Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

News & Commentary

Content tagged with Cloud posted in September 2015
DHS Funds Project For Open Source 'Invisible Clouds'
News  |  9/30/2015  | 
Cloud Security Alliance and Waverley Labs to build software-defined perimeter (SDP) to protect cloud and critical infrastructure from DDoS attacks.
Visibility: The Key To Security In The Cloud
Commentary  |  9/18/2015  | 
You can’t secure what you can’t see. These five best practices will shed some light on how to protect your data from the ground up.
Darknet Is Full Of Criminals & Governments Giving TOR A Bad Name
News  |  9/16/2015  | 
Human traffickers, crowd-sourcing murderers, child pornographers, and governments in the market for juicy zero-days are flooding the Dark Web -- making it hard for the good guys to defend it.
Fixing IoT Security: Dark Reading Radio Wednesday at 1 P.M. ET
Commentary  |  9/15/2015  | 
Join us for a conversation about what is being done and what needs to be done to secure the Internet of Things.
Malvertising Campaign Rages Undetected For 3 Weeks
News  |  9/14/2015  | 
Instead of injecting nasty code into ads, attackers pose as legitimate advertisers and manipulate ad networks' chain of trust.
What You Should, But Don't, Do About Untrusted Certs, CAs
News  |  9/9/2015  | 
Security departments could take measures to protect organizations from untrusted certificate authorities and counterfeit SSL certs, but most don't bother.
Ashley Madison Guilty Of Hard-Coded Creds, Weak Bot Detection
News  |  9/8/2015  | 
Researchers find Amazon Web Services credentials in the source code and honeypot email addresses in the leaked user database.
Jeremiah Grossman's Tips For Black Hat Hopefuls & More
Jeremiah Grossman's Tips For Black Hat Hopefuls & More
Dark Reading Videos  |  9/4/2015  | 
Founder of WhiteHat Security visits the Dark Reading News Desk to dish on the Black Hat Briefings selection process, the state of Web security, the Wassenaar Arrangement, and Flash.
China's Great Cannon: The Great Firewall's More Aggressive Partner
China's Great Cannon: The Great Firewall's More Aggressive Partner
Dark Reading Videos  |  9/3/2015  | 
Crowdstrike researchers visit Dark Reading News Desk at Black Hat to describe how China went on the offensive and extended its Internet censorship efforts beyond Chinese borders.


Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is the last time we hire Game of Thrones Security"
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17185
PUBLISHED: 2019-12-09
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-12424
PUBLISHED: 2019-12-09
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2019-18380
PUBLISHED: 2019-12-09
Symantec Industrial Control System Protection (ICSP), versions 6.x.x, may be susceptible to an unauthorized access issue that could potentially allow a threat actor to create or modify application user accounts without proper authentication.
CVE-2019-19687
PUBLISHED: 2019-12-09
OpenStack Keystone 15.0.0 and 16.0.0 is affected by Data Leakage in the list credentials API. Any user with a role on a project is able to list any credentials with the /v3/credentials API when enforce_scope is false. Users with a role on a project are able to view any other users' credentials, whic...
CVE-2019-19682
PUBLISHED: 2019-12-09
nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogController.cs via Body or Full to Admin/News/NewsItemEdit/[id] Admin/Blog/BlogPostEdit/[id]. NOTE: the ...