Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in June 2018
Natural Language Processing Fights Social Engineers
News  |  6/29/2018  | 
Instead of trying to detect social engineering attacks based on a subject line or URL, a new tool conducts semantic analysis of text to determine malicious intent.
Equifax Software Manager Charged with Insider Trading
Quick Hits  |  6/29/2018  | 
Sudhakar Reddy Bonthu used insider information about the company's 2017 data breach to profit in stock transaction.
Why Sharing Intelligence Makes Everyone Safer
Commentary  |  6/29/2018  | 
Security teams must expand strategies to go beyond simply identifying details tied to a specific threat to include context and information about attack methodologies.
Adidas US Website Hit by Data Breach
Quick Hits  |  6/29/2018  | 
The athletic apparel firm was hacked and data on potentially 'millions' of customers now at risk.
The 6 Worst Insider Attacks of 2018 So Far
Slideshows  |  6/29/2018  | 
Stalkers, fraudsters, saboteurs, and all nature of malicious insiders have put the hurt on some very high-profile employers.
65% of Resold Memory Cards Still Pack Personal Data
News  |  6/28/2018  | 
Analyzed cards, mainly from smartphones and tablets, contained private personal information, business documentation, audio, video, and photos.
Redefining Security with Blockchain
Commentary  |  6/28/2018  | 
Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.
Russia, Facebook & Cybersecurity: Combating Weaponized FUD in the Social Media Age
Commentary  |  6/27/2018  | 
It's up to everyone -- users, security pros, government -- to be critical about the online information we encounter.
Coin Miner Malware Spikes 629% in 'Telling' Q1
News  |  6/27/2018  | 
Drastic growth suggests adversaries are learning how they can maximize rewards with minimal effort.
The 3 R's for Surviving the Security Skills Shortage
News  |  6/27/2018  | 
How to recruit, retrain, and retain with creativity and discipline.
Insider Dangers Are Hiding in Collaboration Tools
News  |  6/26/2018  | 
The casual sharing of sensitive data, such as passwords, is opening the door to malicious insiders.
'Have I Been Pwned' Now Built into Firefox, 1Password
News  |  6/26/2018  | 
Users can search breach data in a new tool called Firefox Monitor and check if passwords have been exposed in 1Password on the Web.
Securing Serverless Apps: 3 Critical Tasks in 3 Days
Commentary  |  6/26/2018  | 
Serverless workloads in the cloud can be as secure as traditional applications with the right processes and tools. The key: start small, scale as your application scales, and involve everyone.
Secure by Default Is Not What You Think
Commentary  |  6/26/2018  | 
The traditional view of secure by default which has largely been secure out of the box is too narrow. To broaden your view, consider these three parameters.
First Women-Led Cybersecurity Venture Capital Firm Launches
News  |  6/26/2018  | 
Chenxi Wang, former Forrester VP of research and Twistlock executive, heads up Rain Capital, with the intent to also help build new startups.
Black Hat Survey: Enterprise Tech, US Government Unprepared for Cyberattacks
News  |  6/26/2018  | 
The 2018 Black Hat Attendee survey reveals worries over the effectiveness of enterprise security technology, and threat to US infrastructure.
Malware in South Korean Cyberattacks Linked to Bithumb Heist
News  |  6/25/2018  | 
Lazarus Group is likely behind a spearphishing campaign containing malicious code to download Manuscrypt malware.
1.7 Million Phishing Emails Blocked in June: Barracuda Networks
Quick Hits  |  6/25/2018  | 
Brand-name spoofing still a popular tactic to lure victims into giving up their login credentials and payment card information, new data shows.
8 Security Tips for a Hassle-Free Summer Vacation
Slideshows  |  6/23/2018  | 
It's easy to let your guard down when you're away. Hackers know that, too.
Cracking Cortana: The Dangers of Flawed Voice Assistants
News  |  6/22/2018  | 
Researchers at Black Hat USA will show how vulnerabilities in Microsoft's Cortana highlight the need to balance security with convenience.
Artificial Intelligence & the Security Market
News  |  6/21/2018  | 
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
Click2Gov Breaches Attributed to WebLogic Application Flaw
Quick Hits  |  6/21/2018  | 
At least 10 US cities running Click2Gov software have alerted citizens to a data breach, but it turns out the problem was in the application server.
7 Places Where Privacy and Security Collide
Slideshows  |  6/21/2018  | 
Privacy and security can experience tension at a number of points in the enterprise. Here are seven plus some possibilities for easing the strain.
Templates: The Most Powerful (And Underrated) Infrastructure Security Tool
Commentary  |  6/21/2018  | 
If your team is manually building cloud instances and networks for every application, you're setting yourself up for a data breach.
Microsoft Office: The Go-To Platform for Zero-Day Exploits
News  |  6/21/2018  | 
Malicious Office documents are the weapon of choice among cybercriminals, who use files to access remotely hosted malicious components.
AppSec in the World of 'Serverless'
Commentary  |  6/21/2018  | 
The term 'application security' still applies to 'serverless' technology, but the line where application settings start and infrastructure ends is blurring.
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
News  |  6/20/2018  | 
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
Intel VP Talks Data Security Focus Amid Rise of Blockchain, AI
News  |  6/20/2018  | 
Intel vice president Rick Echevarria discusses the challenges of balancing data security with new technologies like blockchain and artificial intelligence.
Alphabet Launches VirusTotal Monitor to Stop False Positives
Quick Hits  |  6/20/2018  | 
Alphabet's Chronicle security division releases VirusTotal Monitor, a tool for developers to check if their product will be flagged as malware.
The Best and Worst Tasks for Security Automation
Slideshows  |  6/20/2018  | 
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
Mylobot Malware Brings New Sophistication to Botnets
News  |  6/20/2018  | 
The malware pulls together a variety of techniques to gain a foothold and remain undiscovered.
'Olympic Destroyer' Reappears in Attacks on Europe, Russia
News  |  6/19/2018  | 
The attack group known for targeting the 2018 Winter Olympics has resurfaced in campaigns against European financial and biochem companies.
CrowdStrike Secures $200M Funding Round
Quick Hits  |  6/19/2018  | 
The new funding round brings the company's valuation to more than $3 billion.
5 Tips for Integrating Security Best Practices into Your Cloud Strategy
Commentary  |  6/19/2018  | 
Do 'cloud-first' strategies create a security-second mindset?
Security Analytics Startup Uptycs Raises $10M in Series A
Quick Hits  |  6/19/2018  | 
This round of funding for Uptycs, which runs an osquery-powered analytics platform, was led by ForgePoint Capital and Comcast Ventures.
Modern Cybersecurity Demands a Different Corporate Mindset
Commentary  |  6/15/2018  | 
Very few organizations have fully incorporated all relevant risks and threats into their current digital strategy, research finds.
Containerized Apps: An 8-Point Security Checklist
Slideshows  |  6/14/2018  | 
Here are eight measures to take to ensure the security of your containerized application environment.
DDoS Amped Up: DNS, Memcached Attacks Rise
News  |  6/13/2018  | 
China and the US are the world's leading sources of distributed denial-of-service botnet attacks.
Microsoft Fixes 11 Critical, 39 Important Vulns
News  |  6/12/2018  | 
The most critical vulnerability, experts say, affects Windows Domain Name Systems, while another lets attackers hack Cortana from the lock screen.
Fewer Phishing Attacks Hit More Diverse Targets
News  |  6/11/2018  | 
Nearly 300 brands were hit with phishing attacks in Q1, with cloud storage providers now among the top 10 most targeted.
CrowdStrike Launches $1 Million Security Breach Warranty
News  |  6/5/2018  | 
Covers all costs of a data breach that occurs within the systems protected by its EPP Complete endpoint security service.
Dark Reading Launches Second INsecurity Conference
News  |  6/5/2018  | 
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
Web Application Firewalls Adjust to Secure the Cloud
News  |  6/4/2018  | 
Cloud-based WAFs protect applications without the costs and complexity of on-prem hardware. Here's what to keep in mind as you browse the growing market.
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Commentary  |  6/4/2018  | 
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
Google Groups Misconfiguration Exposes Corporate Data
News  |  6/1/2018  | 
Researchers say as many as 10,000 businesses are affected by a widespread misconfiguration in Google Groups settings.
Cybercrime Is Skyrocketing as the World Goes Digital
Commentary  |  6/1/2018  | 
If cybercrime were a country, it would have the 13th highest GDP in the world.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
Kelly Sheridan, Staff Editor, Dark Reading,  7/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17366
PUBLISHED: 2020-08-05
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a denial of service on dependent routing systems by strategically withholding RPKI Route Origin Authorisation ".roa" files or X509 Certificate...
CVE-2020-9036
PUBLISHED: 2020-08-05
Jeedom through 4.0.38 allows XSS.
CVE-2020-15127
PUBLISHED: 2020-08-05
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes flip...
CVE-2020-15132
PUBLISHED: 2020-08-05
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. If the given string is not found, a response with a `400` error code is returned, along with a error message saying that th...
CVE-2020-7298
PUBLISHED: 2020-08-05
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call.