Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in July 2020
'Hidden Property Abusing' Allows Attacks on Node.js Applications
News  |  7/31/2020  | 
A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
News  |  7/30/2020  | 
Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.
Mimecast Buys MessageControl
Quick Hits  |  7/30/2020  | 
The email security provider brings into its fold social engineering and human identity capabilities.
Ill-Defined Career Paths Hamper Growth for IT Security Pros
News  |  7/30/2020  | 
Appsec and cloud security skills are the most in demand, and a shortage of staff is wearing on security teams, a new study shows.
Security Flaws Discovered in OKCupid Dating Service
Quick Hits  |  7/29/2020  | 
Researchers identified a variety of vulnerabilities in apps and websites for the popular online dating platform.
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Commentary  |  7/29/2020  | 
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
News  |  7/28/2020  | 
More than 80% of companies have at least one Internet-facing cloud asset that is more than six months out of date or running software that is no longer supported, according to scan data.
Researchers Foil Phishing Attempt on Netflix Customers
News  |  7/28/2020  | 
Hackers use two stolen domains to steal credentials from Netflix users and then send them to the real Netflix site.
Autonomous IT: Less Reacting, More Securing
Commentary  |  7/28/2020  | 
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
As Businesses Move to the Cloud, Cybercriminals Follow Close Behind
Commentary  |  7/28/2020  | 
In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.
Twilio Security Incident Shows Danger of Misconfigured S3 Buckets
News  |  7/23/2020  | 
Twilio says attackers accessed its misconfigured cloud storage system and altered a copy of the JavaScriptSDK it shares with customers.
8 Cybersecurity Themes to Expect at Black Hat USA 2020
Slideshows  |  7/23/2020  | 
Here are the trends and topics that'll capture the limelight at this year's virtual event.
Cybersecurity Lessons from the Pandemic
Commentary  |  7/22/2020  | 
How does cybersecurity support business and society? The pandemic shows us.
Microsoft 365 Updated with New Security, Risk, Compliance Tools
News  |  7/21/2020  | 
Updates built for remote employees include an endpoint data loss prevention platform, insider risk management, and double key encryption.
Fortinet Buys Cloud Security Firm OPAQ
Quick Hits  |  7/21/2020  | 
The company plans to add zero-trust networking capabilities to its Secure Access Service Edge architecture.
G Suite Security Updates Bring New Features to Gmail, Meet & Chat
Quick Hits  |  7/21/2020  | 
New security features include support for a new standard in Gmail, phishing protection in Chat, and additional admin controls.
EU Court Ruling Means New Global Protections for EU Customer Data
Quick Hits  |  7/16/2020  | 
The ruling in a case involving Facebook means that international companies must provide EU-level privacy controls for EU-generated data no matter where it's stored or transferred.
New Attack Technique Uses Misconfigured Docker API
Quick Hits  |  7/15/2020  | 
A new technique builds and deploys an attack on the victim's own system
DevSecOps Requires a Different Approach to Security
News  |  7/14/2020  | 
Breaking applications into microservices means more difficulty in gaining good visibility into runtime security and performance issues, says startup Traceable.
Google Cloud Unveils 'Confidential VMs' to Protect Data in Use
News  |  7/14/2020  | 
Confidential Virtual Machines, now in beta, will let Google Cloud customers keep data encrypted while it's in use.
Zero-Trust Efforts Rise with the Tide of Remote Working
News  |  7/13/2020  | 
With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace.
When WAFs Go Wrong
News  |  7/9/2020  | 
Web application firewalls are increasingly disappointing enterprises today. Here's why.
Introducing 'Secure Access Service Edge'
Commentary  |  7/3/2020  | 
The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.
Building Security Strategies in Sub-Saharan Africa: Trends and Concerns
News  |  7/2/2020  | 
Security experts discuss the rise in cybercrime affecting sub-Saharan Africa and the necessary changes to improve security.
Anatomy of a Long-Con Phish
Expert Insights  |  7/2/2020  | 
A fraudster on LinkedIn used my online profile in an apparent attempt to pull off a wide-ranging scam business venture.
Making Sense of EARN IT & LAED Bills' Implications for Crypto
News  |  7/2/2020  | 
After Senate Judiciary Committee pushes EARN IT Act a step closer to ratification, raising further concerns for privacy advocates, here's what to know.
22,900 MongoDB Databases Affected in Ransomware Attack
Quick Hits  |  7/2/2020  | 
An attacker scanned for databases misconfigured to expose information and wiped the data, leaving a ransom note behind.
Businesses Invest in Cloud Security Tools Despite Concerns
News  |  7/1/2020  | 
A majority of organizations say the acceleration was driven by a need to support more remote employees.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32686
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
CVE-2021-32783
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
CVE-2021-3169
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
CVE-2020-20741
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...
CVE-2021-25808
PUBLISHED: 2021-07-23
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.