Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in July 2020
'Hidden Property Abusing' Allows Attacks on Node.js Applications
News  |  7/31/2020  | 
A team of researchers from Georgia Tech find a new attack technique that targets properties in Node.js and plan to publicly release a tool that has already identified 13 new vulnerabilities.
Browsers to Enforce Shorter Certificate Life Spans: What Businesses Should Know
News  |  7/30/2020  | 
Apple, Google, and Mozilla will shorten the life span for TLS certificates in a move poised to aid security but cause operational troubles.
Mimecast Buys MessageControl
Quick Hits  |  7/30/2020  | 
The email security provider brings into its fold social engineering and human identity capabilities.
Ill-Defined Career Paths Hamper Growth for IT Security Pros
News  |  7/30/2020  | 
Appsec and cloud security skills are the most in demand, and a shortage of staff is wearing on security teams, a new study shows.
Security Flaws Discovered in OKCupid Dating Service
Quick Hits  |  7/29/2020  | 
Researchers identified a variety of vulnerabilities in apps and websites for the popular online dating platform.
Technical Challenges of IoT Cybersecurity in a Post-COVID-19 World
Commentary  |  7/29/2020  | 
Effective management of vulnerabilities can be done only when information about supply chain dependencies is accurate and recent.
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
News  |  7/28/2020  | 
More than 80% of companies have at least one Internet-facing cloud asset that is more than six months out of date or running software that is no longer supported, according to scan data.
Researchers Foil Phishing Attempt on Netflix Customers
News  |  7/28/2020  | 
Hackers use two stolen domains to steal credentials from Netflix users and then send them to the real Netflix site.
Autonomous IT: Less Reacting, More Securing
Commentary  |  7/28/2020  | 
Keeping data secure requires a range of skills and perfect execution. AI makes that possible.
As Businesses Move to the Cloud, Cybercriminals Follow Close Behind
Commentary  |  7/28/2020  | 
In the wake of COVID-19, data theft is by far the top tactic, followed by cryptomining and ransomware.
Twilio Security Incident Shows Danger of Misconfigured S3 Buckets
News  |  7/23/2020  | 
Twilio says attackers accessed its misconfigured cloud storage system and altered a copy of the JavaScriptSDK it shares with customers.
8 Cybersecurity Themes to Expect at Black Hat USA 2020
Slideshows  |  7/23/2020  | 
Here are the trends and topics that'll capture the limelight at this year's virtual event.
Cybersecurity Lessons from the Pandemic
Commentary  |  7/22/2020  | 
How does cybersecurity support business and society? The pandemic shows us.
Microsoft 365 Updated with New Security, Risk, Compliance Tools
News  |  7/21/2020  | 
Updates built for remote employees include an endpoint data loss prevention platform, insider risk management, and double key encryption.
Fortinet Buys Cloud Security Firm OPAQ
Quick Hits  |  7/21/2020  | 
The company plans to add zero-trust networking capabilities to its Secure Access Service Edge architecture.
G Suite Security Updates Bring New Features to Gmail, Meet & Chat
Quick Hits  |  7/21/2020  | 
New security features include support for a new standard in Gmail, phishing protection in Chat, and additional admin controls.
EU Court Ruling Means New Global Protections for EU Customer Data
Quick Hits  |  7/16/2020  | 
The ruling in a case involving Facebook means that international companies must provide EU-level privacy controls for EU-generated data no matter where it's stored or transferred.
New Attack Technique Uses Misconfigured Docker API
Quick Hits  |  7/15/2020  | 
A new technique builds and deploys an attack on the victim's own system
DevSecOps Requires a Different Approach to Security
News  |  7/14/2020  | 
Breaking applications into microservices means more difficulty in gaining good visibility into runtime security and performance issues, says startup Traceable.
Google Cloud Unveils 'Confidential VMs' to Protect Data in Use
News  |  7/14/2020  | 
Confidential Virtual Machines, now in beta, will let Google Cloud customers keep data encrypted while it's in use.
Zero-Trust Efforts Rise with the Tide of Remote Working
News  |  7/13/2020  | 
With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace.
When WAFs Go Wrong
News  |  7/9/2020  | 
Web application firewalls are increasingly disappointing enterprises today. Here's why.
Introducing 'Secure Access Service Edge'
Commentary  |  7/3/2020  | 
The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.
Building Security Strategies in Sub-Saharan Africa: Trends and Concerns
News  |  7/2/2020  | 
Security experts discuss the rise in cybercrime affecting sub-Saharan Africa and the necessary changes to improve security.
Anatomy of a Long-Con Phish
Expert Insights  |  7/2/2020  | 
A fraudster on LinkedIn used my online profile in an apparent attempt to pull off a wide-ranging scam business venture.
Making Sense of EARN IT & LAED Bills' Implications for Crypto
News  |  7/2/2020  | 
After Senate Judiciary Committee pushes EARN IT Act a step closer to ratification, raising further concerns for privacy advocates, here's what to know.
22,900 MongoDB Databases Affected in Ransomware Attack
Quick Hits  |  7/2/2020  | 
An attacker scanned for databases misconfigured to expose information and wiped the data, leaving a ransom note behind.
Businesses Invest in Cloud Security Tools Despite Concerns
News  |  7/1/2020  | 
A majority of organizations say the acceleration was driven by a need to support more remote employees.


News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3035
PUBLISHED: 2021-04-20
An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.
CVE-2021-3036
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to us...
CVE-2021-3037
PUBLISHED: 2021-04-20
An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS conf...
CVE-2021-3038
PUBLISHED: 2021-04-20
A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions...
CVE-2021-3506
PUBLISHED: 2021-04-19
An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...