Zero-Day Attacks Major Concern in Hybrid Cloud
2/28/2018Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
Post a Comment
Author
Profile of Kelly Sheridan
Staff Editor, Dark Reading Member Since: 11/15/2013Author
News & Commentary Posts: 443
Comments: 4
Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.
Articles by Kelly Sheridan
posted in February 2018
posted in February 2018
Hybrid cloud environments are particularly vulnerable to zero-day exploits, according to a new study.
Post a Comment
SAML Flaw Lets Hackers Assume Users' Identities
2/27/2018Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Post a Comment
Adobe Flash Vulnerability Reappears in Malicious Word Files
2/26/2018CVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.
Post a Comment
93% of Cloud Applications Aren't Enterprise-Ready
2/23/2018The average business uses 1,181 cloud services, and most don't meet all recommended security requirements, Netskope says.
Post a Comment
10 Can't-Miss Talks at Black Hat Asia
2/23/2018With threats featuring everything from nation-states to sleep states, the sessions taking place from March 20-23 in Singapore are relevant to security experts around the world.
Post a Comment
The Mobile Threat: 4 out of 10 Businesses Report 'Significant' Risk
2/21/2018Organizations put efficiency and profit before security, leading to system downtime and data loss, according to inaugural research from Verizon.
Post a Comment
Facebook Aims to Make Security More Social
2/20/2018Facebook's massive user base creates an opportunity to educate billions on security.
Post a Comment
13 Russians Indicted for Massive Operation to Sway US Election
2/16/2018Russian nationals reportedly used stolen American identities and infrastructure to influence the 2016 election outcome.
Post a Comment
North Korea-Linked Cyberattacks Spread Out of Control: Report
2/15/2018New details on old cyberattacks originating from North Korea indicate several forms of malware unintentionally spread wider than authors intended.
Post a Comment
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
2/14/2018The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
Post a Comment
AI and Machine Learning: Breaking Down Buzzwords
2/13/2018Security experts explain two of today's trendiest technologies to explain what they mean and where you need them.
Post a Comment
Lazarus Group Attacks Banks, Bitcoin Users in New Campaign
2/13/2018A new Lazarus Group cyberattack campaign combines spear-phishing techniques with a cryptocurrency scanner designed to scan for Bitcoin wallets.
Post a Comment
Cyberattack Aimed to Disrupt Opening of Winter Olympics
2/12/2018Researchers who identified malware targeting the 2018 Winter Olympics say the attackers had previously compromised the Games' infrastructure.
Post a Comment
Google Paid $2.9M for Vulnerabilities in 2017
2/9/2018The Google Vulnerability Reward Program issued a total of 1,230 rewards in 2017. The single largest payout was $112,500.
Post a Comment
Cyber Warranties: What to Know, What to Ask
2/9/2018The drivers and details behind the growth of cyber warranties, which more businesses are using to guarantee their products.
Post a Comment
8 Nation-State Hacking Groups to Watch in 2018
2/9/2018The aliases, geographies, famous attacks, and behaviors of some of the most prolific threat groups.
Post a Comment
New Zero-Day Ransomware Evades Microsoft, Google Cloud Malware Detection
2/7/2018Shurl0ckr, a form of Gojdue ransomware, was not detected on SharePoint or Google Drive.
Post a Comment
Security vs. Speed: The Risk of Rushing to the Cloud
2/6/2018Companies overlook critical security steps as they move to adopt the latest cloud applications and services.
Post a Comment
Microsoft Updates Payment, Criteria for Windows Bug Bounty
2/6/2018The Windows Insider Preview Bounty Program will award between $500 and $15,000 for eligible submissions.
Post a Comment
Over 12,000 Business Websites Leveraged for Cybercrime
2/5/2018Attackers exploit trust in popular websites to launch phishing campaigns and spread malware.
Post a Comment
Poor Visibility, Weak Passwords Compromise Active Directory
2/1/2018Security experts highlight the biggest problems they see putting Microsoft Active Directory at risk.
Post a Comment
White Papers
Video
0 Comments
Current Issue
Flash Poll
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-15504
PUBLISHED: 2018-08-18
PUBLISHED: 2018-08-18
PUBLISHED: 2018-08-18
PUBLISHED: 2018-08-18
PUBLISHED: 2018-08-18
From DHS/US-CERT's National Vulnerability Database CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This