Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management

Cloud

News & Commentary
Google Shares Cloud Security Tips
Dark Reading Staff, News
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Black Hat Europe: Dark Reading Video News Desk Coverage
Dark Reading Staff, News
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Former Microsoft Cloud Security Leads Unveil New Startup
Dark Reading Staff, Quick Hits
Wiz has raised $100 million since its January launch and plans to help businesses with visibility into cloud security threats.
By Dark Reading Staff , 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
Navigating the Security Maze in a New Era of Cyberthreats
Keith B. Alexander & Jamil Jaffer, Founder & SVP, Strategy, Partnerships & Corporate Development, IronNet CybersecurityCommentary
Multiple, dynamic threats have reshaped the cyber-risk landscape; ignore them at your peril.
By Keith B. Alexander & Jamil Jaffer Founder & SVP, Strategy, Partnerships & Corporate Development, IronNet Cybersecurity, 12/9/2020
Comment1 Comment  |  Read  |  Post a Comment
Attackers Know Microsoft 365 Better Than You Do
Francisco Donoso, Director of Global Security Strategy at Kudelski SecurityCommentary
Users have taken to Microsoft Office 365's tools, but many are unaware of free features that come with their accounts -- features that would keep them safe.
By Francisco Donoso Director of Global Security Strategy at Kudelski Security, 12/8/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Cloud Security Exec Talks New Tech, WFH, Gamification
Kelly Sheridan, Staff Editor, Dark ReadingNews
Gunter Ollmann explains the benefits of CSPM technology, how IT security teams have evolved, and how the pandemic has shaped security.
By Kelly Sheridan Staff Editor, Dark Reading, 12/4/2020
Comment0 comments  |  Read  |  Post a Comment
Researchers Discover New Obfuscation-As-a-Service Platform
Ericka Chickowski, Contributing WriterNews
Researchers detail how a Android APK obfuscation service automates detection evasion for highly malicious apps.
By Ericka Chickowski Contributing Writer, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Common Container Manager Is Vulnerable to Dangerous Exploit
Dark Reading Staff, Quick Hits
Container manager vulnerability is one of several weaknesses and vulnerabilities recently disclosed for Docker.
By Dark Reading Staff , 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Security Threats for 2021
Or Azarzar, CTO & Co-Founder of LightspinCommentary
Most of these issues can be remediated, but many users and administrators don't find out about them until it's too late.
By Or Azarzar CTO & Co-Founder of Lightspin, 12/3/2020
Comment0 comments  |  Read  |  Post a Comment
Open Source Flaws Take Years to Find But Just a Month to Fix
Robert Lemos, Contributing WriterNews
Companies need to embrace automation and dependency tracking to keep software secure, GitHub says in its annual security report.
By Robert Lemos Contributing Writer, 12/2/2020
Comment0 comments  |  Read  |  Post a Comment
Security Slipup Exposes Health Records & Lab Results
Dark Reading Staff, Quick Hits
NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online.
By Dark Reading Staff , 12/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Call Fraud Operator Ordered to Pay $9M to Victims
Dark Reading Staff, Quick Hits
Indian national will serve 20 years in prison for running a large call center fraud operation.
By Dark Reading Staff , 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
2020 Cybersecurity Holiday Gift Guide for Kids
Ericka Chickowski, Contributing Writer
Grab some wrapping paper: These STEM toys and games are sure to spark creativity and hone coding and logic skills among a future generation of cybersecurity pros.
By Ericka Chickowski Contributing Writer, 12/1/2020
Comment0 comments  |  Read  |  Post a Comment
Do You Know Who's Lurking in Your Cloud Environment?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A security researcher explains the dangers of poor visibility in the cloud and a new strategy to evaluate IAM exposure in Google Cloud Platform.
By Kelly Sheridan Staff Editor, Dark Reading, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
Liz Rice, VP Open Source Engineering, Aqua SecurityCommentary
The "OODA loop" shows us how to secure cloud-native deployments and prevent breaches before they occur.
By Liz Rice VP Open Source Engineering, Aqua Security, 11/25/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark ReadingNews
The startup, founded by former white-hat hackers, has secured a $4 million seed round to close security gaps in cloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
How Retailers Can Fight Fraud and Abuse This Holiday Season
Sunil Potti, General Manager and Vice President, Google Cloud SecurityCommentary
Online shopping will be more popular than ever with consumers... and with malicious actors too.
By Sunil Potti General Manager and Vice President, Google Cloud Security, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
10 Undergraduate Security Degree Programs to Explore
Kelly Sheridan, Staff Editor, Dark Reading
Colleges and universities are ramping up cybersecurity education with a wider range of degree programs and more resources for students to build their infosec careers.
By Kelly Sheridan Staff Editor, Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Telos Goes Public
Jai Vijayan, Contributing WriterNews
Nearly a month after McAfee made its second appearance on the public market, the Virginia-based provider of security services to government and commercial organizations makes its own debut.
By Jai Vijayan Contributing Writer, 11/19/2020
Comment0 comments  |  Read  |  Post a Comment
As Businesses Move to Multicloud Approach, Ransomware Follows
Robert Lemos, Contributing WriterNews
The average US company uses 16 cloud services, but only a third of IT professional believe their security measures have kept up with the change.
By Robert Lemos Contributing Writer, 11/18/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by JohnHammond
Current Conversations Nice article!
In reply to: Great!
Post Your Own Reply
More Conversations
Products & Releases
New Report from Fudo Security Identifies Key Trends in Secure Remote Access
Cyberbit Launches the First Zero to Hero Cyber Skills Development Cloud
Netenrich Serves A La Carte SOC for Midmarket IT
New Net Technologies (NNT) Launches Change Tracker for Cloud and Container Environments
Philips Expands Its Healthcare Customer Services Portfolio with Integrated Cybersecurity Services
Claroty Partners with CrowdStrike to Protect Industrial Control System Environments
Open Raven Launches Cloud-Native Data Protection Platform to Automate Security and Privacy Operations
Zix Acquires Leading Cloud-Based Backup and Recovery Provider CloudAlly
More Products & Releases
PR Newswire
Phishing Campaign Targets 200M Microsoft 365 Accounts
Kelly Sheridan, Staff Editor, Dark Reading,  12/7/2020
Navigating the Security Maze in a New Era of Cyberthreats
Keith B. Alexander & Jamil Jaffer, Founder & SVP, Strategy, Partnerships & Corporate Development, IronNet Cybersecurity,  12/9/2020
Nation-State Hackers Breached FireEye, Stole Its Red Team Tools
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Don't worry, you'll know if audit doesn't like your password strength!
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today’s Enterprises
Assessing Cybersecurity Risk in Today’s Enterprises
COVID-19 has created a new IT paradigm in the enterprise — and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8919
PUBLISHED: 2020-12-10
An information leak vulnerability exists in Gerrit versions prior to 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where a missing access check on the branch REST API allows an attacker with only the default set of priviledges to read all other user's personal account data as well as sub-trees with restri...
CVE-2020-8920
PUBLISHED: 2020-12-10
An information leak vulnerability exists in Gerrit versions prior to 2.14.22, 2.15.21, 2.16.25, 3.0.15, 3.1.10, 3.2.5 where an overoptimization with the FilteredRepository wrapper skips the verification of access on All-Users repositories, allowing an attacker to get read access to all users' person...
CVE-2020-29666
PUBLISHED: 2020-12-10
In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value.
CVE-2020-29667
PUBLISHED: 2020-12-10
In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration.
CVE-2020-29668
PUBLISHED: 2020-12-10
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.