Cloud

News & Commentary
Shadow IT, IaaS & the Security Imperative
Sanjay Kalra, Co-Founder & Chief Strategy Officer at LaceworkCommentary
Organizations must strengthen their security posture in cloud environments. That means considering five critical elements about their infrastructure, especially when it operates as an IaaS.
By Sanjay Kalra Co-Founder & Chief Strategy Officer at Lacework, 1/21/2019
Comment1 Comment  |  Read  |  Post a Comment
GDPR Suit Filed Against Amazon, Apple
Dark Reading Staff, Quick Hits
An Austrian non-profit, led by privacy activist and attorney Max Schrems, has filed suit against 8 tech giants for non-compliance with the EU General Data Protection Regulation.
By Dark Reading Staff , 1/18/2019
Comment0 comments  |  Read  |  Post a Comment
8 Tips for Monitoring Cloud Security
Kelly Sheridan, Staff Editor, Dark Reading
Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 1/18/2019
Comment1 Comment  |  Read  |  Post a Comment
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Ofer Amitai, CEO, PortnoxCommentary
The network no longer provides an air gap against external threats, but access devices can take up the slack.
By Ofer Amitai CEO, Portnox, 1/17/2019
Comment5 comments  |  Read  |  Post a Comment
Former IBM Security Execs Launch Cloud Data Security Startup
Kelly Sheridan, Staff Editor, Dark ReadingNews
Sonrai Security, the brainchild of two execs from IBM Security and Q1 Labs, debuts with $18.5 million in Series A funding.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
Who Takes Responsibility for Cyberattacks in the Cloud?
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new CSA report addresses the issue of breach responsibility as more organizations move ERP application data the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 1/11/2019
Comment2 comments  |  Read  |  Post a Comment
Reddit Alerts Users to Possible Account Breaches
Dark Reading Staff, Quick Hits
User lockouts, combined with requirements for new passwords, indicate an attack on accounts at the popular social media platform.
By Dark Reading Staff , 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
Container Deployments Bring Security Woes at DevOps Speed
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Nearly half of all companies know that they're deploying containers with security flaws, according to a new survey.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/9/2019
Comment0 comments  |  Read  |  Post a Comment
Security at the Speed of DevOps: Maturity, Orchestration, and Detection
Kamal Shah, CEO at StackRoxCommentary
Container and microservices technologies, including the orchestrator Kubernetes, create an extraordinary opportunity to build infrastructure and applications that are secure by design.
By Kamal Shah CEO at StackRox, 1/9/2019
Comment0 comments  |  Read  |  Post a Comment
New 'Crypto Dusting' Attack Gives Cash, Takes Reputation
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
This new form of crypto wallet fraud enlists unwary consumers and companies to help defeat anti-money laundering methods for law enforcement and regulators.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Your Life Is the Attack Surface: The Risks of IoT
Jason Haddix, Vice President of Researcher Growth at BugcrowdCommentary
To protect yourself, you must know where you're vulnerable and these tips can help.
By Jason Haddix Vice President of Researcher Growth at Bugcrowd, 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Sophos Buys Cloud Security Company
Dark Reading Staff, Quick Hits
Deal gives Sophos a new AI-based cloud security platform.
By Dark Reading Staff , 1/8/2019
Comment0 comments  |  Read  |  Post a Comment
Report: Consumers Buy New Smart Devices But Don't Trust Them
Dark Reading Staff, Quick Hits
The gap between acceptance and trust for new smart devices is huge, according to a new survey.
By Dark Reading Staff , 1/7/2019
Comment1 Comment  |  Read  |  Post a Comment
Managing Security in Today's Compliance and Regulatory Environment
Andrew Williams, Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, CoalfireCommentary
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
By Andrew Williams Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, Coalfire, 1/4/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers Use Google Cloud to Target US, UK Banks
Dark Reading Staff, Quick Hits
Employees at financial services firms hit with an email attack campaign abusing a Google Cloud storage service.
By Dark Reading Staff , 12/26/2018
Comment3 comments  |  Read  |  Post a Comment
Spending Spree: What's on Security Investors' Minds for 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 12/26/2018
Comment2 comments  |  Read  |  Post a Comment
Security 101: How Businesses and Schools Bridge the Talent Gap
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts share the skills companies are looking for, the skills students are learning, and how to best find talent you need.
By Kelly Sheridan Staff Editor, Dark Reading, 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
US Indicts 2 APT10 Members for Years-Long Hacking Campaign
Dark Reading Staff, Quick Hits
In an indictment unsealed this morning, the US ties China's state security agency to a widespread campaign of personal and corporate information theft.
By Dark Reading Staff , 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
How to Remotely Brick a Server
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers demonstrate the process of remotely bricking a server, which carries serious and irreversible consequences for businesses.
By Kelly Sheridan Staff Editor, Dark Reading, 12/19/2018
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots
Phillip Maddux, Principal Application Security Researcher & Advisor at Signal SciencesCommentary
While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
By Phillip Maddux Principal Application Security Researcher & Advisor at Signal Sciences, 12/19/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by RitaJJohnson
Current Conversations Exectly
In reply to: Re: Good Idea
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19019
PUBLISHED: 2019-01-22
A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application.
CVE-2019-6260
PUBLISHED: 2019-01-22
The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console u...
CVE-2018-19011
PUBLISHED: 2019-01-22
CX-Supervisor (Versions 3.42 and prior) can execute code that has been injected into a project file. An attacker could exploit this to execute code under the privileges of the application.
CVE-2018-19013
PUBLISHED: 2019-01-22
An attacker could inject commands to delete files and/or delete the contents of a file on CX-Supervisor (Versions 3.42 and prior) through a specially crafted project file.
CVE-2018-19017
PUBLISHED: 2019-01-22
Several use after free vulnerabilities have been identified in CX-Supervisor (Versions 3.42 and prior). When processing project files, the application fails to check if it is referencing freed memory. An attacker could use a specially crafted project file to exploit and execute code under the privil...