Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in August 2017
Verizon Report: Businesses Hit with Payment Card Breaches Not Fully PCI-Compliant
News  |  8/31/2017  | 
Companies struggle to maintain PCI compliance within a year of meeting it, according to a new payment security report by Verizon.
International Firms Struggle to Adapt as China's Cybersecurity Law Takes Shape
Commentary  |  8/31/2017  | 
After the release of new guidelines on critical information infrastructure, international companies are still searching for clarity on how to comply with the country's new cyber regime.
Office 365: A Vehicle for Internal Phishing Attacks
News  |  8/30/2017  | 
A new threat uses internal accounts to spread phishing attacks, making fraudulent emails even harder to detect.
7 Things to Know About Today's DDoS Attacks
Slideshows  |  8/30/2017  | 
DDoS attacks are no longer something that just big companies in a few industries need to worry about. They have become a threat to every business.
Cloud Security Alliance Offers Metrics for Cyber Resiliency
Quick Hits  |  8/30/2017  | 
As cyberattacks grow in scale and complexity, businesses need metrics and processes to measure threats and restore functionality.
Shellshock Still in the Crosshairs
News  |  8/29/2017  | 
Spike in scans for the flaw spotted en masse in Q2.
Forcepoint Snaps Up RedOwl
Quick Hits  |  8/28/2017  | 
The acquisition aims to bolster Forcepoint's behavioral analytics offerings.
10 Time-Consuming Tasks Security People Hate
Slideshows  |  8/28/2017  | 
Whether it is dealing with false positives, reporting to auditors, or patching software, here's the scut work security people dread.
Cybersecurity: An Asymmetrical Game of War
Commentary  |  8/28/2017  | 
To stay ahead of the bad guys, security teams need to think like criminals, leverage AIs ability to find malicious threats, and stop worrying that machine learning will take our jobs.
Continuous Compliance and Effective Audit Preparation for the Cloud
Partner Perspectives  |  8/25/2017  | 
Why audits are a necessary evil, and how they can actually help you improve your brand value.
GDPR Compliance Preparation: A High-Stakes Guessing Game
Commentary  |  8/24/2017  | 
It's difficult to tell if your company is meeting the EU's data privacy and security standards -- or US standards, for that matter.
China, US Top List Of Countries With Most Malicious IPs
News  |  8/24/2017  | 
Brazil has 20% more risky IPs than Russia, Recorded Future's analysis shows.
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dino Dai Zovi Dives Into Container Security, SecDevOps
Dark Reading Videos  |  8/23/2017  | 
Dino Dai Zovi discusses the under-explored security aspects of Docker, data center orchestration, and containers.
Comparing Private and Public Cloud Threat Vectors
Commentary  |  8/22/2017  | 
Many companies moving from a private cloud to a cloud service are unaware of increased threats.
Trump Makes US Cyber Command an Official Combat Arm
Quick Hits  |  8/21/2017  | 
Move seen as step one in spinning off the command from the NSA.
5 Factors to Secure & Streamline Your Cloud Deployment
Partner Perspectives  |  8/21/2017  | 
How a Midwestern credit union overcame the challenges of speed, cost, security, compliance and automation to grow its footprint in the cloud.
Facebook Doles Out $100K for Internet Defense Prize
Quick Hits  |  8/17/2017  | 
Winners developed a new method of detecting spearphishing in corporate networks.
Microsoft Report: User Account Attacks Jumped 300% Since 2016
News  |  8/17/2017  | 
Most of these Microsoft user account compromises can be attributed to weak, guessable passwords and poor password management, researchers found.
70% of DevOps Pros Say They Didn't Get Proper Security Training in College
News  |  8/17/2017  | 
Veracode survey shows majority of DevOps pros mostly learn on the job about security.
Cloud Complexity Mandates Security Visibility
Partner Perspectives  |  8/16/2017  | 
The cloud is flexible, but security should be the top priority.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Commentary  |  8/15/2017  | 
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
Amazon Tackles Security of Data in S3 Storage
News  |  8/14/2017  | 
Amazon Macie is a new security service built to protect AWS S3 data from accidental leaks and breaches.
Two Iranians Face Charges for Computer Hacking, Credit Card Fraud
Quick Hits  |  8/9/2017  | 
Federal prosecutors charged two Iranian nationals with identity theft and use of stolen credit card numbers as well as threatening to expose the breach to one of the victim's customers.
WatchGuard Acquires Authentication Provider Datablink
Quick Hits  |  8/8/2017  | 
WatchGuard looks to expand its security offerings into authentication solutions for small- to midsize businesses and enterprises with a distributed workforce.
Automating Defenses Against Assembly-Line Attacks
Commentary  |  8/8/2017  | 
A manual approach just won't cut it anymore. Here's a toolset to defeat automation and unify control across all attack vectors to stop automated attacks.
Risky Business: Why Enterprises Cant Abdicate Cloud Security
Commentary  |  8/7/2017  | 
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
Qualys to Acquire Assets of Nevis Networks
Quick Hits  |  8/1/2017  | 
The transaction aims to bolster Qualys' efforts in network traffic analysis and speeds up its move into the endpoint attack-mitigation and incident response market.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.