Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in June 2018
Natural Language Processing Fights Social Engineers
News  |  6/29/2018  | 
Instead of trying to detect social engineering attacks based on a subject line or URL, a new tool conducts semantic analysis of text to determine malicious intent.
Equifax Software Manager Charged with Insider Trading
Quick Hits  |  6/29/2018  | 
Sudhakar Reddy Bonthu used insider information about the company's 2017 data breach to profit in stock transaction.
Why Sharing Intelligence Makes Everyone Safer
Commentary  |  6/29/2018  | 
Security teams must expand strategies to go beyond simply identifying details tied to a specific threat to include context and information about attack methodologies.
Adidas US Website Hit by Data Breach
Quick Hits  |  6/29/2018  | 
The athletic apparel firm was hacked and data on potentially 'millions' of customers now at risk.
The 6 Worst Insider Attacks of 2018 – So Far
Slideshows  |  6/29/2018  | 
Stalkers, fraudsters, saboteurs, and all nature of malicious insiders have put the hurt on some very high-profile employers.
65% of Resold Memory Cards Still Pack Personal Data
News  |  6/28/2018  | 
Analyzed cards, mainly from smartphones and tablets, contained private personal information, business documentation, audio, video, and photos.
Redefining Security with Blockchain
Commentary  |  6/28/2018  | 
Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.
Russia, Facebook & Cybersecurity: Combating Weaponized FUD in the Social Media Age
Commentary  |  6/27/2018  | 
It's up to everyone -- users, security pros, government -- to be critical about the online information we encounter.
Coin Miner Malware Spikes 629% in 'Telling' Q1
News  |  6/27/2018  | 
Drastic growth suggests adversaries are learning how they can maximize rewards with minimal effort.
The 3 R's for Surviving the Security Skills Shortage
News  |  6/27/2018  | 
How to recruit, retrain, and retain with creativity and discipline.
Insider Dangers Are Hiding in Collaboration Tools
News  |  6/26/2018  | 
The casual sharing of sensitive data, such as passwords, is opening the door to malicious insiders.
'Have I Been Pwned' Now Built into Firefox, 1Password
News  |  6/26/2018  | 
Users can search breach data in a new tool called Firefox Monitor and check if passwords have been exposed in 1Password on the Web.
Securing Serverless Apps: 3 Critical Tasks in 3 Days
Commentary  |  6/26/2018  | 
Serverless workloads in the cloud can be as secure as traditional applications with the right processes and tools. The key: start small, scale as your application scales, and involve everyone.
Secure by Default Is Not What You Think
Commentary  |  6/26/2018  | 
The traditional view of secure by default — which has largely been secure out of the box — is too narrow. To broaden your view, consider these three parameters.
First Women-Led Cybersecurity Venture Capital Firm Launches
News  |  6/26/2018  | 
Chenxi Wang, former Forrester VP of research and Twistlock executive, heads up Rain Capital, with the intent to also help build new startups.
Black Hat Survey: Enterprise Tech, US Government Unprepared for Cyberattacks
News  |  6/26/2018  | 
The 2018 Black Hat Attendee survey reveals worries over the effectiveness of enterprise security technology, and threat to US infrastructure.
Malware in South Korean Cyberattacks Linked to Bithumb Heist
News  |  6/25/2018  | 
Lazarus Group is likely behind a spearphishing campaign containing malicious code to download Manuscrypt malware.
1.7 Million Phishing Emails Blocked in June: Barracuda Networks
Quick Hits  |  6/25/2018  | 
Brand-name spoofing still a popular tactic to lure victims into giving up their login credentials and payment card information, new data shows.
8 Security Tips for a Hassle-Free Summer Vacation
Slideshows  |  6/23/2018  | 
It's easy to let your guard down when you're away. Hackers know that, too.
Cracking Cortana: The Dangers of Flawed Voice Assistants
News  |  6/22/2018  | 
Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
Artificial Intelligence & the Security Market
News  |  6/21/2018  | 
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
Click2Gov Breaches Attributed to WebLogic Application Flaw
Quick Hits  |  6/21/2018  | 
At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.
7 Places Where Privacy and Security Collide
Slideshows  |  6/21/2018  | 
Privacy and security can experience tension at a number of points in the enterprise. Here are seven — plus some possibilities for easing the strain.
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Commentary  |  6/21/2018  | 
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
Microsoft Office: The Go-To Platform for Zero-Day Exploits
News  |  6/21/2018  | 
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
AppSec in the World of 'Serverless'
Commentary  |  6/21/2018  | 
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
News  |  6/20/2018  | 
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
Intel VP Talks Data Security Focus Amid Rise of Blockchain, AI
News  |  6/20/2018  | 
Intel vice president Rick Echevarria discusses the challenges of balancing data security with new technologies like blockchain and artificial intelligence.
Alphabet Launches VirusTotal Monitor to Stop False Positives
Quick Hits  |  6/20/2018  | 
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
The Best and Worst Tasks for Security Automation
Slideshows  |  6/20/2018  | 
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
Mylobot Malware Brings New Sophistication to Botnets
News  |  6/20/2018  | 
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
News  |  6/19/2018  | 
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
CrowdStrike Secures $200M Funding Round
Quick Hits  |  6/19/2018  | 
The new funding round brings the company's valuation to more than $3 billion.
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Commentary  |  6/19/2018  | 
Do 'cloud-first' strategies create a security-second mindset?
Security Analytics Startup Uptycs Raises $10M in Series A
Quick Hits  |  6/19/2018  | 
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
Modern Cybersecurity Demands a Different Corporate Mindset
Commentary  |  6/15/2018  | 
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Containerized Apps: An 8-Point Security Checklist
Slideshows  |  6/14/2018  | 
Here are eight measures to take to ensure the security of your containerized application environment.
DDoS Amped Up: DNS, Memcached Attacks Rise
News  |  6/13/2018  | 
China and the US are the world's leading sources of distributed denial-of-service botnet attacks.
Microsoft Fixes 11 Critical, 39 Important Vulns
News  |  6/12/2018  | 
The most critical vulnerability, experts say, affects Windows Domain Name Systems, while another lets attackers hack Cortana from the lock screen.
Fewer Phishing Attacks Hit More Diverse Targets
News  |  6/11/2018  | 
Nearly 300 brands were hit with phishing attacks in Q1, with cloud storage providers now among the top 10 most targeted.
CrowdStrike Launches $1 Million Security Breach Warranty
News  |  6/5/2018  | 
Covers all costs of a data breach that occurs within the systems protected by its EPP Complete endpoint security service.
Dark Reading Launches Second INsecurity Conference
News  |  6/5/2018  | 
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
Web Application Firewalls Adjust to Secure the Cloud
News  |  6/4/2018  | 
Cloud-based WAFs protect applications without the costs and complexity of on-prem hardware. Here's what to keep in mind as you browse the growing market.
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Commentary  |  6/4/2018  | 
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
Google Groups Misconfiguration Exposes Corporate Data
News  |  6/1/2018  | 
Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings.
Cybercrime Is Skyrocketing as the World Goes Digital
Commentary  |  6/1/2018  | 
If cybercrime were a country, it would have the 13th highest GDP in the world.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file