Cloud

News & Commentary
Think Like An Attacker: How a Red Team Operates
Kelly Sheridan, Staff Editor, Dark ReadingNews
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
The Security Costs of Cloud-Native Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than 60% of organizations report the bulk of new applications are built in the cloud. What does this mean for security?
By Kelly Sheridan Staff Editor, Dark Reading, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Overhauling the 3 Pillars of Security Operations
Dave Frampton, Vice President of Security Solutions at Sumo LogicCommentary
Modern apps and the cloud mean that organizations must now rethink older security practices.
By Dave Frampton Vice President of Security Solutions at Sumo Logic, 9/18/2018
Comment1 Comment  |  Read  |  Post a Comment
Foreshadow, SGX & the Failure of Trusted Execution
Yehuda Lindell, Chief Scientist at Unbound Tech and Professor of Computer Science at Bar-Ilan UniversityCommentary
Trusted execution environments are said to provide a hardware-protected enclave that runs software and cannot be accessed externally, but recent developments show they fall far short.
By Yehuda Lindell Chief Scientist at Unbound Tech and Professor of Computer Science at Bar-Ilan University, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
The Key to Stealing a Tesla Model S
Dark Reading Staff, Quick Hits
A team of hackers finds it's possible to steal a Tesla Model S by cloning the key fob.
By Dark Reading Staff , 9/11/2018
Comment0 comments  |  Read  |  Post a Comment
British Airways Breach Linked to Ticketmaster Breach Attackers
Dark Reading Staff, Quick Hits
Magecart attackers hit airline with the same "digital skimmers" they used on the entertainment company in June, researchers say.
By Dark Reading Staff , 9/11/2018
Comment0 comments  |  Read  |  Post a Comment
Three Trend Micro Apps Caught Collecting MacOS User Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
After researchers found the security apps collecting and uploading users' browser histories, Apple removed the apps from its macOS app store and Trend Micro removed the apps' browser history collection capability.
By Kelly Sheridan Staff Editor, Dark Reading, 9/10/2018
Comment0 comments  |  Read  |  Post a Comment
8 Attack Vectors Puncturing Cloud Environments
Kelly Sheridan, Staff Editor, Dark Reading
These methods may not yet be on your security team's radar, but given their impact, they should be.
By Kelly Sheridan Staff Editor, Dark Reading, 9/7/2018
Comment0 comments  |  Read  |  Post a Comment
Understanding & Solving the Information-Sharing Challenge
Jonathan Couch, Senior VP of Strategy, ThreatQuotientCommentary
Why cybersecurity threat feeds from intel-sharing groups diminish in value and become just another source of noise. (And what to do about it.)
By Jonathan Couch Senior VP of Strategy, ThreatQuotient, 9/6/2018
Comment1 Comment  |  Read  |  Post a Comment
The Weakest Security Links in the (Block)Chain
Drew Peck & Tim Butler, Executive Director and CEO & Founder of TegoCommentary
Despite the technology's promise to transform how business is done, there are significant limitations and potential risks at the intersection of the digital and physical worlds.
By Drew Peck & Tim Butler Executive Director and CEO & Founder of Tego, 9/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Machine Identities Need Protection, Too
Dark Reading Staff, Quick Hits
A new study shows that device identities need a level of protection that they're not getting from most organizations.
By Dark Reading Staff , 8/31/2018
Comment0 comments  |  Read  |  Post a Comment
'Celebgate' Hacker Heading to Prison
Dark Reading Staff, Quick Hits
Connecticut man gets eight months for role in attack involving leak of personal celebrity photos, including those of actress Jennifer Lawrence.
By Dark Reading Staff , 8/30/2018
Comment0 comments  |  Read  |  Post a Comment
How Can We Improve the Conversation Among Blue Teams?
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Dark Reading seeks new ways to bring defenders together to share information and best practices
By Tim Wilson, Editor in Chief, Dark Reading , 8/27/2018
Comment5 comments  |  Read  |  Post a Comment
It Takes an Average 38 Days to Patch a Vulnerability
Kelly Sheridan, Staff Editor, Dark ReadingNews
Analysis of 316 million-plus security incidents uncovers most common types of real-world attacks taking place within in-production Web apps in the AWS and Azure cloud ecosystems.
By Kelly Sheridan Staff Editor, Dark Reading, 8/22/2018
Comment1 Comment  |  Read  |  Post a Comment
Adobe Software at Center of Two Vulnerability Disclosures
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Newly discovered Photoshop and Ghostscript vulnerabilities allow remote code execution.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/22/2018
Comment0 comments  |  Read  |  Post a Comment
Hackers Use Public Cloud Features to Breach, Persist In Business Networks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers are abusing the characteristics of cloud services to launch and hide their activity as they traverse target networks.
By Kelly Sheridan Staff Editor, Dark Reading, 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
Google Updates: Cloud HSM Beta, Binary Authorization for Kubernetes
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google's latest cloud security rollouts include early releases of its cloud-hosted security module and a container security tool to verify signed images.
By Kelly Sheridan Staff Editor, Dark Reading, 8/20/2018
Comment0 comments  |  Read  |  Post a Comment
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
Dark Reading Staff, CommentaryVideo
Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix.
By Dark Reading Staff , 8/20/2018
Comment1 Comment  |  Read  |  Post a Comment
Make a Wish: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 8/18/2018
Comment0 comments  |  Read  |  Post a Comment
Ensuring Web Applications Are Hardened, Secure
Dark Reading Staff, CommentaryVideo
Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.
By Dark Reading Staff , 8/17/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by arianapham
Current Conversations good idea.I agree with you
In reply to: thank
Post Your Own Reply
Posted by PanamaVet
Current Conversations White Privelege Day
In reply to: Cartoon Caption
Post Your Own Reply
More Conversations
PR Newswire
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "I'm not sure I like this top down management approach!"
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17407
PUBLISHED: 2018-09-23
An issue was discovered in t1_check_unusual_charstring functions in writet1.c files in TeX Live before 2018-09-21. A buffer overflow in the handling of Type 1 fonts allows arbitrary code execution when a malicious font is loaded by one of the vulnerable tools: pdflatex, pdftex, dvips, or luatex.
CVE-2018-17358
PUBLISHED: 2018-09-23
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in _bfd_stab_section_find_nearest_line in syms.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a ...
CVE-2018-17359
PUBLISHED: 2018-09-23
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory access exists in bfd_zalloc in opncls.c. Attackers could leverage this vulnerability to cause a denial of service (application crash) via a crafted ELF file.
CVE-2018-17360
PUBLISHED: 2018-09-23
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. a heap-based buffer over-read in bfd_getl32 in libbfd.c allows an attacker to cause a denial of service through a crafted PE file. This vulnerability can be triggered by the executa...
CVE-2018-17361
PUBLISHED: 2018-09-23
Multiple XSS vulnerabilities in WeaselCMS v0.3.6 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php because $_SERVER['PHP_SELF'] is mishandled.