Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Cloud posted in September 2018
How Data Security Improves When You Engage Employees in the Process
Commentary  |  9/28/2018  | 
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
How to Keep Up Security in a Bug-Infested World
Commentary  |  9/27/2018  | 
Good digital hygiene will lower your risk, and these six tips can help.
Managing Data the Way We Manage Money
Commentary  |  9/27/2018  | 
In the data-driven enterprise, myriad types of data have become a new form and flow of currency. Why, then, hasn't the CISO achieved parity with the CFO?
Inside Microsoft Azure Sphere
News  |  9/26/2018  | 
Microsoft engineer details how the company's IoT security solution operates - at multiple layers starting with the microcontroller.
A 'Cyber Resilience' Report Card for the Public Sector
Commentary  |  9/26/2018  | 
Government agencies are making great strides in defending themselves against cyberattacks, according to new research from Accenture. But technology alone won't solve the problem.
Mirai Authors Escape Jail Time But Here Are 7 Other Criminal Hackers Who Didn't
Slideshows  |  9/26/2018  | 
Courts are getting tougher on the cybercrooks than some might realize.
The Cloud Security Conundrum: Assets vs. Infrastructure
Commentary  |  9/25/2018  | 
The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?
Microsoft Deletes Passwords for Azure Active Directory Applications
News  |  9/24/2018  | 
At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.
Think Like An Attacker: How a Red Team Operates
News  |  9/20/2018  | 
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
The Security Costs of Cloud-Native Applications
News  |  9/18/2018  | 
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
Overhauling the 3 Pillars of Security Operations
Commentary  |  9/18/2018  | 
Modern apps and the cloud mean that organizations must now rethink older security practices.
Foreshadow, SGX & the Failure of Trusted Execution
Commentary  |  9/12/2018  | 
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.
The Key to Stealing a Tesla Model S
Quick Hits  |  9/11/2018  | 
A team of hackers finds it's possible to steal a Tesla Model S by cloning the key fob.
British Airways Breach Linked to Ticketmaster Breach Attackers
Quick Hits  |  9/11/2018  | 
Magecart attackers hit airline with the same "digital skimmers" they used on the entertainment company in June, researchers say.
Three Trend Micro Apps Caught Collecting MacOS User Data
News  |  9/10/2018  | 
After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.
8 Attack Vectors Puncturing Cloud Environments
Slideshows  |  9/7/2018  | 
These methods may not yet be on your security team's radar, but given their impact, they should be.
Understanding & Solving the Information-Sharing Challenge
Commentary  |  9/6/2018  | 
Why cybersecurity threat feeds from intel-sharing groups diminish in value and become just another source of noise. (And what to do about it.)
The Weakest Security Links in the (Block)Chain
Commentary  |  9/5/2018  | 
Despite the technology's promise to transform how business is done, there are significant limitations and potential risks at the intersection of the digital and physical worlds.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5615
PUBLISHED: 2020-08-04
Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2020-5616
PUBLISHED: 2020-08-04
[Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] fre...
CVE-2020-5617
PUBLISHED: 2020-08-04
Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors.
CVE-2020-11583
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.
CVE-2020-11584
PUBLISHED: 2020-08-03
A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter.