Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in August 2017
Verizon Report: Businesses Hit with Payment Card Breaches Not Fully PCI-Compliant
News  |  8/31/2017  | 
Companies struggle to maintain PCI compliance within a year of meeting it, according to a new payment security report by Verizon.
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
Commentary  |  8/31/2017  | 
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
Office 365: A Vehicle for Internal Phishing Attacks
News  |  8/30/2017  | 
A new threat uses internal accounts to spread phishing attacks, making fraudulent emails even harder to detect.
7 Things to Know About Today's DDoS Attacks
Slideshows  |  8/30/2017  | 
DDoS attacks are no longer something that just big companies in a few industries need to worry about. They have become a threat to every business.
Cloud Security Alliance Offers Metrics for Cyber Resiliency
Quick Hits  |  8/30/2017  | 
As cyberattacks grow in scale and complexity, businesses need metrics and processes to measure threats and restore functionality.
Shellshock Still in the Crosshairs
News  |  8/29/2017  | 
Spike in scans for the flaw spotted en masse in Q2.
Forcepoint Snaps Up RedOwl
Quick Hits  |  8/28/2017  | 
The acquisition aims to bolster Forcepoint's behavioral analytics offerings.
10 Time-Consuming Tasks Security People Hate
Slideshows  |  8/28/2017  | 
Whether it is dealing with false positives, reporting to auditors, or patching software, here's the scut work security people dread.
Cybersecurity: An Asymmetrical Game of War
Commentary  |  8/28/2017  | 
To stay ahead of the bad guys, security teams need to think like criminals, leverage AIs ability to find malicious threats, and stop worrying that machine learning will take our jobs.
Continuous Compliance and Effective Audit Preparation for the Cloud
Partner Perspectives  |  8/25/2017  | 
Why audits are a necessary evil, and how they can actually help you improve your brand value.
GDPR Compliance Preparation: A High-Stakes Guessing Game
Commentary  |  8/24/2017  | 
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
China, US Top List Of Countries With Most Malicious IPs
News  |  8/24/2017  | 
Brazil has 20% more risky IPs than Russia, Recorded Future's analysis shows.
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dark Reading Videos  |  8/23/2017  | 
Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
Comparing Private and Public Cloud Threat Vectors
Commentary  |  8/22/2017  | 
Many companies moving from a private cloud to a cloud service are unaware of increased threats.
Trump Makes US Cyber Command an Official Combat Arm
Quick Hits  |  8/21/2017  | 
Move seen as step one in spinning off the command from the NSA.
5 Factors to Secure & Streamline Your Cloud Deployment
Partner Perspectives  |  8/21/2017  | 
How a Midwestern credit union overcame the challenges of speed, cost, security, compliance and automation to grow its footprint in the cloud.
Facebook Doles Out $100K for Internet Defense Prize
Quick Hits  |  8/17/2017  | 
Winners developed a new method of detecting spearphishing in corporate networks.
Microsoft Report: User Account Attacks Jumped 300% Since 2016
News  |  8/17/2017  | 
Most of these Microsoft user account compromises can be attributed to weak, guessable passwords and poor password management, researchers found.
70% of DevOps Pros Say They Didn't Get Proper Security Training in College
News  |  8/17/2017  | 
Veracode survey shows majority of DevOps pros mostly learn on the job about security.
Cloud Complexity Mandates Security Visibility
Partner Perspectives  |  8/16/2017  | 
The cloud is flexible, but security should be the top priority.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Commentary  |  8/15/2017  | 
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
Amazon Tackles Security of Data in S3 Storage
News  |  8/14/2017  | 
Amazon Macie is a new security service built to protect AWS S3 data from accidental leaks and breaches.
Two Iranians Face Charges for Computer Hacking, Credit Card Fraud
Quick Hits  |  8/9/2017  | 
Federal prosecutors charged two Iranian nationals with identity theft and use of stolen credit card numbers as well as threatening to expose the breach to one of the victim's customers.
WatchGuard Acquires Authentication Provider Datablink
Quick Hits  |  8/8/2017  | 
WatchGuard looks to expand its security offerings into authentication solutions for small- to midsize businesses and enterprises with a distributed workforce.
Automating Defenses Against Assembly-Line Attacks
Commentary  |  8/8/2017  | 
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
Risky Business: Why Enterprises Cant Abdicate Cloud Security
Commentary  |  8/7/2017  | 
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
Qualys to Acquire Assets of Nevis Networks
Quick Hits  |  8/1/2017  | 
The transaction aims to bolster Qualys' efforts in network traffic analysis and speeds up its move into the endpoint attack-mitigation and incident response market.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4019
PUBLISHED: 2020-06-01
The file editing functionality in the Atlassian Companion App before version 1.0.0 allows local attackers to have the app run a different executable in place of the app's cmd.exe via a untrusted search path vulnerability.
CVE-2020-4020
PUBLISHED: 2020-06-01
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure.
CVE-2020-4021
PUBLISHED: 2020-06-01
Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the XML export view.
CVE-2020-4023
PUBLISHED: 2020-06-01
The review coverage resource in Atlassian Fisheye and Crucible before version 4.8.2 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the committerFilter parameter.
CVE-2020-4013
PUBLISHED: 2020-06-01
The review resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to inject arbitrary HTML or Javascript via a cross site scripting (XSS) vulnerability through the review objectives.