Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in August 2016
How Not To Pay A Ransom: 3 Tips For Enterprise Security Pros
Commentary  |  8/31/2016  | 
At the most basic level, organizations must understand their data, the entry points, and who has access. But dont forget to keep your backup systems up to date.
6 Ways To Hack An Election
Commentary  |  8/30/2016  | 
Threats to our electoral process can come from outside the country or nefarious insiders. Our country needs to be better prepared.
US Think Tanks Involved In Russia Research Allegedly Hacked
Quick Hits  |  8/30/2016  | 
Russia-backed DNC hacker COZY BEAR behind these spearphish attacks on individuals and organizations, says CrowdStrike.
Report: Hackers Breach Two State Election Databases, FBI Warns
Quick Hits  |  8/29/2016  | 
FBI's need-to-know-only advisory doesn't specify, but Yahoo News' sources say it refers to 'suspected foreign hackers' targeting voter registration databases in Arizona and Illinois.
The Hidden Dangers Of 'Bring Your Own Body'
Commentary  |  8/26/2016  | 
The use of biometric data is on the rise, causing new security risks that must be assessed and addressed.
When Securing Your Applications, Seeing Is Believing
Commentary  |  8/24/2016  | 
While the cloud is amazing, a worrying lack of visibility goes along with it. Keep that in mind as you develop your security approach.
CISO Security Portfolios Vs. Reporting Structures
Commentary  |  8/23/2016  | 
Organizational structure is a tool for driving action. Worrying about your bosss title wont help you as much as a better communication framework.
Hacktivists Take Aim At Olympics Broadcast Service
Quick Hits  |  8/22/2016  | 
Broadcasts and images of Games left intact, but employee contact information apparently breached.
FireEye Probes Suspected Breach Of Clinton Charity Site: Sources
Quick Hits  |  8/19/2016  | 
Officials say attackers reportedly employed same technique as used in Russia-backed hacking of Democratic Party groups.
Darknet: Where Your Stolen Identity Goes to Live
Commentary  |  8/19/2016  | 
Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.
5 Strategies For Enhancing Targeted Security Monitoring
Commentary  |  8/18/2016  | 
These examples will help you improve early incident detection results.
User Ed: Patching People Vs Vulns
Commentary  |  8/17/2016  | 
How infosec can combine and adapt security education and security defenses to the way users actually do their jobs.
Security Must Become Driving Force For Auto Industry
Commentary  |  8/17/2016  | 
Digital security hasnt kept pace in this always-connected era. Is infosec up to the challenge?
Poorly Configured DNSSEC = Potential DDoS Weapon
News  |  8/16/2016  | 
New research from Neustar shows how attackers could abuse DNSSEC-secured domains for distributed denial-of-service (DDoS) attacks.
Dark Reading Radio: What Keeps IT Security Pros Awake at Night
Commentary  |  8/16/2016  | 
Join us for a wide-ranging discussion with (ISC) Chief Exec David Shearer on the most worrisome infosec trends and challenges.
DDoS Attack On Aussie Swimming Site Linked To Horton-Sun Yang Feud
Quick Hits  |  8/15/2016  | 
Cyberattack soon after Australian swimmer accuses Chinese rival of being a drug cheat.'
6 Things To Know For Securing Amazon Web Services
Slideshows  |  8/13/2016  | 
AWS is coming out with more new cloud security features.
Trouble In the Cloud: More Than Half Of Organizations Facing Security Woes
News  |  8/12/2016  | 
Survey shows security professionals are grappling with unauthorized data sharing and other security incidents in SaaS cloud environments.
Global Businesses Ask China To Revise Draft Cyber Rules
Quick Hits  |  8/12/2016  | 
Security may weaken, economic growth hampered, if draft made into law, say 46 businesses in letter to Li Keqiang.
Substantially Above Par: DR Cartoon Caption Contest Winners
Commentary  |  8/12/2016  | 
Critical vulnerabilities, links & virtual reality. And the winner is...
The Future Of ATM Hacking
News  |  8/11/2016  | 
Research released at Black Hat USA last week shows that one of our best defenses for the future of payment card and ATM security isn't infallible. Here's why.
Bitcoins Forfeited In Silk Road Cases To Be Auctioned
Quick Hits  |  8/9/2016  | 
US Marshals Service to sell 2,719 bitcoins worth around $1.6 million on August 22 -- bidders must register by August 18.
Newly Announced Chipset Vuln Affects 900 Million Android Devices
News  |  8/8/2016  | 
Check Point Research Team details four vulnerabilities that can easily lead to full privilege escalation.
Data Protection From The Inside Out
Commentary  |  8/8/2016  | 
Organizations must make fundamental changes in the way they approach data protection.
New Internet Security Domains Debut
News  |  8/5/2016  | 
Meet the new .security and .protection domains.
Dark Reading News Desk Coming Back To Black Hat, Live
News  |  8/4/2016  | 
Live from Las Vegas: over 40 video interviews with Black Hat USA conference speakers and sponsors. Wednesday Aug. 3, Thursday Aug, 4, starting at 2 p.m. ET.
Best Of Black Hat Innovation Awards: And The Winners Are
Commentary  |  8/3/2016  | 
Three companies and leaders who think differently about security: Deep Instinct, most innovative startup; Vectra, most innovative emerging company; Paul Vixie, most innovative thought leader.
Kaminsky Creates Prototype To Lock Out Attackers
News  |  8/3/2016  | 
Security expert warns the Internet could be lost to regulators and hackers if industry doesn't start locking down security.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-2529
PUBLISHED: 2022-09-30
sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.
CVE-2022-2922
PUBLISHED: 2022-09-30
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.
CVE-2022-41849
PUBLISHED: 2022-09-30
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
CVE-2022-41850
PUBLISHED: 2022-09-30
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
CVE-2022-41848
PUBLISHED: 2022-09-30
drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.