Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in April 2020
Microsoft's Records Management Tool Aims to Simplify Data Governance
News  |  4/30/2020  | 
Records Management is intended to help businesses manage security and data governance as more struggle to handle increased amounts of data and regulatory requirements.
Researchers Find Baby Banking Trojan, Watch It Grow
News  |  4/30/2020  | 
EventBot is an Android information stealer on its way to becoming a very capable piece of malware.
Researchers Find Vulnerabilities in Popular Remote Learning Plug-ins
News  |  4/30/2020  | 
As more students move to online learning platforms, vulnerability researchers are revealing security flaws in some common software plug-ins.
Rapid7 Announces Plan to Buy DivvyCloud
Quick Hits  |  4/28/2020  | 
The purchase will boost Rapid7's multicloud capabilities.
New Startup Accurics Tackles Cloud Infrastructure Security
News  |  4/28/2020  | 
Accurics offers a free product to prevent "drift" between infrastructure defined through code and infrastructure running in the cloud.
Top 10 Cyber Incident Response Mistakes and How to Avoid Them
Slideshows  |  4/27/2020  | 
From lack of planning to rushing the closure of incidents, these mistakes seriously harm IR effectiveness.
Cloud Services Are the New Critical Infrastructure. Can We Rely on Them?
Commentary  |  4/27/2020  | 
If cloud services vendors successfully asked themselves these three questions, we'd all be better off.
Paay Misconfiguration Leaves Transaction Data Exposed
Quick Hits  |  4/23/2020  | 
The New York-based credit-card processor left a server without password protection for approximately three weeks.
Communication, Cloud & Finance Apps Most Vulnerable to Insider Threat
Quick Hits  |  4/23/2020  | 
Businesses say customer data, financial data, and intellectual property are the types of data most vulnerable to insider attacks.
IBM Cloud Data Shield Brings Confidential Computing to Public Cloud
News  |  4/22/2020  | 
The Cloud Data Shield relies on confidential computing, which protects data while it's in use by enterprise applications.
Automated Bots Are Increasingly Scraping Data & Attempting Logins
News  |  4/21/2020  | 
The share of bot traffic to online sites declines, but businesses are seeing an overall increase in automated scraping of data, login attempts, and other detrimental activity.
7 Steps to Avoid the Top Cloud Access Risks
Commentary  |  4/21/2020  | 
Securing identities and data in the cloud is challenging, but a least-privilege access approach helps.
COVID-Themed Phishing Messages Fill Phishing Filters on Gmail
Quick Hits  |  4/17/2020  | 
In the past week, Google says it identified more than 18 million daily phishing messages featuring coronavirus themes.
10 Standout Security M&A Deals from Q1 2020
Slideshows  |  4/17/2020  | 
The first quarter of 2020 brought investments in enterprise IoT and endpoint security, as well as billion-dollar investments from private equity firms.
Neglected Infrastructure, Invasive Tech to Plague Infosec in 2022
News  |  4/16/2020  | 
Researchers outline cybersecurity threats they predict businesses will face in two years as technology evolves.
Arxan Technologies Joins New Software Company Digital.ai
Quick Hits  |  4/16/2020  | 
The application security provider teams up with CollabNet VersionOne and XebiaLabs to create Digital.ai, a new enterprise DevOps platform.
Slack's Incoming Webhooks Can Be Weaponized in Phishing Attacks
News  |  4/15/2020  | 
Researchers report how attackers could weaponize a feature in the Slack collaboration platform to access corporate data and messages.
Cybersecurity Prep for the 2020s
Commentary  |  4/15/2020  | 
The more things change, the more they stay the same. Much of the world is still behind on the basics.
TikTok Vulnerability Leaves Users Open to Fake News
Quick Hits  |  4/14/2020  | 
A vulnerability in the way TikTok requests and receives video content could leave users streaming video from bogus servers.
Apple Is Top Pick for Brand Phishing Attempts
Quick Hits  |  4/14/2020  | 
Ten percent of all brand phishing attempts in the first quarter of 2020 tried to deceive victims by imitating the Apple brand.
You're One Misconfiguration Away from a Cloud-Based Data Breach
Commentary  |  4/14/2020  | 
Don't assume that cyberattacks are all you have to worry about. Misconfigurations should also be a top cause of concern.
7 Ways COVID-19 Has Changed Our Online Lives
Slideshows  |  4/14/2020  | 
The pandemic has driven more of our personal and work lives online and for the bad guys, business is booming. Here's how you can protect yourself.
Network Data Shows Spikes, Vulnerability of Work-at-Home Shift
News  |  4/13/2020  | 
Traffic on the public Internet has grown by half this year, and videoconferencing bandwidth has grown by a factor of five, all driven by remote-work edicts.
Only 40% of Small Business Owners Have a Cybersecurity Policy
Quick Hits  |  4/10/2020  | 
Small business owners are concerned about cyberattacks targeting remote workers but lack the resources to invest in security.
Zscaler to Buy Cloudneeti
Quick Hits  |  4/9/2020  | 
The security service provider adds cloud security "posture" management with the deal.
Zoom, Microsoft & NTT Data Leaders Share Work-from-Home Security Tips
Quick Hits  |  4/9/2020  | 
Tech leaders encourage organizations to maintain security awareness training and offer advice on how to protect their information.
Microsoft Releases COVID-19 Security Guidance
Quick Hits  |  4/8/2020  | 
Information includes tips on how to keep IT systems infection-free.
Why Threat Hunting with XDR Matters
Commentary  |  4/8/2020  | 
Extended detection response technology assumes a breach across all your endpoints, networks, SaaS applications, cloud infrastructure, and any network-addressable resource.
Misconfigured Containers Again Targeted by Cryptominer Malware
News  |  4/6/2020  | 
An attack group is searching for insecure containers exposing the Docker API and then installing a program that attempts to mine cryptocurrency. It's not the first time.
Want to Improve Cloud Security? It Starts with Logging
Commentary  |  4/3/2020  | 
Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15505
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1, and Sentry before 9.7.3 and 9.8.x before 9.8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2020-15506
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to bypass authentication mechanisms via unspecified vectors.
CVE-2020-15507
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to read files on the system via unspecified vectors.
CVE-2020-15096
PUBLISHED: 2020-07-07
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affecte...
CVE-2020-4075
PUBLISHED: 2020-07-07
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not ...