Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in June 2017
8tracks Hit With Breach of 18 Million Accounts
Quick Hits  |  6/30/2017  | 
Hackers attack Internet radio user database, gaining access to email addresses and encrypted passwords.
Half of Ransomware Victims Suffer Repeat Attacks
News  |  6/28/2017  | 
Half of ransomware victims are likely to get hit again as threat actors change their strategies to target servers and accelerate the spread of ransomware.
Microsoft Integrates EMET into Fall Windows 10 Update
News  |  6/27/2017  | 
The Windows 10 Creators Update, slated to launch this fall, will include components from the Enhanced Mitigation Experience Toolkit (EMET).
Compliance in the Cloud Needs To Be Continuous & Automated
Partner Perspectives  |  6/27/2017  | 
Complex IT environments require timely visibility into risk and compliance.
9 Ways to Protect Your Cloud Environment from Ransomware
Slideshows  |  6/27/2017  | 
The same technology driving faster collaboration and data transfer also enables cybercriminals to quickly spread ransomware.
Recovering from Bad Decisions in the Cloud
Commentary  |  6/26/2017  | 
The cloud makes it much easier to make changes to security controls than in traditional networks.
Cloud Security Lessons from the Voter Data Leak
News  |  6/22/2017  | 
A poorly configured Amazon S3 bucket that led to a massive data leak could easily happen to any organization not adopting proper cloud security measures.
Cloud Security & the Power of Shared Responsibility
Partner Perspectives  |  6/20/2017  | 
When you and your CSP jointly embrace the shared security responsibility model you can achieve greater success than you or your provider can achieve alone.
Microsoft, Accenture Team up on Blockchain for Digital ID Network
Quick Hits  |  6/19/2017  | 
Microsoft and Accenture use blockchain tech to build a digital ID network, which will help give legal identification to 1.1 billion people without official documents.
Forrester: Rapid Cloud Adoption Drives Demand for Security Tools
News  |  6/16/2017  | 
Cloud services revenue is poised to skyrocket from $114 billion in 2016 to $236 billion by 2020, driving the market for products to secure data in the cloud.
Climbing the Security Maturity Ladder in Cloud
Commentary  |  6/15/2017  | 
These five steps will insure that you achieve the broadest coverage for onboarding your most sensitive workloads.
Trumps Executive Order: What It Means for US Cybersecurity
Commentary  |  6/15/2017  | 
The provisions are all well and good, but its hardly the first time theyve been ordered by the White House.
Malware Incidents at US SMBs Spiked 165% in Q1
News  |  6/15/2017  | 
Texas-based SMBs suffered the most malware attack attempts in the first quarter while those in Arizona had the biggest year-over-year increase, according to new Malwarebytes report.
How End-User Devices Get Hacked: 8 Easy Ways
Slideshows  |  6/9/2017  | 
Security experts share the simplest and most effective methods bad guys employ to break into end-user devices.
Security Orchestration Fine-Tunes the Incident Response Process
News  |  6/8/2017  | 
Emerging orchestration technology can cut labor-intensive tasks for security analysts.
Microsoft to Buy Hexadite for AI, Enterprise Security
News  |  6/8/2017  | 
Acquisition of Israeli security startup aims to strengthen Windows 10 security with artificial intelligence, company says.
Hide & Seek: Security Teams Lack Visibility in the Cloud
Partner Perspectives  |  6/8/2017  | 
IT leaders remain on the hot seat when it comes to their ability to continuously monitor the state of their data and operations. How hot is your seat?
Security in the Cloud: Pitfalls and Potential of CASB Systems
News  |  6/7/2017  | 
The transition to cloud has driven a demand for CASB systems, but today's systems lack the full breadth of functionality businesses need.
Cloud, Hackers, Trump Presidency, Drive Security Spend
News  |  6/7/2017  | 
Businesses reevaluate their security spending in response to the growth of cloud, fear of malicious hackers, and the Trump presidency, research finds.
Why Phishing Season Lasts All Year for Top US Retailers
Commentary  |  6/6/2017  | 
No major brand is immune from cyber squatters; the more popular the company, the more look-alike domains phishers register as bait. Here are some techniques to watch out for.
Oracle Brings Machine Learning to its CASB Service
News  |  6/5/2017  | 
Machine learning is a next step for cloud systems, as Oracle integrates new capabilities into its CASB offering to discern and leverage user behavior.
Majority of DDoS Attacks are Short, Low-Volume Bursts
Quick Hits  |  6/5/2017  | 
DDoS attacks largely fall into the camp of short, low-volume sieges, but large-volume attacks are sharply on the rise, according to a study released today.


When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
CVE-2021-21246
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...