Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in July 2021
8 Security Tools to be Unveiled at Black Hat USA
Slideshows  |  7/28/2021  | 
Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.
7 Hot Cyber Threat Trends to Expect at Black Hat
Slideshows  |  7/22/2021  | 
A sneak peek of some of the main themes at Black Hat USA next month.
IoT-Specific Malware Infections Jumped 700% Amid Pandemic
Quick Hits  |  7/15/2021  | 
Gafgyt and Mirai malware represented majority of IoT malware, new data from Zscaler shows.
How to Bridge On-Premises and Cloud Identity
Commentary  |  7/15/2021  | 
Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.
DoD-Validated Data Security Startup Emerges From Stealth
Quick Hits  |  7/13/2021  | 
The Code-X platform has been tested by the US Department of Defense and members of the intelligence community.
Tool Sprawl & False Positives Hold Security Teams Back
News  |  7/13/2021  | 
Security teams spend as much time addressing false positive alerts as they do addressing actual cyberattacks, survey data shows.
Microsoft Confirms Acquisition of RiskIQ
Quick Hits  |  7/12/2021  | 
RiskIQ's technology helps businesses assess their security across the Microsoft cloud, Amazon Web Services, other clouds, and on-premises.
Cartoon Caption Winner: Sight Unseen
Commentary  |  7/9/2021  | 
And the winner of Dark Reading's June contest is ...
Sophos Acquires Capsule8 for Linux Server & Container Security
Quick Hits  |  7/7/2021  | 
The deal was announced the same day ZeroFox bought Dark Web intelligence firm Vigilante as a wave of security M&A continues.
Are Security Attestations a Necessity for SaaS Businesses?
Commentary  |  7/7/2021  | 
Are security attestations becoming business imperatives, or are they merely token additions on the list of regulatory requirements?
Autonomous Security Is Essential if the Edge Is to Scale Properly
Commentary  |  7/7/2021  | 
Service demands at the network edge mean customers need to get cost, performance, and security right.
NSA & CISA Issue Warning About Russian GRU Brute-Force Cyberattacks Against US, Global Orgs
News  |  7/1/2021  | 
Fancy Bear nation-state hacking team add a modern twist on old-school hacking method by using a cluster of Kubernetes software containers to expedite credential theft.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Enterprise Cybersecurity Plans in a Post-Pandemic World
Download the Enterprise Cybersecurity Plans in a Post-Pandemic World report to understand how security leaders are maintaining pace with pandemic-related challenges, and where there is room for improvement.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21742
PUBLISHED: 2021-09-25
There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.
CVE-2020-20508
PUBLISHED: 2021-09-24
Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field.
CVE-2020-20514
PUBLISHED: 2021-09-24
A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/admin/del/ids/<id>.html allows authenticated attackers to delete all users.
CVE-2016-6555
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in ver...
CVE-2016-6556
PUBLISHED: 2021-09-24
OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This iss...