Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in May 2019
GDPR's First-Year Impact by the Numbers
Slideshows  |  5/31/2019  | 
The latest statistics on GDPR spending, compliance rates, enforcement and consumer attitudes on privacy protection.
Vulnerability Leaves Container Images Without Passwords
News  |  5/30/2019  | 
A old vulnerability in Alpine Linux containers has spread and propagated to as much as 20% of the containers on the Docker Store.
2.3B Files Currently Exposed via Online Storage
News  |  5/30/2019  | 
Digital Shadows researchers scanned various online file-sharing services and concluded the number of exposed files is up 50% from March of 2018.
Palo Alto Networks Confirms PureSec Acquisition
Quick Hits  |  5/30/2019  | 
The company also agreed to buy container security company Twistlock as it develops its cloud security suite.
Docker Vulnerability Opens Servers to Container Code
News  |  5/29/2019  | 
Under very specific conditions, code running in a Docker container could access files anywhere on a server, according to a new CVE.
Palo Alto Networks Said to Buy Twistlock
Quick Hits  |  5/29/2019  | 
Reports in Israel-based business publications say Palo Alto Networks has reached a deal to purchase the container security startup, as well as another Israeli security startup.
Keys for Working with Modern MSSPs
News  |  5/28/2019  | 
How to determine what an MSSP can do for your organization, and the questions to ask before signing a contract.
8 Ways to Authenticate Without Passwords
Slideshows  |  5/28/2019  | 
Passwordless authentication has a shot at becoming more ubiquitous in the next few years. We take a look at where things stand at the moment.
'Cattle, Not Pets' & the Rise of Security-as-Code
Commentary  |  5/28/2019  | 
Nearly a decade in, the famous analogy has underpinned a sea change in enterprise IT, but still falls short of the security mark. More recent developments can help.
Mist Computing Startup Distributes Security AI to the Network Edge
News  |  5/24/2019  | 
MistNet, founded by former Juniper employees, moves AI processing to the network edge to build distributed detection and analysis models for security.
How Security Vendors Can Address the Cybersecurity Talent Shortage
Commentary  |  5/24/2019  | 
The talent gap is too large for any one sector, and cybersecurity vendors have a big role to play in helping to close it.
To Manage Security Risk, Manage Data First
News  |  5/23/2019  | 
At Interop 2019, IT and security experts urged attendees to focus on data asset management as a means of mitigating risk.
Google's Origin & the Danger of Link Sharing
Commentary  |  5/23/2019  | 
How the act of sharing links to files stored in a public cloud puts organizations at risk, and what security teams can do to safeguard data and PII.
Microsoft Opens Defender ATP for Mac to Public Preview
Quick Hits  |  5/23/2019  | 
Users of the security platform who have preview features enabled can access Defender ATP for Mac via the Security Center onboarding section.
New Software Skims Credit Card Info From Online Credit Card Transactions
Quick Hits  |  5/22/2019  | 
The new exploit builds a fake frame around legitimate portions of an online commerce website.
Consumer IoT Devices Are Compromising Enterprise Networks
News  |  5/22/2019  | 
While IoT devices continue to multiply, the latest studies show a dangerous lack of visibility into those connected to enterprise networks.
49 Million Instagram Influencer Records Exposed in Open Database
Quick Hits  |  5/21/2019  | 
An AWS-hosted database was configured with no username or password required for access to personal data.
Data Security: Think Beyond the Endpoint
News  |  5/21/2019  | 
A strong data protection strategy is essential as data moves across endpoints and in the cloud.
97% of Americans Cant Ace a Basic Security Test
News  |  5/20/2019  | 
Still, a new Google study uncovers a bit of good news, too.
Financial Sector Under Siege
Commentary  |  5/20/2019  | 
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.
7 Signs of the Rising Threat of Magecart Attacks in 2019
Slideshows  |  5/20/2019  | 
Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.
Exposed Elasticsearch Database Compromises Data on 8M People
Quick Hits  |  5/17/2019  | 
Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.
Microsoft Builds on Decentralized Identity Vision
News  |  5/15/2019  | 
The company elaborates on its plan to balance data control between businesses and consumers by giving more autonomy to individuals.
Baltimore Ransomware Attack Takes Strange Twist
News  |  5/14/2019  | 
Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week.
Effective Pen Tests Follow These 7 Steps
Slideshows  |  5/14/2019  | 
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
Poorly Configured Server Exposes Most Panama Citizens' Data
Quick Hits  |  5/13/2019  | 
Compromised information includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data.
78% of Consumers Say Online Companies Must Protect Their Info
News  |  5/13/2019  | 
Yet 68% agree they also must do more to protect their own information.
Symantec CEO Greg Clark Steps Down
Quick Hits  |  5/10/2019  | 
Exec shake-up comes amid earnings drop in financial report.
How the Skills Gap Strains and Constrains Security Pros
News  |  5/9/2019  | 
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.
How to Close the Critical Cybersecurity Talent Gap
Commentary  |  5/9/2019  | 
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
DeepDotWeb Operators Indicted, Website Seized by the FBI
Quick Hits  |  5/8/2019  | 
Defendants allegedly earned kickbacks for sales of illegal contraband, including hacking tools and malicious code.
Social Engineering Slams the C-Suite: Verizon DBIR
News  |  5/8/2019  | 
Criminals are also going after cloud-based email accounts, according to Verizon's '2019 Data Breach Investigations Report.'
Attackers Add a New Spin to Old Scams
News  |  5/6/2019  | 
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
Trust the Stack, Not the People
Commentary  |  5/6/2019  | 
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
Massive Dark Web 'Wall Street Market' Shuttered
Quick Hits  |  5/3/2019  | 
Europol-led international law enforcement operation led to takedown of world's second-largest digital underground marketplace.
The 2019 State of Cloud Security
Slideshows  |  5/3/2019  | 
Enterprise cloud security is making real progress, but emerging technologies call for security teams to keep up the pace.
Security Depends on Careful Design
Commentary  |  5/2/2019  | 
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
Facebook, Instagram Are Phishers' Favorite Social Platforms
Quick Hits  |  5/2/2019  | 
Cloud companies continue to represent the most phishing URLs, but social media saw the most growth in Q1 2019.


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7227
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
CVE-2019-15625
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
CVE-2019-19696
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
CVE-2019-19697
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
CVE-2019-20357
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.