Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

News & Commentary
'Chimera' Threat Group Abuses Microsoft & Google Cloud Services
Dark Reading Staff, Quick Hits
Researchers detail a new threat group targeting cloud services to achieve goals aligning with Chinese interests.
By Dark Reading Staff , 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
Businesses Struggle with Cloud Availability as Attackers Take Aim
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers find organizations struggle with availability for cloud applications as government officials warn of cloud-focused cyberattacks.
By Kelly Sheridan Staff Editor, Dark Reading, 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
NSA Recommends Using Only 'Designated' DNS Resolvers
Dark Reading Staff, Quick Hits
Agency provides guidelines on securely deploying DNS over HTTPS, aka DoH.
By Dark Reading Staff , 1/14/2021
Comment0 comments  |  Read  |  Post a Comment
Virtual Pen-Testing Competition Tasks College Students With Running a Red Team Operation
Steve Zurier, Contributing WriterNews
Aimed at developing offensive cyber talent, last weekend's sixth annual Collegiate Penetration Testing Competition brought out some of the brightest from RIT and Stanford, among other universities.
By Steve Zurier Contributing Writer, 1/13/2021
Comment0 comments  |  Read  |  Post a Comment
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security CompassCommentary
Data is an organization's most valuable asset, so a data-centric approach would provide the best value for organizations, now and in the future.
By Altaz Valani Director of Insights Research, Security Compass, 1/13/2021
Comment1 Comment  |  Read  |  Post a Comment
Nissan Source Code Leaked via Misconfigured Git Server
Dark Reading Staff, Quick Hits
Leaked information includes source code of Nissan mobile apps, diagnostics tool, and market research tools and data, among other assets.
By Dark Reading Staff , 1/6/2021
Comment0 comments  |  Read  |  Post a Comment
6 Open Source Tools for Your Security Team
Curtis Franklin Jr., Senior Editor at Dark Reading
Open source tools can be great additions to your cloud security arsenal. Here are a half-dozen to get you started.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/6/2021
Comment1 Comment  |  Read  |  Post a Comment
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Dr. Jasson Casey, CTO of Beyond IdentityCommentary
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.
By Dr. Jasson Casey CTO of Beyond Identity, 1/4/2021
Comment0 comments  |  Read  |  Post a Comment
Reducing the Risk of Third-Party SaaS Apps to Your Organization
Dmitry Dontov, Chief Technology Officer, Spin TechnologyCommentary
Such apps may try to leak your data, or can contain malicious code. And even legitimate apps may be poorly written, creating security risks.
By Dmitry Dontov Chief Technology Officer, Spin Technology, 12/29/2020
Comment0 comments  |  Read  |  Post a Comment
HelpSystems Acquires Data Security Firm Vera
Dark Reading Staff, Quick Hits
The purchase is intended to increase London-based HelpSystems' file collaboration security capabilities.
By Dark Reading Staff , 12/24/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Ups Security of Azure AD, Identity
Kelly Sheridan, Staff Editor, Dark ReadingNews
A roundup of Microsoft's recent security news and updates that focus on protecting identity.
By Kelly Sheridan Staff Editor, Dark Reading, 12/22/2020
Comment0 comments  |  Read  |  Post a Comment
CISA: SolarWinds Not the Only Initial Attack Vector in Massive Breach
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Agency says it has "evidence of additional initial access vectors" besides SolarWinds' Orion software.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/17/2020
Comment0 comments  |  Read  |  Post a Comment
51% of WFH Parents Say Children Have Accessed Work Accounts
Dark Reading Staff, Quick Hits
In addition, 14% of surveyed parents who are working from home say their children have access to their work devices, new data shows.
By Dark Reading Staff , 12/17/2020
Comment0 comments  |  Read  |  Post a Comment
VPNs, MFA & the Realities of Remote Work
Petar Besalev, Senior Vice President of Cybersecurity & Privacy Services at A-LIGNCommentary
The work-from-home-era is accelerating cloud-native service adoption.
By Petar Besalev Senior Vice President of Cybersecurity & Privacy Services at A-LIGN, 12/17/2020
Comment0 comments  |  Read  |  Post a Comment
Twitter Fined in Irish GDPR Action
Dark Reading Staff, Quick Hits
The $547K fine results from an issue Twitter reported in 2019.
By Dark Reading Staff , 12/15/2020
Comment0 comments  |  Read  |  Post a Comment
Medical Imaging Leaks Highlight Unhealthy Security Practices
Robert Lemos, Contributing WriterNews
More than 45 million unique images, such as X-rays and MRI scans, are accessible to anyone on the Internet, security firm says.
By Robert Lemos Contributing Writer, 12/15/2020
Comment1 Comment  |  Read  |  Post a Comment
7 Security Tips for Gamers
Steve Zurier, Contributing Writer
Gamers can expect to be prime targets over the holidays as COVID-19 rages on. Here's some advice on how to keep hackers at bay.
By Steve Zurier Contributing Writer, 12/11/2020
Comment1 Comment  |  Read  |  Post a Comment
Cloud Identity and Access Management: Understanding the Chain of Access
Keith Neilson, Technical Evangelist for CloudSphereCommentary
Here's where enterprises encounter challenges with cloud IAM and the best practices they should follow to correct these mistakes.
By Keith Neilson Technical Evangelist for CloudSphere, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Google Shares Cloud Security Tips
Dark Reading Staff, News
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
Black Hat Europe: Dark Reading Video News Desk Coverage
Dark Reading Staff, News
Coming to you from virtual backgrounds and beautifully curated bookcases around the world, Dark Reading brings you video interviews with the leading researchers speaking at this week's Black Hat Europe.
By Dark Reading Staff , 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...