Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in September 2017
Apple Shares More Data with US in First Half of 2017
Quick Hits  |  9/29/2017  | 
Device-based data requests from government agencies dropped in the first half over last year, but Apple fulfilled a higher percentage of those requests, according to its transparency report.
Key Security Innovations Focus on Policy and Tech
News  |  9/28/2017  | 
The New York Cyber Task Force says strategic innovations, not only technical ones, have made the biggest difference.
Caterpillar Eyes Competitive Edge with Connected Asset Security Program
News  |  9/27/2017  | 
Launches program to incorporate security by design and a strategic governance policy across all of its IoT products.
Companies Push to Decode Cloud Encryption
News  |  9/27/2017  | 
Businesses buckle down on encryption as it becomes table stakes for securing data in the cloud.
How to Live by the Code of Good Bots
Commentary  |  9/27/2017  | 
Following these four tenets will show the world that your bot means no harm.
Chevron's Jump to the Cloud is a Journey
News  |  9/26/2017  | 
Enterprises entertaining a move to the cloud should brace themselves for a challenging path of discovery.
Why Size Doesn't Matter in DDoS Attacks
Commentary  |  9/21/2017  | 
Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."
SMBs Paid $301 Million to Ransomware Attackers
Quick Hits  |  9/21/2017  | 
But small- to midsized businesses are taking a tougher stand against ransomware attacks, according to a survey released today of the 2016-2017 period.
10 Hot Cybersecurity Funding Rounds in Q3
Slideshows  |  9/20/2017  | 
The first two quarters of 2017 have been the most active ever in five years from a cybersecurity investment standpoint. Here's how the third quarter has shaped up.
GDPR & the Rise of the Automated Data Protection Officer
Commentary  |  9/19/2017  | 
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
Viacom's Secret Cloud Keys Exposed
Quick Hits  |  9/19/2017  | 
The entertainment giant is the latest company to misconfigure its Amazon Web Services S3 cloud storage bucket.
Siemens' New ICS/SCADA Security Service a Sign of the Times
News  |  9/19/2017  | 
Major ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.
Public, Hybrid Cloud Security Fears Abound
News  |  9/16/2017  | 
Most CISOs say encryption is the most effective security tool for data in the public cloud, but only one in six encrypt all data stored there.
Google, Spotify Build Open-Source Community for GCP Security
Quick Hits  |  9/15/2017  | 
Google and Spotify create Forseti, an open-source community with tools to secure projects on the Google Cloud Platform.
Attacking Developers Using 'Shadow Containers'
Attacking Developers Using 'Shadow Containers'
Dark Reading Videos  |  9/15/2017  | 
Sagie Dulce describes why developers are such attractive targets and how the Docker API can be exploited to use one of developers' favorite tools against them in sneaky, obfuscated attacks.
Microsoft's Azure 'Confidential Computing' Encrypts Data in Use
News  |  9/14/2017  | 
Early Access program under way for new Azure cloud security feature.
Cloud Security's Shared Responsibility Is Foggy
Commentary  |  9/14/2017  | 
Security is a two-way street. The cloud provider isn't the only one that must take precautions.
Encryption: A New Boundary for Distributed Infrastructure
Commentary  |  9/14/2017  | 
As the sheet metal surrounding traditional infrastructure continues to fall away, where should security functions in a cloud environment reside?
Businesses Fail to Properly Secure, Assess SSH: ISACA
Quick Hits  |  9/13/2017  | 
Frequently used but underappreciated, Secure Shell is rarely secured, assessed, documented, or managed in a systematic way, researchers report.
Why InfoSec Hiring Managers Miss the Oasis in the Desert
News  |  9/13/2017  | 
Despite a sharp shortage of IT security professionals, a pool of potential talent is swimming below the surface.
IBM Launches New Tools for Container Security
Quick Hits  |  9/12/2017  | 
IBM's LinuxONE Emperor II addresses container security as researchers pay closer attention to containers' security shortcomings.
Paul Vixie: How CISOs Can Use DNS to Up Security
Paul Vixie: How CISOs Can Use DNS to Up Security
Dark Reading Videos  |  9/11/2017  | 
FarSight CEO and DNS master Paul Vixie explains how enterprises, not just telecoms and infrastructure providers, can use DNS to improve cybersecurity.
Cloud Security Hype Fails to Match Deployments
Quick Hits  |  9/8/2017  | 
Technologies like software-defined perimeter and key management as-a-service generate enthusiasm but will take years to reach mainstream adoption.
10% of Ransomware Attacks on SMBs Targeted IoT Devices
News  |  9/7/2017  | 
IoT ransomware attacks are expected to ramp up in the coming years, a new survey shows.
Sandbox-Aware Malware Foreshadows Potential Attacks
Commentary  |  9/7/2017  | 
For the continuous monitoring industry to remain relevant, it needs to match the vigor of sandbox vendors against targeted subversion.
GDPR Confusion Persists Among Businesses, Survey Shows
Quick Hits  |  9/6/2017  | 
Top executives appear dismissive about the penalties they could face if failing to fulfill the EU's General Data Protection Regulation (GDPR) requirements.
Amazon S3 Bucket Leaks Expose Classified US Veteran Data
News  |  9/5/2017  | 
Improperly configured Amazon S3 buckets led to the exposure of data belonging to veterans with Top Secret security clearance and Time Warner Cable customers.
Endpoint Security Overload
News  |  9/5/2017  | 
CISOs and their teams are over-investing in endpoint security tools, driving inefficiency and a need to consolidate data.
CISOs' Salaries Expected to Edge Above $240,000 in 2018
News  |  9/1/2017  | 
Other IT security professionals may garner six-figure salaries as well, new report shows.


Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
SOC 2s & Third-Party Assessments: How to Prevent Them from Being Used in a Data Breach Lawsuit
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  12/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "This is the last time we hire Game of Thrones Security"
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0242
PUBLISHED: 2019-12-09
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
CVE-2015-3424
PUBLISHED: 2019-12-09
SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter.
CVE-2015-3425
PUBLISHED: 2019-12-09
Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to inject arbitrary web script or HTML via the ctl00$cph_content$_uig_formState parameter.
CVE-2015-7892
PUBLISHED: 2019-12-09
Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.
CVE-2015-0841
PUBLISHED: 2019-12-09
Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.