Cloud

News & Commentary
On Norman Castles and the Internet
Dr. Mike Lloyd, CTO of RedSealCommentary
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
By Dr. Mike Lloyd CTO of RedSeal, 3/15/2019
Comment0 comments  |  Read  |  Post a Comment
4 Reasons to Take an 'Inside Out' View of Security
Earl D. Matthews, Senior Vice President and Chief Strategy Officer at VerodinCommentary
When you approach security from the inside out, you're protecting your data by determining the most vital applications and using a risk-based strategy, which focuses on the most valuable and vulnerable assets.
By Earl D. Matthews Senior Vice President and Chief Strategy Officer at Verodin, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
Box Mistakes Leave Enterprise Data Exposed
Dark Reading Staff, Quick Hits
User errors in enterprise Box accounts have left hundreds of thousands of sensitive documents exposed to thieves and peeping toms.
By Dark Reading Staff , 3/12/2019
Comment1 Comment  |  Read  |  Post a Comment
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Meanwhile, organizations are looking at unconventional ways to staff up and train their workforce as technical expertise gets even harder to find.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/12/2019
Comment6 comments  |  Read  |  Post a Comment
The 12 Worst Serverless Security Risks
Ory Segal, CTO, PureSecCommentary
A new guide from the Cloud Security Alliance offers mitigations, best practices, and a comparison between traditional applications and their serverless counterparts.
By Ory Segal CTO, PureSec, 3/12/2019
Comment0 comments  |  Read  |  Post a Comment
763M Email Addresses Exposed in Latest Database Misconfiguration Episode
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
MongoDB once again used by database admin who opens unencrypted database to the whole world.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Debunking 5 Myths About Zero Trust Security
Torsten George, Cybersecurity Evangelist at CentrifyCommentary
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
By Torsten George Cybersecurity Evangelist at Centrify, 3/7/2019
Comment0 comments  |  Read  |  Post a Comment
Meet the New 'Public-Interest Cybersecurity Technologist'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A grassroots movement is emerging to train high-risk groups and underrepresented communities in cybersecurity protection and skills all for the public good.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/6/2019
Comment0 comments  |  Read  |  Post a Comment
Incident Response: Having a Plan Isn't Enough
Kelly Sheridan, Staff Editor, Dark ReadingNews
Data shows organizations neglect to review and update breach response plans as employees and processes change, putting data at risk.
By Kelly Sheridan Staff Editor, Dark Reading, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Security Pros Agree: Cloud Adoption Outpaces Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
Oftentimes, responsibility for securing the cloud falls to IT instead of the security organization, researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 3/1/2019
Comment1 Comment  |  Read  |  Post a Comment
Data Leak Exposes Dow Jones Watchlist Database
Dark Reading Staff, Quick Hits
The Watchlist, which contained the identities of government officials, politicians, and people of political interest, is used to identify risk when researching someone.
By Dark Reading Staff , 2/28/2019
Comment6 comments  |  Read  |  Post a Comment
Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service
Kelly Sheridan, Staff Editor, Dark ReadingNews
New services, which are both available in preview, arrive at a time when two major trends are converging on security.
By Kelly Sheridan Staff Editor, Dark Reading, 2/28/2019
Comment0 comments  |  Read  |  Post a Comment
In 2019, Cryptomining Just Might Have an Even Better Year
Alex Artamonov, System Engineer & Cybersecurity Specialist, Infinitely VirtualCommentary
The practice today is so pervasive that cryptojacking scripts are said to be running on an estimated 3% of all sites that users visit.
By Alex Artamonov System Engineer & Cybersecurity Specialist, Infinitely Virtual, 2/28/2019
Comment0 comments  |  Read  |  Post a Comment
IoT, APIs, and Criminal Bots Pose Evolving Dangers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A pair of reports reach similar conclusions about some of the threats growing in cyberspace and the industries likely to be most affected.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/27/2019
Comment0 comments  |  Read  |  Post a Comment
Intel Focuses on Data Center, Firmware Security Ahead of RSAC
Kelly Sheridan, Staff Editor, Dark ReadingNews
The new Intel SGX Card is intended to extend application memory security using Intel SGX in existing data center infrastructure.
By Kelly Sheridan Staff Editor, Dark Reading, 2/27/2019
Comment0 comments  |  Read  |  Post a Comment
Embracing DevSecOps: 5 Processes to Improve DevOps Security
Sam Bocetta, Security AnalystCommentary
In the cyber threat climate of the 21st century, sticking with DevOps is no longer an option.
By Sam Bocetta Security Analyst, 2/27/2019
Comment0 comments  |  Read  |  Post a Comment
'Cloudborne': Bare-Metal Cloud Servers Vulnerable to Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Firmware vulnerabilities provide direct access to server hardware, enabling attackers to install malware that can pass from customer to customer.
By Kelly Sheridan Staff Editor, Dark Reading, 2/26/2019
Comment2 comments  |  Read  |  Post a Comment
A 'Cloudy' Future for OSSEC
Scott Shinn, Founder & CTO, AtomicorpCommentary
As more organizations move to the public cloud and to DevOps and DevSecOps processes, the open source alternative for host-based intrusion detection is finding new uses.
By Scott Shinn Founder & CTO, Atomicorp, 2/26/2019
Comment0 comments  |  Read  |  Post a Comment
Secure the System, Help the User
John Carbo, Director of Information Security at Abacus GroupCommentary
The enterprise must do its part in deploying and maintaining secure systems so that end users stand a chance against attackers.
By John Carbo Director of Information Security at Abacus Group, 2/25/2019
Comment0 comments  |  Read  |  Post a Comment
Why Cybersecurity Burnout Is Real (and What to Do About It)
Chris Schueler, Senior VP, Managed Security Services, TrustwaveCommentary
The constant stresses from advanced malware to zero-day vulnerabilities can easily turn into employee overload with potentially dangerous consequences. Here's how to turn down the pressure.
By Chris Schueler Senior VP, Managed Security Services, Trustwave, 2/21/2019
Comment9 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by StuartG253
Current Conversations :(){:|:&};:
In reply to: Horse shit
Post Your Own Reply
More Conversations
PR Newswire
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
Cybercriminals Think Small to Earn Big
Dark Reading Staff 3/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: LOL  Hope this one wins
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.