Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in September 2016
6 Ways To Prepare For The EUs GDPR
News  |  9/30/2016  | 
In less than 20 months, all US companies doing business in the EU will face new consumer privacy requirements. Heres how to prepare for them.
EMV: The Anniversary Of One Deadline, The Eve of Another
News  |  9/29/2016  | 
How merchants and criminals responded since the EMV liability shift for point-of-sale devices one year ago. And what changes can we expect after the liability shift for ATMs, which is just days away?
Microsoft Launches Cloud-Based Fuzzing
News  |  9/28/2016  | 
'Project Springfield' debuts at Ignite conference.
Hacking The Polls: Where US Voting Processes Fall Short
Commentary  |  9/28/2016  | 
The patchwork of 50 decentralized state electoral systems threatens to disrupt our national election through ransomware attacks, hijacked voter registration rolls, and altered voting results.
5 Best Practices For Winning the IoT Security Arms Race
Commentary  |  9/27/2016  | 
By focusing on a pragmatic approach to security, its possible to develop IoT solutions that will reduce future risk without breaking the bank.
25 Security Vendors To Watch
Slideshows  |  9/27/2016  | 
A wave of security companies are armed with technologies to help businesses mitigate the next generation of cyberattacks. Who are these vendors and what can they offer?
Yahoo Confirms August Data Dump Issue Unrelated To Breach Of 500 Million Users
Quick Hits  |  9/27/2016  | 
No 'connection' between August 2016 data dump claims and 2014 nation-state attack, company says.
Yahoo Sued By User Over 2014 Hacking
Quick Hits  |  9/27/2016  | 
New Yorker files lawsuit against Yahoo for recklessness and delay in uncovering hack of half a billion accounts.
Yahoo Breach: US Senator Seeks SEC Role In Probe
Quick Hits  |  9/27/2016  | 
Democrat Mark Warner asks US Securities and Exchange Commission to investigate whether Yahoo completed obligations post breach discovery.
7 New Rules For IoT Safety & Vuln Disclosure
Commentary  |  9/24/2016  | 
In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
Spam Levels Spike, Thanks In Part To Ransomware
News  |  9/23/2016  | 
By shipping banking Trojans and ransomware that turn big profits fast, spammers can now afford the high overhead of high-volume spam campaigns.
7 Ways Cloud Alters The Security Equation
Slideshows  |  9/23/2016  | 
Would-be and existing customers must understand that security isn't set-and-forget just because it resides in the cloud.
D-FENSE! Using Research To Craft Effective Cyber Defenses
D-FENSE! Using Research To Craft Effective Cyber Defenses
Dark Reading Videos  |  9/23/2016  | 
A pair of experts from Imperva stops by the Dark Reading News Desk to chat.
On-Premises & In The Cloud: Making Sense Of Your Cybersecurity Ecosystem
Commentary  |  9/23/2016  | 
As enterprises continue to invest in hybrid cloud strategies, they need their fragmented security solutions to work together.
FTC Releases Video With Data Breach Recovery Advice
Quick Hits  |  9/23/2016  | 
The US Federal Trade Commission video has detailed instructions on what to do if personal data of a user is stolen and exposed.
SWIFT CISO: Cyber Threat 'Persistent'
Quick Hits  |  9/22/2016  | 
Alain Desausoi describes threat as persistent, and says there's been progress in combating it via new SWIFT initiatives.
How Cloud, Mobile Are Changing IT, Security Management: Study
News  |  9/21/2016  | 
The evolution of technology is changing the role of IT and security pros as more employees use cloud apps and connect personal devices to corporate networks.
Florida Man Charged With Hacking Linux Servers
Quick Hits  |  9/21/2016  | 
Donald Austin allegedly stole credentials of Linux employee to hack four company servers and install rootkit and Trojan software.
Why You May Need To Shake Up Your DevOps Team To Manage The Cloud
Commentary  |  9/16/2016  | 
The security approaches of yesterday wont work in the cloud world of today and tomorrow.
Yes, The Cloud Can Be A Security Win
Commentary  |  9/15/2016  | 
With the right controls in place, the cloud doesnt have to be a scary place. These guidelines can help your company stay safe.
Keep It Simple: Security For A Complex Enterprise
Keep It Simple: Security For A Complex Enterprise
Dark Reading Videos  |  9/14/2016  | 
Michelle Cobb of Skybox Security talks to Dark Reading about security management.
Wisdom From A Thought Leader: AppSec Best Practices
Wisdom From A Thought Leader: AppSec Best Practices
Dark Reading Videos  |  9/14/2016  | 
The Black Hat News Desk chats with Jeff Williams, CTO at Contrast Security.
Google, Facebook, Twitter, Petition Congress To Support ICANN Transition
Quick Hits  |  9/14/2016  | 
Google, Facebook, Twitter, Yahoo and other tech companies ask Congress to not oppose the scheduled October 1 transfer of Internet control to global community.
Don't Trust That Trust Mechanism: Vulnerabilities In Digital Certificates
Don't Trust That Trust Mechanism: Vulnerabilities In Digital Certificates
Dark Reading Videos  |  9/14/2016  | 
Tom Nipravsky, security researcher at Deep Instinct, explains how to tell the difference between a digital certificate that's worth your trust and one that isn't.
Startup Focuses On Real-Time Security Monitoring Of Plant Networks
News  |  9/13/2016  | 
With $32 million in venture capital funding and co-founders from Siemens and Israeli Defense Force research teams, Claroty emerges from stealth.
A Moving Target: Tackling Cloud Security As A Data Issue
Commentary  |  9/13/2016  | 
Todays challenge is protecting critical information that an increasingly mobile workforce transfers every day between clouds, between cloud and mobile, and between cloud, mobile, and IoT.
White House Names First Federal CISO
Quick Hits  |  9/12/2016  | 
Retired Brigadier General Touhill will serve as federal CISO.
Dan Kaminsky On How Not To Lose The Internet As We Know It
Dan Kaminsky On How Not To Lose The Internet As We Know It
Dark Reading Videos  |  9/12/2016  | 
Dan Kaminsky discusses how to improve the security and privacy of the Internet without destroying the openness and freedom to innovate that it has always provided.
Data Manipulation: An Imminent Threat
Commentary  |  9/12/2016  | 
Critical industries are largely unprepared for a potential wave of destructive attacks.
Crimeware-as-a-Service Hack Turns Potential Hackers Into Victims
News  |  9/8/2016  | 
Cybercriminals are using Google Docs to host a new Facebook scamming tool, which is designed to steal credentials from potential hackers who try to access other users' accounts.
Avoiding The Blame Game For A Cyberattack
Commentary  |  9/8/2016  | 
How organizations can develop a framework of acceptable care for cybersecurity risk.
Defining The Common Core Of Cybersecurity: Certifications + Practical Experience
Commentary  |  9/7/2016  | 
Security certifications are necessary credentials, but alone wont solve the industrys critical talent gap.
Cloud Security Alliance: 10 Ways To Achieve Access Control For Big Data
Slideshows  |  9/3/2016  | 
A look at granular access control of the big data security and privacy.
Social Media Fraud Spikes, Study Finds
News  |  9/1/2016  | 
Nearly 20% of social media accounts associated with ten major global brands are fraudulent.
How To Talk About Security With Every C-Suite Member
Commentary  |  9/1/2016  | 
Reframe your approach with context in order to get your message across.


Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Our Endpoint Protection system is a little outdated... 
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4095
PUBLISHED: 2019-12-10
IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 158015.
CVE-2019-4244
PUBLISHED: 2019-12-10
IBM SmartCloud Analytics 1.3.1 through 1.3.5 could allow a remote attacker to gain unauthorized information and unrestricted control over Zookeeper installations due to missing authentication. IBM X-Force ID: 159518.
CVE-2019-4521
PUBLISHED: 2019-12-10
Platform System Manager in IBM Cloud Pak System 2.3 is potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 165179.
CVE-2019-4663
PUBLISHED: 2019-12-10
IBM WebSphere Application Server - Liberty is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 171245...
CVE-2019-19251
PUBLISHED: 2019-12-10
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.