Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in August 2016
How Not To Pay A Ransom: 3 Tips For Enterprise Security Pros
Commentary  |  8/31/2016  | 
At the most basic level, organizations must understand their data, the entry points, and who has access. But dont forget to keep your backup systems up to date.
6 Ways To Hack An Election
Commentary  |  8/30/2016  | 
Threats to our electoral process can come from outside the country or nefarious insiders. Our country needs to be better prepared.
US Think Tanks Involved In Russia Research Allegedly Hacked
Quick Hits  |  8/30/2016  | 
Russia-backed DNC hacker COZY BEAR behind these spearphish attacks on individuals and organizations, says CrowdStrike.
Report: Hackers Breach Two State Election Databases, FBI Warns
Quick Hits  |  8/29/2016  | 
FBI's need-to-know-only advisory doesn't specify, but Yahoo News' sources say it refers to 'suspected foreign hackers' targeting voter registration databases in Arizona and Illinois.
The Hidden Dangers Of 'Bring Your Own Body'
Commentary  |  8/26/2016  | 
The use of biometric data is on the rise, causing new security risks that must be assessed and addressed.
When Securing Your Applications, Seeing Is Believing
Commentary  |  8/24/2016  | 
While the cloud is amazing, a worrying lack of visibility goes along with it. Keep that in mind as you develop your security approach.
CISO Security Portfolios Vs. Reporting Structures
Commentary  |  8/23/2016  | 
Organizational structure is a tool for driving action. Worrying about your bosss title wont help you as much as a better communication framework.
Hacktivists Take Aim At Olympics Broadcast Service
Quick Hits  |  8/22/2016  | 
Broadcasts and images of Games left intact, but employee contact information apparently breached.
FireEye Probes Suspected Breach Of Clinton Charity Site: Sources
Quick Hits  |  8/19/2016  | 
Officials say attackers reportedly employed same technique as used in Russia-backed hacking of Democratic Party groups.
Darknet: Where Your Stolen Identity Goes to Live
Commentary  |  8/19/2016  | 
Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.
5 Strategies For Enhancing Targeted Security Monitoring
Commentary  |  8/18/2016  | 
These examples will help you improve early incident detection results.
User Ed: Patching People Vs Vulns
Commentary  |  8/17/2016  | 
How infosec can combine and adapt security education and security defenses to the way users actually do their jobs.
Security Must Become Driving Force For Auto Industry
Commentary  |  8/17/2016  | 
Digital security hasnt kept pace in this always-connected era. Is infosec up to the challenge?
Poorly Configured DNSSEC = Potential DDoS Weapon
News  |  8/16/2016  | 
New research from Neustar shows how attackers could abuse DNSSEC-secured domains for distributed denial-of-service (DDoS) attacks.
Dark Reading Radio: What Keeps IT Security Pros Awake at Night
Commentary  |  8/16/2016  | 
Join us for a wide-ranging discussion with (ISC) Chief Exec David Shearer on the most worrisome infosec trends and challenges.
DDoS Attack On Aussie Swimming Site Linked To Horton-Sun Yang Feud
Quick Hits  |  8/15/2016  | 
Cyberattack soon after Australian swimmer accuses Chinese rival of being a drug cheat.'
6 Things To Know For Securing Amazon Web Services
Slideshows  |  8/13/2016  | 
AWS is coming out with more new cloud security features.
Trouble In the Cloud: More Than Half Of Organizations Facing Security Woes
News  |  8/12/2016  | 
Survey shows security professionals are grappling with unauthorized data sharing and other security incidents in SaaS cloud environments.
Global Businesses Ask China To Revise Draft Cyber Rules
Quick Hits  |  8/12/2016  | 
Security may weaken, economic growth hampered, if draft made into law, say 46 businesses in letter to Li Keqiang.
Substantially Above Par: DR Cartoon Caption Contest Winners
Commentary  |  8/12/2016  | 
Critical vulnerabilities, links & virtual reality. And the winner is...
The Future Of ATM Hacking
News  |  8/11/2016  | 
Research released at Black Hat USA last week shows that one of our best defenses for the future of payment card and ATM security isn't infallible. Here's why.
Bitcoins Forfeited In Silk Road Cases To Be Auctioned
Quick Hits  |  8/9/2016  | 
US Marshals Service to sell 2,719 bitcoins worth around $1.6 million on August 22 -- bidders must register by August 18.
Newly Announced Chipset Vuln Affects 900 Million Android Devices
News  |  8/8/2016  | 
Check Point Research Team details four vulnerabilities that can easily lead to full privilege escalation.
Data Protection From The Inside Out
Commentary  |  8/8/2016  | 
Organizations must make fundamental changes in the way they approach data protection.
New Internet Security Domains Debut
News  |  8/5/2016  | 
Meet the new .security and .protection domains.
Dark Reading News Desk Coming Back To Black Hat, Live
News  |  8/4/2016  | 
Live from Las Vegas: over 40 video interviews with Black Hat USA conference speakers and sponsors. Wednesday Aug. 3, Thursday Aug, 4, starting at 2 p.m. ET.
Best Of Black Hat Innovation Awards: And The Winners Are
Commentary  |  8/3/2016  | 
Three companies and leaders who think differently about security: Deep Instinct, most innovative startup; Vectra, most innovative emerging company; Paul Vixie, most innovative thought leader.
Kaminsky Creates Prototype To Lock Out Attackers
News  |  8/3/2016  | 
Security expert warns the Internet could be lost to regulators and hackers if industry doesn't start locking down security.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-39220
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read state or user IP. The privacy filter failed to filter images with a relative protocol. It is recommended ...
CVE-2021-39221
PUBLISHED: 2021-10-25
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due th...
CVE-2021-41176
PUBLISHED: 2021-10-25
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted at...
CVE-2021-34854
PUBLISHED: 2021-10-25
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within ...
CVE-2021-34855
PUBLISHED: 2021-10-25
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exi...