Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

News & Commentary
1.2B Records Exposed in Massive Server Leak
Dark Reading Staff, Quick Hits
A single server leaked 4 terabytes of personal data, including social media profiles, work histories, and home and mobile phone numbers.
By Dark Reading Staff , 11/22/2019
Comment0 comments  |  Read  |  Post a Comment
3 Fundamentals for Better Security and IT Management
Chris Hallenbeck, CISO for the Americas at TaniumCommentary
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.
By Chris Hallenbeck CISO for the Americas at Tanium, 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
The 'Department of No': Why CISOs Need to Cultivate a Middle Way
Malcolm Harkins, Chief Security & Trust OfficerCommentary
A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.
By Malcolm Harkins Chief Security & Trust Officer, 11/21/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Update Gives Users Greater Data Control
Dark Reading Staff, Quick Hits
External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access.
By Dark Reading Staff , 11/20/2019
Comment0 comments  |  Read  |  Post a Comment
A Security Strategy That Centers on Humans, Not Bugs
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
By Andrea Little Limbago Chief Social Scientist, Virtru, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
Windows Hello for Business Opens Door to New Attack Vectors
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
By Kelly Sheridan Staff Editor, Dark Reading, 11/18/2019
Comment0 comments  |  Read  |  Post a Comment
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at NetskopeCommentary
There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.
By Lamont Orange Chief Information Security Officer at Netskope, 11/15/2019
Comment3 comments  |  Read  |  Post a Comment
BSIMM10 Shows Industry Vertical Maturity
Sammy Migues, BSIMM Co-Author and Principal Scientist at SynopsysCommentary
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
By Sammy Migues BSIMM Co-Author and Principal Scientist at Synopsys, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
5 Cybersecurity CISO Priorities for the Future
Paul Shomo, Cybersecurity AnalystCommentary
Seven chief information security officers share their pain points and two-year spending plans.
By Paul Shomo Cybersecurity Analyst, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
How Does Your Cyber Resilience Measure Up?
Troy Mattern, Vice President for Product and Services Cybersecurity at Motorola SolutionsCommentary
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.
By Troy Mattern Vice President for Product and Services Cybersecurity at Motorola Solutions, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity: An Organizationwide Responsibility
Guy Bunker, CTO of ClearswiftCommentary
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
By Guy Bunker CTO of Clearswift, 11/13/2019
Comment0 comments  |  Read  |  Post a Comment
Breaches Are Inevitable, So Embrace the Chaos
Ariel Zeitlin, Chief Technology Officer & Co-Founder, GuardicoreCommentary
Avoid sinking security with principles of shipbuilding known since the 15th century.
By Ariel Zeitlin Chief Technology Officer & Co-Founder, Guardicore, 11/13/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Patches IE Zero-Day Among 74 Vulnerabilities
Kelly Sheridan, Staff Editor, Dark ReadingNews
The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer.
By Kelly Sheridan Staff Editor, Dark Reading, 11/12/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Find New Approach to Attacking Cloud Infrastructure
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.
By Kelly Sheridan Staff Editor, Dark Reading, 11/11/2019
Comment1 Comment  |  Read  |  Post a Comment
OpenText to Buy Carbonite for $800M Cash in $1.42B Deal
Dark Reading Staff, Quick Hits
The acquisition was confirmed just six months after Carbonite bought Webroot.
By Dark Reading Staff , 11/11/2019
Comment0 comments  |  Read  |  Post a Comment
To Prove Cybersecurity's Worth, Create a Cyber Balance Sheet
Andrew Morrison, Principal, Cyber Risk Services, at DeloitteCommentary
How tying and measuring security investments to business impacts can elevate executives' understanding and commitment to cyber-risk reduction.
By Andrew Morrison Principal, Cyber Risk Services, at Deloitte, 11/7/2019
Comment0 comments  |  Read  |  Post a Comment
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQCommentary
There is no premium that will recover the millions of dollars your company spends on R&D if your intellectual property is hacked and stolen.
By Chris Kennedy CISO & VP Customer Success, AttackIQ, 11/7/2019
Comment3 comments  |  Read  |  Post a Comment
CrowdStrike Adds New Products & Web Store Apps
Dark Reading Staff, Quick Hits
Company introduces Falcon for AWS, Falcon Firewall Management, and third-party applications.
By Dark Reading Staff , 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
10 Tips for Building Compliance by Design into Cloud Architecture
Ericka Chickowski, Contributing Writer
A pair of experts pass along lessons learned while building out the team and processes necessary to support Starbucks' mobile app.
By Ericka Chickowski Contributing Writer, 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
Proofpoint Acquires ObserveIT to Bolster DLP Capabilities
Dark Reading Staff, Quick Hits
The $225 million acquisition will help Proofpoint expand its data loss prevention capabilities with email, CASB, and data at rest.
By Dark Reading Staff , 11/5/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
6 Top Nontechnical Degrees for Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/21/2019
Anatomy of a BEC Scam
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11287
PUBLISHED: 2019-11-23
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The "X-Reason" HTTP Header ca...
CVE-2019-11291
PUBLISHED: 2019-11-22
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user w...
CVE-2019-15593
PUBLISHED: 2019-11-22
GitLab 12.2.3 contains a security vulnerability that allows a user to affect the availability of the service through a Denial of Service attack in Issue Comments.
CVE-2019-16285
PUBLISHED: 2019-11-22
If a local user has been configured and logged in, an unauthenticated attacker with physical access may be able to extract sensitive information onto a local drive.
CVE-2019-16286
PUBLISHED: 2019-11-22
An attacker may be able to bypass the OS application filter meant to restrict applications that can be executed by changing browser preferences to launch a separate process that in turn can execute arbitrary commands.