Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in July 2017
Iranian Hackers Ensnared Targets via Phony Female Photographer
News  |  7/31/2017  | 
US, Indian, Saudi Arabian, Israeli, Iraqi IT, security, executives in oil/gas and aerospace swept up in elaborate social media ruse used for cyber espionage operations.
DevOps Security & the Culture of 'Yes'
Commentary  |  7/31/2017  | 
Communication, collaboration, and the use of production data to drive decisions are essential for security work in a DevOps world.
Inside the Investigation and Trial of Roman Seleznev
News  |  7/27/2017  | 
The officials who convicted the credit card thief discussed the investigation, evidence, trial, and challenges involved in his case.
Dark Reading News Desk Live at Black Hat USA 2017
Commentary  |  7/27/2017  | 
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
Majority of Consumers Believe IoT Needs Security Built In
Quick Hits  |  7/26/2017  | 
Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.
10 Critical Steps to Create a Culture of Cybersecurity
Commentary  |  7/26/2017  | 
Businesses are more vulnerable than they need to be. Here's what you should do about it.
How 'Postcript' Exploits Networked Printers
News  |  7/25/2017  | 
At Black Hat 2017, a university researcher will demo how attackers can drill into networked printers by way of the ubiquitous PostScript programming language.
Lessons from Verizon: Managing Cloud Security for Partners
Partner Perspectives  |  7/25/2017  | 
The recent Verizon breach data exposed by an insecure Amazon S3 bucket highlights the need for enterprises to have visibility into how partners and other stakeholders keep their data secure.
Weather.com, Fusion Expose Data Via Google Groups Config Error
News  |  7/24/2017  | 
Companies that leaked data accidentally chose the sharing setting "public on the Internet," which enabled anyone on the Web to access all information contained in the messages
7 Hardware & Firmware Hacks Highlighted at Black Hat 2017
Slideshows  |  7/24/2017  | 
Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.
Using DevOps to Move Faster than Attackers
News  |  7/20/2017  | 
Black Hat USA talk will discuss the practicalities of adjusting appsec tooling and practices in the age of DevOps.
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
News  |  7/20/2017  | 
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
98% of Companies Favor Integrating Security with DevOps
News  |  7/19/2017  | 
A majority of companies are either planning or have launched an integrated DevOps and security team, a new report shows.
Most Office 365 Admins Rely on Recycle Bin for Data Backup
News  |  7/19/2017  | 
Nearly 66% of Office 365 administrators use Recycle Bin to back up their data, a practice that could leave data lost and unrecoverable.
Catastrophic Cloud Attack Costs Would Rival that of Hurricane Damages
News  |  7/19/2017  | 
Lloyd's of London estimates multi-billion-dollar loss figures in worst-case scenarios of a major zero-day exploit or massive cloud outage.
4 Steps to Securing Citizen-Developed Apps
Commentary  |  7/19/2017  | 
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
Dow Jones Data Leak Results from an AWS Configuration Error
News  |  7/18/2017  | 
Security pros expect to see more incidents like the Dow Jones leak, which exposed customers' personal information following a public cloud configuration error.
Zero-Day Exploit Surfaces that May Affect Millions of IoT Users
Quick Hits  |  7/18/2017  | 
A zero-day vulnerability dubbed Devil's Ivy is discovered in a widely used third-party toolkit called gSOAP.
Apple iOS Malware Growth Outpaces that of Android
News  |  7/18/2017  | 
Number of iOS devices running malicious apps more than tripled in three consecutive quarters, while infected Android devices remained largely flat, report shows.
New IBM Mainframe Encrypts All the Things
News  |  7/17/2017  | 
Next-generation Z series features the elusive goal of full data encryption - from an application, cloud service, or database in transit or at rest.
FBI Issues Warning on IoT Toy Security
Quick Hits  |  7/17/2017  | 
IoT toys are more than fun and games and can potentially lead to a violation of children's privacy and safety, the Federal Bureau of Investigation warned Monday.
AWS S3 Breaches: What to Do & Why
Commentary  |  7/17/2017  | 
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
Cloud AV Can Serve as an Avenue for Exfiltration
News  |  7/14/2017  | 
Black Hat USA researchers show how bad guys can use cloud AV connections to bypass air-gaps and extremely segmented networks to keep stolen data flowing.
Study: Backdoors Found on 73% of Compromised Websites
Quick Hits  |  7/13/2017  | 
No such thing as 'too small to hack,' according to research from SMB security provider SiteLock.
US Voters Consider Russia the Largest Security Risk to Elections
Quick Hits  |  7/13/2017  | 
Nearly half of US voters believe Russia is the largest security risk for elections in the nation, according to a survey.
How Security Pros Can Help Protect Patients from Medical Data Theft
Commentary  |  7/13/2017  | 
The healthcare industry has been slow to address the dangers of hacking, and breaches are on the rise. Security pros must be more proactive in keeping people safe.
Cisco Plans to Buy Observable Networks for Cloud Security
Quick Hits  |  7/13/2017  | 
Cisco announces plans to acquire Observable Networks as part of a plan to bring its Stealthwatch solution into the cloud.
Verizon Suffers Cloud Data Leak Exposing Data on Millions of Customers
News  |  7/12/2017  | 
Six million of Verizon's US customers had their personal and account information exposed, including PIN numbers.
Dealing with Due Diligence
Commentary  |  7/12/2017  | 
Companies will find themselves evaluating third-party cybersecurity more than ever -- and being subject to scrutiny themselves. Here's how to handle it.
Web App Vulnerabilities Decline 25% in 12 Months
News  |  7/11/2017  | 
WhiteHat Security's annual Web app report shows the average number of vulns in a Web app is down from four to three.
Securing your Cloud Stack from Ransomware
Partner Perspectives  |  7/11/2017  | 
Poor configuration, lack of policies, and permissive behaviors are three factors that can leave your cloud infrastructure vulnerable to ransomware threats.
HyTrust Raises $36M, Buys DataGravity for Policy Enforcement
Quick Hits  |  7/11/2017  | 
Cloud security firm HyTrust closed $36 million in Series E funding and purchased DataGravity to automate policy enforcement for workload data.
The High Costs of GDPR Compliance
Commentary  |  7/11/2017  | 
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
Symantec Snaps Up Skycure in Mobile Security Move
News  |  7/11/2017  | 
Acquisition fills gap in Symantec's Apple iOS mobile security strategy - and addresses the future of 'mobile first,' Symantec CEO says.
IoT Devices Plagued by Lesser-Known Security Hole
News  |  7/10/2017  | 
Internet of Things devices are security-challenged enough, but they're also being massively exposed on the public Internet this time via MQTT communications, a researcher will show at Black Hat USA.
Cybercriminal with Ties to Exclusive Russian Hacking Forums Sentenced to Prison
Quick Hits  |  7/10/2017  | 
L.A. resident is sentenced to 110 months in prison for stealing and trafficking sensitive information on exclusive Russian-speaking cybercriminal forums.
Two Members of Massive Call Center Scam Operation Plead Guilty
Quick Hits  |  7/10/2017  | 
Some 54 members facing charges for targeting US victims.
IRS to Launch Educational Phishing Series
Quick Hits  |  7/7/2017  | 
The Internal Revenue Service is preparing to launch an educational series on phishing attacks and related warning signs.
The SOC Is DeadLong Live the SOC
Commentary  |  7/7/2017  | 
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
The Growing Danger of IP Theft and Cyber Extortion
Commentary  |  7/6/2017  | 
The recent hacks of Disney and Netflix show the jeopardy that intellectual property and company secrets are in, fueled by cheap hacking tools and cryptocurrencies.
Symantec to Buy 'Browser Isolation' Firm Fireglass
News  |  7/6/2017  | 
Fireglass's emerging Web security technology will become modular component in Symantec's Integrated Cyber Defense Platform.
The Problem with Data
Commentary  |  7/3/2017  | 
The sheer amount of data that organizations collect makes it both extremely valuable and dangerous. Business leaders must do everything possible to keep it safe.


Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts
Jai Vijayan, Contributing Writer,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19719
PUBLISHED: 2019-12-11
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
CVE-2019-19720
PUBLISHED: 2019-12-11
Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.
CVE-2019-19707
PUBLISHED: 2019-12-11
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
CVE-2019-19708
PUBLISHED: 2019-12-11
The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.
CVE-2019-19709
PUBLISHED: 2019-12-11
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.