Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

News & Commentary
Exposed Elasticsearch Database Compromises Data on 8M People
Dark Reading Staff, Quick Hits
Personal data exposed includes full names, physical and email addresses, birthdates, phone numbers, and IP addresses.
By Dark Reading Staff , 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Builds on Decentralized Identity Vision
Kelly Sheridan, Staff Editor, Dark ReadingNews
The company elaborates on its plan to balance data control between businesses and consumers by giving more autonomy to individuals.
By Kelly Sheridan Staff Editor, Dark Reading, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Tweet suggests possible screenshot of stolen city documents and credentials in the wake of attack that took down city servers last week.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/14/2019
Comment2 comments  |  Read  |  Post a Comment
Effective Pen Tests Follow These 7 Steps
Curtis Franklin Jr., Senior Editor at Dark Reading
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Poorly Configured Server Exposes Most Panama Citizens' Data
Dark Reading Staff, Quick Hits
Compromised information includes full names, birth dates, national ID numbers, medical insurance numbers, and other personal data.
By Dark Reading Staff , 5/13/2019
Comment0 comments  |  Read  |  Post a Comment
78% of Consumers Say Online Companies Must Protect Their Info
Steve Zurier, Contributing WriterNews
Yet 68% agree they also must do more to protect their own information.
By Steve Zurier Contributing Writer, 5/13/2019
Comment1 Comment  |  Read  |  Post a Comment
Symantec CEO Greg Clark Steps Down
Dark Reading Staff, Quick Hits
Exec shake-up comes amid earnings drop in financial report.
By Dark Reading Staff , 5/10/2019
Comment0 comments  |  Read  |  Post a Comment
How the Skills Gap Strains and Constrains Security Pros
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New ISSA/ESG survey underscores increasing pressures and security fallout of a strapped security team.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/9/2019
Comment1 Comment  |  Read  |  Post a Comment
How to Close the Critical Cybersecurity Talent Gap
Tom Weithman, Managing Director at CIT GAP Funds & Chief Investment Officer at MACH37Commentary
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
By Tom Weithman Managing Director at CIT GAP Funds & Chief Investment Officer at MACH37, 5/9/2019
Comment2 comments  |  Read  |  Post a Comment
DeepDotWeb Operators Indicted, Website Seized by the FBI
Dark Reading Staff, Quick Hits
Defendants allegedly earned kickbacks for sales of illegal contraband, including hacking tools and malicious code.
By Dark Reading Staff , 5/8/2019
Comment0 comments  |  Read  |  Post a Comment
Social Engineering Slams the C-Suite: Verizon DBIR
Kelly Sheridan, Staff Editor, Dark ReadingNews
Criminals are also going after cloud-based email accounts, according to Verizon's '2019 Data Breach Investigations Report.'
By Kelly Sheridan Staff Editor, Dark Reading, 5/8/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers Add a New Spin to Old Scams
Jai Vijayan, Contributing WriterNews
Scammers are figuring out unique ways of abusing cloud services to make their attacks look more genuine, Netskope says.
By Jai Vijayan Contributing Writer, 5/6/2019
Comment0 comments  |  Read  |  Post a Comment
Trust the Stack, Not the People
John De Santis, CEO, HyTrustCommentary
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
By John De Santis CEO, HyTrust, 5/6/2019
Comment0 comments  |  Read  |  Post a Comment
Massive Dark Web 'Wall Street Market' Shuttered
Dark Reading Staff, Quick Hits
Europol-led international law enforcement operation led to takedown of world's second-largest digital underground marketplace.
By Dark Reading Staff , 5/3/2019
Comment0 comments  |  Read  |  Post a Comment
The 2019 State of Cloud Security
Ericka Chickowski, Contributing Writer
Enterprise cloud security is making real progress, but emerging technologies call for security teams to keep up the pace.
By Ericka Chickowski Contributing Writer, 5/3/2019
Comment0 comments  |  Read  |  Post a Comment
Security Depends on Careful Design
Susanto Irwan, Co-Founder and VP of Engineering at Xage SecurityCommentary
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
By Susanto Irwan Co-Founder and VP of Engineering at Xage Security, 5/2/2019
Comment0 comments  |  Read  |  Post a Comment
Facebook, Instagram Are Phishers' Favorite Social Platforms
Dark Reading Staff, Quick Hits
Cloud companies continue to represent the most phishing URLs, but social media saw the most growth in Q1 2019.
By Dark Reading Staff , 5/2/2019
Comment1 Comment  |  Read  |  Post a Comment
Database Leaks, Network Traffic Top Data Exfiltration Methods
Kelly Sheridan, Staff Editor, Dark ReadingNews
Intellectual property and personally identifiable information tie for the type of data IT practitioners are worried about losing.
By Kelly Sheridan Staff Editor, Dark Reading, 4/30/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls
Kelly Sheridan, Staff Editor, Dark ReadingNews
New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy.
By Kelly Sheridan Staff Editor, Dark Reading, 4/30/2019
Comment0 comments  |  Read  |  Post a Comment
How to Build a Cloud Security Model
Kelly Sheridan, Staff Editor, Dark Reading
Security experts point to seven crucial steps companies should be taking as they move data and processes to cloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 4/26/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Artist Uses Malware in Installation
Dark Reading Staff 5/17/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12198
PUBLISHED: 2019-05-20
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
CVE-2019-12185
PUBLISHED: 2019-05-20
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web r...
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.