Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in July 2021
8 Security Tools to be Unveiled at Black Hat USA
Slideshows  |  7/28/2021  | 
Security researchers and practitioners share a host of new cyber tools for penetration testing, reverse engineering, malware defense, and more.
7 Hot Cyber Threat Trends to Expect at Black Hat
Slideshows  |  7/22/2021  | 
A sneak peek of some of the main themes at Black Hat USA next month.
IoT-Specific Malware Infections Jumped 700% Amid Pandemic
Quick Hits  |  7/15/2021  | 
Gafgyt and Mirai malware represented majority of IoT malware, new data from Zscaler shows.
How to Bridge On-Premises and Cloud Identity
Commentary  |  7/15/2021  | 
Identity fabric, a cloud-native framework, removes the need for multiple, siloed, proprietary identity systems.
DoD-Validated Data Security Startup Emerges From Stealth
Quick Hits  |  7/13/2021  | 
The Code-X platform has been tested by the US Department of Defense and members of the intelligence community.
Tool Sprawl & False Positives Hold Security Teams Back
News  |  7/13/2021  | 
Security teams spend as much time addressing false positive alerts as they do addressing actual cyberattacks, survey data shows.
Microsoft Confirms Acquisition of RiskIQ
Quick Hits  |  7/12/2021  | 
RiskIQ's technology helps businesses assess their security across the Microsoft cloud, Amazon Web Services, other clouds, and on-premises.
Cartoon Caption Winner: Sight Unseen
Commentary  |  7/9/2021  | 
And the winner of Dark Reading's June contest is ...
Sophos Acquires Capsule8 for Linux Server & Container Security
Quick Hits  |  7/7/2021  | 
The deal was announced the same day ZeroFox bought Dark Web intelligence firm Vigilante as a wave of security M&A continues.
Are Security Attestations a Necessity for SaaS Businesses?
Commentary  |  7/7/2021  | 
Are security attestations becoming business imperatives, or are they merely token additions on the list of regulatory requirements?
Autonomous Security Is Essential if the Edge Is to Scale Properly
Commentary  |  7/7/2021  | 
Service demands at the network edge mean customers need to get cost, performance, and security right.
NSA & CISA Issue Warning About Russian GRU Brute-Force Cyberattacks Against US, Global Orgs
News  |  7/1/2021  | 
Fancy Bear nation-state hacking team add a modern twist on old-school hacking method by using a cluster of Kubernetes software containers to expedite credential theft.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Improving Enterprise Cybersecurity With XDR
Enterprises are looking at eXtended Detection and Response technologies to improve their abilities to detect, and respond to, threats. While endpoint detection and response is not new to enterprise security, organizations have to improve network visibility, expand data collection and expand threat hunting capabilites if they want their XDR deployments to succeed. This issue of Tech Insights also includes: a market overview for XDR from Omdia, questions to ask before deploying XDR, and an XDR primer.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-34876
PUBLISHED: 2022-07-05
SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or mak...
CVE-2022-34877
PUBLISHED: 2022-07-05
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavail...
CVE-2022-34878
PUBLISHED: 2022-07-05
SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and bec...
CVE-2022-34879
PUBLISHED: 2022-07-05
Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.
CVE-2022-31770
PUBLISHED: 2022-07-05
IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.