Advertise

News & Commentary

Content tagged with Cloud posted in September 2015

View Content By Month

DHS Funds Project For Open Source 'Invisible Clouds'

News | 9/30/2015 |

2 comments

Cloud Security Alliance and Waverley Labs to build software-defined perimeter (SDP) to protect cloud and critical infrastructure from DDoS attacks.

Visibility: The Key To Security In The Cloud

Commentary | 9/18/2015 |

2 comments

You can’t secure what you can’t see. These five best practices will shed some light on how to protect your data from the ground up.

Darknet Is Full Of Criminals & Governments Giving TOR A Bad Name

News | 9/16/2015 |

4 comments

Human traffickers, crowd-sourcing murderers, child pornographers, and governments in the market for juicy zero-days are flooding the Dark Web -- making it hard for the good guys to defend it.

Fixing IoT Security: Dark Reading Radio Wednesday at 1 P.M. ET

Commentary | 9/15/2015 |

2 comments

Join us for a conversation about what is being done and what needs to be done to secure the Internet of Things.

Malvertising Campaign Rages Undetected For 3 Weeks

News | 9/14/2015 |

1 comment

Instead of injecting nasty code into ads, attackers pose as legitimate advertisers and manipulate ad networks' chain of trust.

What You Should, But Don't, Do About Untrusted Certs, CAs

News | 9/9/2015 |

2 comments

Security departments could take measures to protect organizations from untrusted certificate authorities and counterfeit SSL certs, but most don't bother.

Ashley Madison Guilty Of Hard-Coded Creds, Weak Bot Detection

News | 9/8/2015 |

2 comments

Researchers find Amazon Web Services credentials in the source code and honeypot email addresses in the leaked user database.

Jeremiah Grossman's Tips For Black Hat Hopefuls & More

Dark Reading Videos | 9/4/2015 |

Post a comment

Crowdstrike researchers visit Dark Reading News Desk at Black Hat to describe how China went on the offensive and extended its Internet censorship efforts beyond Chinese borders.

View Content by Month

[close this box]

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Cybersecurity Outlook 2023 - December 13 Event

Black Hat Europe - December 5-8 - Learn More

[FREE Virtual Event] The Identity Crisis

More Informa Tech Live Events

White Papers

Addressing Cyber Risk Starts with Understanding Cyber Risk

How Hybrid Work Fuels Ransomware Attacks

The State of Threat Prevention

Building Operational Resilience in Industrial & Critical Infrastructure

6 Elements of a Solid IoT Security Strategy

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

Creating an Effective Incident Response Plan

Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2022-24999
PUBLISHED: 2022-11-26

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query strin...

CVE-2022-45909
PUBLISHED: 2022-11-26

drachtio-server 0.8.18 has a heap-based buffer over-read via a long Request-URI in an INVITE request.

CVE-2022-45907
PUBLISHED: 2022-11-26

In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely.

CVE-2022-45908
PUBLISHED: 2022-11-26

In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution.

CVE-2022-44843
PUBLISHED: 2022-11-25

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the port parameter in the setting/setOpenVpnClientCfg function.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]