Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in May 2019
GDPR's First-Year Impact by the Numbers
Slideshows  |  5/31/2019  | 
The latest statistics on GDPR spending, compliance rates, enforcement and consumer attitudes on privacy protection.
Vulnerability Leaves Container Images Without Passwords
News  |  5/30/2019  | 
A old vulnerability in Alpine Linux containers has spread and propagated to as much as 20% of the containers on the Docker Store.
2.3B Files Currently Exposed via Online Storage
News  |  5/30/2019  | 
Digital Shadows researchers scanned various online file-sharing services and concluded the number of exposed files is up 50% from March of 2018.
Palo Alto Networks Confirms PureSec Acquisition
Quick Hits  |  5/30/2019  | 
The company also agreed to buy container security company Twistlock as it develops its cloud security suite.
Docker Vulnerability Opens Servers to Container Code
News  |  5/29/2019  | 
Under very specific conditions, code running in a Docker container could access files anywhere on a server, according to a new CVE.
Palo Alto Networks Said to Buy Twistlock
Quick Hits  |  5/29/2019  | 
Reports in Israel-based business publications say Palo Alto Networks has reached a deal to purchase the container security startup, as well as another Israeli security startup.
Keys for Working with Modern MSSPs
News  |  5/28/2019  | 
How to determine what an MSSP can do for your organization, and the questions to ask before signing a contract.
8 Ways to Authenticate Without Passwords
Slideshows  |  5/28/2019  | 
Passwordless authentication has a shot at becoming more ubiquitous in the next few years. We take a look at where things stand at the moment.
'Cattle, Not Pets' & the Rise of Security-as-Code
Commentary  |  5/28/2019  | 
Nearly a decade in, the famous analogy has underpinned a sea change in enterprise IT, but still falls short of the security mark. More recent developments can help.
Mist Computing Startup Distributes Security AI to the Network Edge
News  |  5/24/2019  | 
MistNet, founded by former Juniper employees, moves AI processing to the network edge to build distributed detection and analysis models for security.
How Security Vendors Can Address the Cybersecurity Talent Shortage
Commentary  |  5/24/2019  | 
The talent gap is too large for any one sector, and cybersecurity vendors have a big role to play in helping to close it.
To Manage Security Risk, Manage Data First
News  |  5/23/2019  | 
At Interop 2019, IT and security experts urged attendees to focus on data asset management as a means of mitigating risk.
Google's Origin & the Danger of Link Sharing
Commentary  |  5/23/2019  | 
How the act of sharing links to files stored in a public cloud puts organizations at risk, and what security teams can do to safeguard data and PII.
Microsoft Opens Defender ATP for Mac to Public Preview
Quick Hits  |  5/23/2019  | 
Users of the security platform who have preview features enabled can access Defender ATP for Mac via the Security Center onboarding section.
New Software Skims Credit Card Info From Online Credit Card Transactions
Quick Hits  |  5/22/2019  | 
The new exploit builds a fake frame around legitimate portions of an online commerce website.
Consumer IoT Devices Are Compromising Enterprise Networks
News  |  5/22/2019  | 
While IoT devices continue to multiply, the latest studies show a dangerous lack of visibility into those connected to enterprise networks.
49 Million Instagram Influencer Records Exposed in Open Database
Quick Hits  |  5/21/2019  | 
An AWS-hosted database was configured with no username or password required for access to personal data.
Data Security: Think Beyond the Endpoint
News  |  5/21/2019  | 
A strong data protection strategy is essential as data moves across endpoints and in the cloud.
97% of Americans Cant Ace a Basic Security Test
News  |  5/20/2019  | 
Still, a new Google study uncovers a bit of good news, too.
Financial Sector Under Siege
Commentary  |  5/20/2019  | 
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.
7 Signs of the Rising Threat of Magecart Attacks in 2019
Slideshows  |  5/20/2019  | 
Magecart attacks continue to grow in momentum. Here are the stats and stories that show what's behind the mayhem.
Exposed Elasticsearch Database Compromises Data on 8M People
Quick Hits  |  5/17/2019  | 
Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.
Microsoft Builds on Decentralized Identity Vision
News  |  5/15/2019  | 
The company elaborates on its plan to balance data control between businesses and consumers by giving more autonomy to individuals.
Baltimore Ransomware Attack Takes Strange Twist
News  |  5/14/2019  | 
Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week.
Effective Pen Tests Follow These 7 Steps
Slideshows  |  5/14/2019  | 
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
Poorly Configured Server Exposes Most Panama Citizens' Data
Quick Hits  |  5/13/2019  | 
Compromised information includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data.
78% of Consumers Say Online Companies Must Protect Their Info
News  |  5/13/2019  | 
Yet 68% agree they also must do more to protect their own information.
Symantec CEO Greg Clark Steps Down
Quick Hits  |  5/10/2019  | 
Exec shake-up comes amid earnings drop in financial report.
How the Skills Gap Strains and Constrains Security Pros
News  |  5/9/2019  | 
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.
How to Close the Critical Cybersecurity Talent Gap
Commentary  |  5/9/2019  | 
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
DeepDotWeb Operators Indicted, Website Seized by the FBI
Quick Hits  |  5/8/2019  | 
Defendants allegedly earned kickbacks for sales of illegal contraband, including hacking tools and malicious code.
Social Engineering Slams the C-Suite: Verizon DBIR
News  |  5/8/2019  | 
Criminals are also going after cloud-based email accounts, according to Verizon's '2019 Data Breach Investigations Report.'
Attackers Add a New Spin to Old Scams
News  |  5/6/2019  | 
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
Trust the Stack, Not the People
Commentary  |  5/6/2019  | 
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
Massive Dark Web 'Wall Street Market' Shuttered
Quick Hits  |  5/3/2019  | 
Europol-led international law enforcement operation led to takedown of world's second-largest digital underground marketplace.
The 2019 State of Cloud Security
Slideshows  |  5/3/2019  | 
Enterprise cloud security is making real progress, but emerging technologies call for security teams to keep up the pace.
Security Depends on Careful Design
Commentary  |  5/2/2019  | 
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
Facebook, Instagram Are Phishers' Favorite Social Platforms
Quick Hits  |  5/2/2019  | 
Cloud companies continue to represent the most phishing URLs, but social media saw the most growth in Q1 2019.


SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is the last time we hire Game of Thrones Security"
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19230
PUBLISHED: 2019-12-09
An unsafe deserialization vulnerability exists in CA Release Automation (Nolio) 6.6 with the DataManagement component that can allow a remote attacker to execute arbitrary code.
CVE-2013-0342
PUBLISHED: 2019-12-09
The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294.
CVE-2014-0242
PUBLISHED: 2019-12-09
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
CVE-2015-3424
PUBLISHED: 2019-12-09
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.
CVE-2015-3425
PUBLISHED: 2019-12-09
Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter.