Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in May 2018
The Good News about Cross-Domain Identity Management
Commentary  |  5/31/2018  | 
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Windows 'Double Kill' Attack Code Found in RIG Exploit Kit
News  |  5/30/2018  | 
Microsoft issued a fix for the remote code execution zero-day vulnerability in May, but research shows businesses have slowed their patching processes post-Meltdown.
Mobile Malware Moves to Mine Monero (and Other Currencies)
Quick Hits  |  5/30/2018  | 
A new report shows that cryptocurrencies tend to be the focus of a growing number of malicious apps.
Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net
News  |  5/29/2018  | 
One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.
Alexa Mishap Hints at Potential Enterprise Security Risk
News  |  5/29/2018  | 
When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.
FireMon to Buy Lumeta
News  |  5/29/2018  | 
Network security policy vendor looks to expand its offerings to real-time situational awareness on-premise and in the cloud.
6 Ways Third Parties Can Trip Up Your Security
Slideshows  |  5/29/2018  | 
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
Security Lags in Enterprise Cloud Migration
Quick Hits  |  5/25/2018  | 
Cloud security is falling farther behind as companies migrate more and more of their workloads to public cloud infrastructures.
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
News  |  5/25/2018  | 
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
Privacy Group: Facebook, Google Policies Break GDPR Laws
News  |  5/25/2018  | 
Nonprofit 'None of Your Business' files complaints against Facebook, Google, WhatsApp, and Instagram.
Most Expensive Data Breaches Start with Third Parties: Report
News  |  5/24/2018  | 
Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
Commentary  |  5/24/2018  | 
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
Commentary  |  5/24/2018  | 
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
What Should Post-Quantum Cryptography Look Like?
News  |  5/23/2018  | 
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
Windows 10 Adoption Grew 75%, Adobe Flash Plummeted 188% in 2017: Report
News  |  5/23/2018  | 
Authentication data reveals an increase in Apple devices, poor mobile security, and the rapid disappearance of Flash from browsers.
LA County Nonprofit Exposes 3.2M PII Files via Unsecured S3 Bucket
Quick Hits  |  5/23/2018  | 
A misconfiguration accidentally compromised credentials, email addresses, and 200,000 rows of notes describing abuse and suicidal distress.
US Senator to DOD CIO: 'Take Immediate Action' on HTTPS
News  |  5/22/2018  | 
US Senator Ron Wyden pens a letter to the Department of Defense CIO, urging stronger security on public-facing government sites.
Pet Tracker Flaws Expose Pets and Their Owners to Cybercrime
Quick Hits  |  5/22/2018  | 
Hackers can exploit vulnerabilities in popular pet trackers to intercept location coordinates and access owners' personal data.
The State of Information Sharing 20 Years after the First White House Mandate
Commentary  |  5/22/2018  | 
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
North Korean Defectors Targeted with Malicious Apps on Google Play
News  |  5/21/2018  | 
Sun Team hacking group is behind RedDawn, which steals victims' photos and data and passes them to threat actors.
Google to Delete 'Secure' Label from HTTPS Sites
Quick Hits  |  5/21/2018  | 
Google acknowledges HTTPS as the Internet standard with plans to remove ‘secure’ from all HTTPS sites.
Syrian Electronic Army Members Indicted for Conspiracy
Quick Hits  |  5/18/2018  | 
Two men have been charged for their involvement in a plot to commit computer hacking as members of the Syrian Electronic Army.
Cracking 2FA: How It's Done and How to Stay Safe
Slideshows  |  5/17/2018  | 
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
7 Tools for Stronger IoT Security, Visibility
Slideshows  |  5/16/2018  | 
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
25% of Businesses Targeted with Cryptojacking in the Cloud
News  |  5/15/2018  | 
New public cloud security report detects a spike in cryptojacking, mismanaged cloud storage, account takeover, and major patches getting overlooked.
Smashing Silos and Building Bridges in the IT-Infosec Divide
News  |  5/14/2018  | 
A strong relationship between IT and security leads to strong defense, but it's not always easy getting the two to collaborate.
Email Security Tools Try to Keep Up with Threats
News  |  5/9/2018  | 
Email has long been a prime vector for cyberattacks, and hackers are only getting sneakier. Can email platforms and security tools keep up?
Calculating Cloud Cost: 8 Factors to Watch
Slideshows  |  5/9/2018  | 
If you're not careful and don't regularly assess the impact of your usage, moving to the cloud could have a negative impact on your bottom line.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Commentary  |  5/9/2018  | 
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
Microsoft's Patch Tuesday Fixes Two CVEs Under Active Attack
News  |  5/8/2018  | 
This month's updates addressed vulnerabilities in Windows, Office, Edge, Internet Explorer, .Net Framework, Exchange Server, and other services.
APT Attacks on Mobile Rapidly Emerging
News  |  5/8/2018  | 
Mobile devices are becoming a 'primary' enterprise target for attackers.
Google Security Updates Target DevOps, Containers
News  |  5/7/2018  | 
The tech giant explains why it's rolling out a new cloud security management tool and an open-source framework for confidential computing.
RSA CTO: 'Modernization Can Breed Malice'
News  |  5/3/2018  | 
Zulfikar Ramzan predicted the future of cybersecurity, drivers shaping it, and how enterprise IT should react in his InteropITX 2018 keynote.
Hackers Leverage GDPR to Target Airbnb Customers
Quick Hits  |  5/3/2018  | 
Fraudsters are taking advantage of new EU privacy laws to demand personal information from Airbnb users.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file