Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in April 2018
10 Security Innovators to Watch
Slideshows  |  4/30/2018  | 
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
'Don't Extort Us': Uber Clarifies its Bug Bounty Policy
Quick Hits  |  4/27/2018  | 
Updated parameters should help avoid future extortion incidents.
Routing Security Gets Boost with New Set of MANRS for IXPs
Quick Hits  |  4/26/2018  | 
The Internet Society debuts a new mutually agreed norms initiative for IXPs.
How Microsoft, Amazon, Alphabet Are Reshaping Security
News  |  4/26/2018  | 
Tech's biggest giants are shifting the cybersecurity landscape as they incorporate security into their products and services.
Free New Tool for Building Blockchain Skills
Quick Hits  |  4/25/2018  | 
Blockchain CTF helps pros build skills with simulations.
Google Adds Security Features to Gmail Face-lift
News  |  4/25/2018  | 
A redesigned Gmail brings new security measures to improve data protection and applications for artificial intelligence.
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
Commentary  |  4/25/2018  | 
A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.
Cloud Misconceptions Are Pervasive Across Enterprises
Partner Perspectives  |  4/25/2018  | 
Shadow IT is rampant at many organizations that rely upon cloud-delivered tools and services to enable remote work, according to a new study. Here's what security teams need to do about it.
'Stresspaint' Targets Facebook Credentials
News  |  4/24/2018  | 
New malware variant goes after login credentials for popular Facebook pages.
New Survey Shows Hybrid Cloud Confidence
Quick Hits  |  4/23/2018  | 
Executives are mostly confident in their hybrid cloud security, according to the results of a new survey.
At RSAC, SOC 'Sees' User Behaviors
News  |  4/20/2018  | 
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
Data Visibility, Control Top Cloud Concerns at RSA
News  |  4/18/2018  | 
As the traditional perimeter dissolves and sensitive data moves to the cloud, security experts at RSA talk about how they're going to protect it.
Microsoft to Roll Out Azure Sphere for IoT Security
News  |  4/16/2018  | 
Azure Sphere, now in preview, is a three-part program designed to secure the future of connected devices and powered by its own custom version of Linux.
INsecurity Conference Seeks Security Pros to Speak on Best Practices
News  |  4/16/2018  | 
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
Large Majority of Businesses Store Sensitive Data in Cloud Despite Lack of Trust
News  |  4/16/2018  | 
Researchers report 97% of survey respondents use some type of cloud service but continue to navigate issues around visibility and control.
7 Non-Financial Data Types to Secure
Slideshows  |  4/14/2018  | 
Credit card and social security numbers aren't the only sensitive information that requires protection.
7 Steps to a Smooth, Secure Cloud Transition
Slideshows  |  4/13/2018  | 
Security leaders share their top steps to keep in mind as your organization moves data and applications to the cloud.
Uber Agrees to New FTC Settlement Over 2016 Breach Disclosure
Quick Hits  |  4/12/2018  | 
Uber has agreed to an updated settlement with the FTC after news of its massive 2016 data breach.
Microsegmentation: Strong Security in Small Packages
Commentary  |  4/12/2018  | 
A deep dive into how organizations can effectively devise and implement microsegmentation in a software-defined networking data center.
On-Premise Security Tools Struggle to Survive in the Cloud
News  |  4/10/2018  | 
Businesses say their current security tools aren't effective in the cloud but hesitate to adopt cloud-based security systems.
CA Acquires SourceClear
Quick Hits  |  4/9/2018  | 
CA adds software composition analysis capabilities to Veracode lineup through acquisition.
Serverless Architectures: A Paradigm Shift in Application Security
Commentary  |  4/9/2018  | 
"Serverless" forces software architects and developers to approach security by building it in rather than bolting it on. But there is a downside.
Best Buy the Latest Victim of Third-Party Security Breach
Quick Hits  |  4/9/2018  | 
Retailer says customer payment and other information may have been exposed via the breach of [24]7.ai online chat provider.
Unpatched Vulnerabilities the Source of Most Data Breaches
News  |  4/5/2018  | 
New studies show how patching continues to dog most organizations - with real consequences.
Misconfigured Clouds Compromise 424% More Records in 2017
News  |  4/4/2018  | 
Cybercriminals are increasingly aware of misconfigured systems and they're taking advantage, report IBM X-Force researchers.
Active Cyber Defense Is an Opportunity, Not a Threat
Commentary  |  4/4/2018  | 
If honest citizens can be tracked online with cookies and beacons that share where we are and what we are doing, then why should security professionals restrict their ability to hack attackers?
7 Deadly Security Sins of Web Applications
Slideshows  |  4/3/2018  | 
The top ways organizations open themselves up to damaging Web app attacks.
Hudson's Bay Brands Hacked, 5 Million Credit Card Accounts Stolen
News  |  4/2/2018  | 
The infamous Carbanak/FIN7 cybercrime syndicate breached Saks and Lord & Taylor and is now selling some of the stolen credit card accounts on the Dark Web.
Qualys Buys 1Mobility Software Assets
Quick Hits  |  4/2/2018  | 
Qualys has purchased the software assets of 1Mobility for an undisclosed sum.
Is Security Accelerating Your Business?
Commentary  |  4/2/2018  | 
With an ever-growing list of security and compliance requirements, security can hinder or slow business initiatives. Is your security department stuck in slow gear or can it go faster?


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.