Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in May 2018
The Good News about Cross-Domain Identity Management
Commentary  |  5/31/2018  | 
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Windows 'Double Kill' Attack Code Found in RIG Exploit Kit
News  |  5/30/2018  | 
Microsoft issued a fix for the remote code execution zero-day vulnerability in May, but research shows businesses have slowed their patching processes post-Meltdown.
Mobile Malware Moves to Mine Monero (and Other Currencies)
Quick Hits  |  5/30/2018  | 
A new report shows that cryptocurrencies tend to be the focus of a growing number of malicious apps.
Over 5K Gas Station Tank Gauges Sit Exposed on the Public Net
News  |  5/29/2018  | 
One gas station failed its PCI compliance test due to security holes in its automated gas tank gauge configuration, researcher says.
Alexa Mishap Hints at Potential Enterprise Security Risk
News  |  5/29/2018  | 
When Alexa mailed a copy of a couple's conversation to a contact, it raised warning flags for security professionals in organizations.
FireMon to Buy Lumeta
News  |  5/29/2018  | 
Network security policy vendor looks to expand its offerings to real-time situational awareness on-premise and in the cloud.
6 Ways Third Parties Can Trip Up Your Security
Slideshows  |  5/29/2018  | 
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
Security Lags in Enterprise Cloud Migration
Quick Hits  |  5/25/2018  | 
Cloud security is falling farther behind as companies migrate more and more of their workloads to public cloud infrastructures.
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
News  |  5/25/2018  | 
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
Privacy Group: Facebook, Google Policies Break GDPR Laws
News  |  5/25/2018  | 
Nonprofit 'None of Your Business' files complaints against Facebook, Google, WhatsApp, and Instagram.
Most Expensive Data Breaches Start with Third Parties: Report
News  |  5/24/2018  | 
Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
Commentary  |  5/24/2018  | 
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
Commentary  |  5/24/2018  | 
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
What Should Post-Quantum Cryptography Look Like?
News  |  5/23/2018  | 
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
Windows 10 Adoption Grew 75%, Adobe Flash Plummeted 188% in 2017: Report
News  |  5/23/2018  | 
Authentication data reveals an increase in Apple devices, poor mobile security, and the rapid disappearance of Flash from browsers.
LA County Nonprofit Exposes 3.2M PII Files via Unsecured S3 Bucket
Quick Hits  |  5/23/2018  | 
A misconfiguration accidentally compromised credentials, email addresses, and 200,000 rows of notes describing abuse and suicidal distress.
US Senator to DOD CIO: 'Take Immediate Action' on HTTPS
News  |  5/22/2018  | 
US Senator Ron Wyden pens a letter to the Department of Defense CIO, urging stronger security on public-facing government sites.
Pet Tracker Flaws Expose Pets and Their Owners to Cybercrime
Quick Hits  |  5/22/2018  | 
Hackers can exploit vulnerabilities in popular pet trackers to intercept location coordinates and access owners' personal data.
The State of Information Sharing 20 Years after the First White House Mandate
Commentary  |  5/22/2018  | 
Finally! Actionable guidance for ISACs and enterprises on what threat intel to share, how to share it, and which key technologies will automate redaction and protect privacy.
North Korean Defectors Targeted with Malicious Apps on Google Play
News  |  5/21/2018  | 
Sun Team hacking group is behind RedDawn, which steals victims' photos and data and passes them to threat actors.
Google to Delete 'Secure' Label from HTTPS Sites
Quick Hits  |  5/21/2018  | 
Google acknowledges HTTPS as the Internet standard with plans to remove secure from all HTTPS sites.
Syrian Electronic Army Members Indicted for Conspiracy
Quick Hits  |  5/18/2018  | 
Two men have been charged for their involvement in a plot to commit computer hacking as members of the Syrian Electronic Army.
Cracking 2FA: How It's Done and How to Stay Safe
Slideshows  |  5/17/2018  | 
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
7 Tools for Stronger IoT Security, Visibility
Slideshows  |  5/16/2018  | 
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
25% of Businesses Targeted with Cryptojacking in the Cloud
News  |  5/15/2018  | 
New public cloud security report detects a spike in cryptojacking, mismanaged cloud storage, account takeover, and major patches getting overlooked.
Smashing Silos and Building Bridges in the IT-Infosec Divide
News  |  5/14/2018  | 
A strong relationship between IT and security leads to strong defense, but it's not always easy getting the two to collaborate.
Email Security Tools Try to Keep Up with Threats
News  |  5/9/2018  | 
Email has long been a prime vector for cyberattacks, and hackers are only getting sneakier. Can email platforms and security tools keep up?
Calculating Cloud Cost: 8 Factors to Watch
Slideshows  |  5/9/2018  | 
If you're not careful and don't regularly assess the impact of your usage, moving to the cloud could have a negative impact on your bottom line.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Commentary  |  5/9/2018  | 
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
Microsoft's Patch Tuesday Fixes Two CVEs Under Active Attack
News  |  5/8/2018  | 
This month's updates addressed vulnerabilities in Windows, Office, Edge, Internet Explorer, .Net Framework, Exchange Server, and other services.
APT Attacks on Mobile Rapidly Emerging
News  |  5/8/2018  | 
Mobile devices are becoming a 'primary' enterprise target for attackers.
Google Security Updates Target DevOps, Containers
News  |  5/7/2018  | 
The tech giant explains why it's rolling out a new cloud security management tool and an open-source framework for confidential computing.
RSA CTO: 'Modernization Can Breed Malice'
News  |  5/3/2018  | 
Zulfikar Ramzan predicted the future of cybersecurity, drivers shaping it, and how enterprise IT should react in his InteropITX 2018 keynote.
Hackers Leverage GDPR to Target Airbnb Customers
Quick Hits  |  5/3/2018  | 
Fraudsters are taking advantage of new EU privacy laws to demand personal information from Airbnb users.


Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing Writer,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19719
PUBLISHED: 2019-12-11
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
CVE-2019-19720
PUBLISHED: 2019-12-11
Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.
CVE-2019-19707
PUBLISHED: 2019-12-11
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
CVE-2019-19708
PUBLISHED: 2019-12-11
The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.
CVE-2019-19709
PUBLISHED: 2019-12-11
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.