Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in August 2019
Google Uncovers Massive iPhone Attack Campaign
News  |  8/30/2019  | 
A group of hacked websites has been silently compromising fully patched iPhones for at least two years, Project Zero reports.
Google Announces New, Expanded Bounty Programs
Quick Hits  |  8/29/2019  | 
The company is significantly expanding the bug-bounty program for Google Play and starting a program aimed at user data protection.
Google Cloud Releases Beta of Managed Service to Microsoft AD
Quick Hits  |  8/29/2019  | 
Managed Service for Microsoft Active Directory was built to help admins handle cloud-based workloads.
Malware Found in Android App with 100M Users
Quick Hits  |  8/28/2019  | 
CamScanner, a legitimate app used to scan and manage documents, was found executing payloads on Android devices.
Imperva Customer Database Exposed
Quick Hits  |  8/27/2019  | 
A subset of customers for the company's Incapsula web application firewall had their email addresses, hashed/salted passwords, and more open to unauthorized access, Imperva announced.
CrowdStrike Launches Fund for Early-Stage Endpoint Security Startups
News  |  8/27/2019  | 
It's goal is to accelerate delivery of third-party apps that add on and extend the company's Falcon cloud-hosted services.
WannaCry Remains No. 1 Ransomware Weapon
News  |  8/27/2019  | 
Of all of the ransomware variants spotted targeting victims in the first half of 2019, the infamous WannaCry was by far the most prevalent, according to Trend Micro's detection data.
6 Ways Airlines and Hotels Can Keep Their Networks Secure
Slideshows  |  8/27/2019  | 
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
More Than Half of Social Media Login Attempts Are Fraud
News  |  8/26/2019  | 
Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states.
IBM Announces Quantum Safe Encryption
Quick Hits  |  8/23/2019  | 
Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption.
VMware to Buy Carbon Black for $2.1B
Quick Hits  |  8/23/2019  | 
Virtual machine giant's big cloud move includes plans to shell out $2.7 billion in stock transactions for Pivotal Software.
Capital One Breach: What Security Teams Can Do Now
Commentary  |  8/23/2019  | 
Knowing the methods of the attacker, as laid out in the federal indictment, allow us to prevent similar attacks.
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
News  |  8/22/2019  | 
Microsoft remains the favorite brand to spoof in phishing campaigns, but more attackers are impersonating Facebook.
Threat Intelligence Gateways: A Useful Adjunct to Overworked Perimeter Security
Commentary  |  8/22/2019  | 
Comparative research shows the relative strengths and weaknesses of five TIG vendors and which kinds of security organization will reap the most benefit.
LinkedIn Details Features of Fight Against Fakes
Quick Hits  |  8/22/2019  | 
A recent blog post explains how the social network is fighting to protect its users from interactions with fake accounts.
Splunk Buys SignalFx for $1.05 Billion
Quick Hits  |  8/21/2019  | 
Deal will yield 'one platform that can monitor the entire enterprise application lifecycle,' Splunk CEO says.
MoviePass Leaves Credit Card Numbers, Personal Data Exposed Online
News  |  8/21/2019  | 
Thousands of customers' credit card numbers, MoviePass card numbers, and sensitive data were left in an unprotected database.
'Box Shield' Brings New Security Controls
News  |  8/21/2019  | 
New controls and threat detection capabilities built into Box aim to prevent accidental data leakage and misuse.
New Confidential Computing Consortium Includes Google, Intel, Microsoft
Quick Hits  |  8/21/2019  | 
The Linux Foundation plans to form a community to "define and accelerate" the adoption of confidential computing.
7 Big Factors Putting Small Businesses At Risk
Slideshows  |  8/21/2019  | 
Small organizations still face a long list of security threats. These threats and vulnerabilities should be top of mind.
Cyberthreats Against Financial Services Up 56%
Quick Hits  |  8/20/2019  | 
Financial institutions interacting with customers online must prepare for a broader, more sophisticated variety of threats.
US Chamber of Commerce, FICO Report National Risk Score of 688
Quick Hits  |  8/19/2019  | 
While the score was up for large businesses and down for small firms, the report urges all to prioritize third-party risk management.
European Central Bank Website Hit by Malware Attack
Quick Hits  |  8/16/2019  | 
The website was infected with malware that stole information on subscribers to a bank newsletter.
7 Biggest Cloud Security Blind Spots
Slideshows  |  8/15/2019  | 
Cloud computing boon is for innovation, yet security organizations find themselves running into obstacles.
Why Companies Fail to Learn from Peers' Mistakes (and How They Can Change)
Commentary  |  8/14/2019  | 
Far too often, there's a new breach in the headlines. Companies need to start learning some obvious lessons.
Microservices Flip App Security on Its Head
Commentary  |  8/14/2019  | 
With faster application deployment comes increased security considerations.
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
News  |  8/13/2019  | 
Similar to the now-patched 'BlueKeep' vulnerability, two flaws fixed today could let malware spread across vulnerable computers.
700K Guest Records Stolen in Choice Hotels Breach
Quick Hits  |  8/13/2019  | 
Cybercriminals reportedly stole the information from an exposed MongoDB database on a third-party server.
History Doesn't Repeat Itself in Cyberspace
Commentary  |  8/13/2019  | 
The 10th anniversary of the US Cyber Command is an opportunity to prepare for unknowns in the rapidly changing cybersecurity landscape.
DEF CON Voting Village: It's About 'Risk'
News  |  8/12/2019  | 
DHS, security experts worry about nation-state or other actors waging a disruptive or other attack on the 2020 election to sow distrust of the election process.
Dark Reading News Desk Live at Black Hat USA 2019
News  |  8/8/2019  | 
Watch right here for 40 video interviews with speakers and sponsors. Streaming live from Black Hat USA Wednesday and Thursday 2 p.m. to 6 p.m. Eastern.
Enterprises Must Be Wary of Ransomware Targeting Network File Shares & Cloud Assets
News  |  8/7/2019  | 
New research shows that criminals are evolving ransomware attacks against servers, network hosts, and IaaS cloud assets in search of bigger payoffs from businesses.
Microsoft Opens Azure Security Lab, Raises Top Azure Bounty to $40K
News  |  8/5/2019  | 
Microsoft has invited security experts to 'come and do their worst' to mimic cybercriminals in the Azure Security Lab.
Capital One: What We Should Learn This Time
News  |  8/2/2019  | 
Where Capital One went wrong, what the bank did right, and more key takeaways from the latest mega-breach.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Black Hat USA 2022 Attendee Report
Black Hat attendees are not sleeping well. Between concerns about attacks against cloud services, ransomware, and the growing risks to the global supply chain, these security pros have a lot to be worried about. Read our 2022 report to hear what they're concerned about now.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-35942
PUBLISHED: 2022-08-12
Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. When the extended filter property `contains` is permitted to be interpreted by the Postgres connector, it is possible to inject arbitrary SQL which may affect the confidentiality and integrity of data ...
CVE-2022-35949
PUBLISHED: 2022-08-12
undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. If a user specifies a URL such as `http://127.0.0.1` or `//127.0.0.1` ```js con...
CVE-2022-35953
PUBLISHED: 2022-08-12
BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. Some links in BookWyrm may be vulnerable to tabnabbing, a form of phishing that gives attackers an opportunity to redirect a user to a malicious site. The issue was patche...
CVE-2022-35956
PUBLISHED: 2022-08-12
This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. Before version 0.1.3 `update_by_case` gem used custom sql strings, and it was not sanitized, making it vulnerable to sql injection. Upgra...
CVE-2022-35943
PUBLISHED: 2022-08-12
Shield is an authentication and authorization framework for CodeIgniter 4. This vulnerability may allow [SameSite Attackers](https://canitakeyoursubdomain.name/) to bypass the [CodeIgniter4 CSRF protection](https://codeigniter4.github.io/userguide/libraries/security.html) mechanism with CodeIgniter ...