When It Comes To Security Tools, More Isn't More

Network Computing Dark Reading

Advertise

About Us

Threaded | Newest First | Oldest First

[close this box]

100%

priya7june,
User Rank: Apprentice
1/12/2021 | 4:52:48 AM

Who is responsible for security in the cloud?

Tightly said the "cloud" has become an inseparable part of today's business.

When adopting cloud solutions, many organizations fail to balance the benefits of the cloud against the cloud security threats and challenges they may face.

But the major question to ask is, who is responsible for security in the cloud?

Being an entrepreneur I had to go through the same especially in this lockdown. I also tried many solutions but it was expensive for a start-up like mine. I finally landed in some free solutions with a limited number of otp users and quite satisfied till now.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

How SolarWinds Busted Up Our Assumptions About Code Signing

Dr. Jethro Beekman, Technical Director, 3/3/2021

'ObliqueRAT' Now Hides Behind Images on Compromised Websites

Jai Vijayan, Contributing Writer, 3/2/2021

Attackers Turn Struggling Software Projects Into Trojan Horses

Robert Lemos, Contributing Writer, 2/26/2021

Live Events

Webinars

Interop Digital - Free Cybersecurity Event April 29

Communications & Collaboration: 2024 (March 9-10)

Network Security for 2021 and Beyond (April 29)

More Informa Tech Live Events

White Papers

Osterman Research: Cyber Crisis Response - Fit For Today's Threat Landscape?

Insider Risk Management: A Better Way to Prevent Data Leaks

Trustwave Global Security Report

Supercharge Incident Response with DDI Visibility

Accelerate Threat Resolutions with DNS

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: Lexi's just checking the fire meets specifications for this years PCI-DinoSS assessment.

Cartoon Archive

Current Issue

2021 Top Enterprise IT Trends

We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises are Developing Secure Applications

Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-5148
PUBLISHED: 2021-03-05

SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall a...

CVE-2020-36255
PUBLISHED: 2021-03-05

An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel) before 1.3.0. The Branca implementation allows an attacker to modify and forge authentication tokens.

CVE-2019-18351
PUBLISHED: 2021-03-05

An issue was discovered in channels/chan_sip.c in Sangoma Asterisk through 13.29.1, through 16.6.1, and through 17.0.0; and Certified Asterisk through 13.21-cert4. A SIP request can be sent to Asterisk that can change a SIP peer's IP address. A REGISTER does not need to occur, and calls can be hijac...

CVE-2021-27963
PUBLISHED: 2021-03-05

SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g., SuperAdmin). An anonymous user can send a POST request to /User/saveUser without any authentication or session header.

CVE-2021-27964
PUBLISHED: 2021-03-05

SonLogger before 6.4.1 is affected by Unauthenticated Arbitrary File Upload. An attacker can send a POST request to /Config/SaveUploadedHotspotLogoFile without any authentication or session header. There is no check for the file extension or content of the uploaded file.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]