Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Cloud
Page 1 / 2   >   >>
With Aporeto, Palo Alto Looks Away from the Firewall and Toward the Future
News  |  12/5/2019  | 
Seeing its firewall sales softening, the security vendor makes another acquisition to reorient itself for the cloud era.
Microsoft Defender ATP Brings EDR Capabilities to macOS
Quick Hits  |  12/5/2019  | 
Mac computers will now have the option to use Microsoft Defender Advanced Threat Protection's endpoint and detection response.
Navigating Security in the Cloud
Commentary  |  12/4/2019  | 
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
Leveraging the Cloud for Cyber Intelligence
Commentary  |  12/3/2019  | 
How fusing output datasets and sharing information can create a real-time understanding of suspicious activity across your enterprise.
Microsoft Fixes Flaw Threatening Azure Accounts
Quick Hits  |  12/2/2019  | 
Researchers detail a bug they found in some of Microsoft's OAuth 2.0 applications.
Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud
News  |  11/27/2019  | 
More than 3,100 Jira instances are still vulnerable to a server-side request forgery vulnerability patched in August.
Practical Principles for Security Metrics
Commentary  |  11/27/2019  | 
A proactive approach to cybersecurity requires the right tools, not more tools.
1.2B Records Exposed in Massive Server Leak
Quick Hits  |  11/22/2019  | 
A single server leaked 4 terabytes of personal data, including social media profiles, work histories, and home and mobile phone numbers.
3 Fundamentals for Better Security and IT Management
Commentary  |  11/21/2019  | 
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.
The 'Department of No': Why CISOs Need to Cultivate a Middle Way
Commentary  |  11/21/2019  | 
A chief information security officer's job inherently involves conflict, but a go-along-to-get-along approach carries its own vulnerabilities and risks.
Google Cloud Update Gives Users Greater Data Control
Quick Hits  |  11/20/2019  | 
External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access.
A Security Strategy That Centers on Humans, Not Bugs
Commentary  |  11/19/2019  | 
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
Windows Hello for Business Opens Door to New Attack Vectors
News  |  11/18/2019  | 
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
DevSecOps: The Answer to the Cloud Security Skills Gap
Commentary  |  11/15/2019  | 
There's a skills and resources gap industrywide, but a DevSecOps approach can go a long way toward closing that gap.
BSIMM10 Shows Industry Vertical Maturity
Commentary  |  11/14/2019  | 
The Building Security In Maturity Model is the only detailed measuring stick for software security initiatives, and it continues to evolve.
5 Cybersecurity CISO Priorities for the Future
Commentary  |  11/14/2019  | 
Seven chief information security officers share their pain points and two-year spending plans.
How Does Your Cyber Resilience Measure Up?
Commentary  |  11/14/2019  | 
The security measures companies take today may not be enough for tomorrow's cyber assault, but switching to a proactive, risk-based framework may better protect your organization.
Cybersecurity: An Organizationwide Responsibility
Commentary  |  11/13/2019  | 
C-suite execs must set an example of good practices while also supporting the IT department with enough budget to protect the organization from next-generation cyberattacks.
Breaches Are Inevitable, So Embrace the Chaos
Commentary  |  11/13/2019  | 
Avoid sinking security with principles of shipbuilding known since the 15th century.
Microsoft Patches IE Zero-Day Among 74 Vulnerabilities
News  |  11/12/2019  | 
The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer.
Researchers Find New Approach to Attacking Cloud Infrastructure
News  |  11/11/2019  | 
Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.
OpenText to Buy Carbonite for $800M Cash in $1.42B Deal
Quick Hits  |  11/11/2019  | 
The acquisition was confirmed just six months after Carbonite bought Webroot.
To Prove Cybersecurity's Worth, Create a Cyber Balance Sheet
Commentary  |  11/7/2019  | 
How tying and measuring security investments to business impacts can elevate executives' understanding and commitment to cyber-risk reduction.
The Cold Truth about Cyber Insurance
Commentary  |  11/7/2019  | 
There is no premium that will recover the millions of dollars your company spends on R&D if your intellectual property is hacked and stolen.
CrowdStrike Adds New Products & Web Store Apps
Quick Hits  |  11/5/2019  | 
Company introduces Falcon for AWS, Falcon Firewall Management, and third-party applications.
10 Tips for Building Compliance by Design into Cloud Architecture
Slideshows  |  11/5/2019  | 
A pair of experts pass along lessons learned while building out the team and processes necessary to support Starbucks' mobile app.
Proofpoint Acquires ObserveIT to Bolster DLP Capabilities
Quick Hits  |  11/5/2019  | 
The $225 million acquisition will help Proofpoint expand its data loss prevention capabilities with email, CASB, and data at rest.
Microsoft Tools Focus on Insider Risk, Data Protection at Ignite 2019
News  |  11/4/2019  | 
New tools and updates aimed at addressing ongoing challenges with insider threats and sensitive data classification.
Sumo Logic Buys JASK Labs to Tackle SOC Challenges
Quick Hits  |  11/4/2019  | 
Sumo Logic plans to integrate JASK's autonomous security operations center software into a new intelligence tool.
To Secure Multicloud Environments, First Acknowledge You Have a Problem
Commentary  |  11/4/2019  | 
Multicloud environments change rapidly. Organizations need a security framework that is purpose-built for the cloud and that aligns with their digital transformation strategy.
Free & Discounted Security Services Now Available for US Election Orgs
News  |  11/1/2019  | 
Nonprofit Defending Digital Campaigns (DDC) offers security services for email, user education, mobile, and encrypted communications, to federal election committees.
8 Holiday Security Tips for Retailers
Slideshows  |  11/1/2019  | 
Here's how retailers can protect their businesses from attackers and scammers hoping to wreak havoc during the most wonderful time of the year.
New Office 365 Phishing Scam Leaves A Voicemail
Quick Hits  |  10/31/2019  | 
A fake voice message lures victims to a fake Microsoft 365 login page that prompts them to enter credentials.
Security Pros Fear Insider Attacks Stem from Cloud Apps
Quick Hits  |  10/30/2019  | 
More than half of security practitioners surveyed say insider attack detection has grown more difficult since migrating to cloud.
Why Cloud-Native Applications Need Cloud-Native Security
Commentary  |  10/29/2019  | 
Today's developers and the enterprises they work for must prioritize security in order to reap the speed and feature benefits these applications and new architectures provide.
Google Cloud Adds New Security Management Tools to G Suite
Quick Hits  |  10/29/2019  | 
Desktop devices that log into G Suite will have device management enabled by default, streamlining processes for IT admins.
40% of Security Pros Job Hunting as Satisfaction Drops
News  |  10/24/2019  | 
Symptoms of job dissatisfaction creep into an industry already plagued with gaps in diversity and work-life balance.
Eight-Hour DDoS Attack Struck AWS Customers
Quick Hits  |  10/24/2019  | 
Google Cloud Platform suffered issues around the same time as Amazon Web Services but claims they were not caused by DDoS.
NordVPN Breached Via Data Center Provider's Error
Quick Hits  |  10/22/2019  | 
The VPN company said that one of its 3,000 servers in a third-party data center was open to exploitation through a misconfigured management tool.
Autoclerk Database Spills 179GB of Customer, US Government Data
Quick Hits  |  10/22/2019  | 
An open Elasticsearch database exposed hundreds of thousands of hotel booking reservations, compromising data from full names to room numbers.
Researchers Turn Alexa and Google Home Into Credential Thieves
Quick Hits  |  10/21/2019  | 
Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.
Trend Micro Buys Cloud Conformity to Fight Cloud Competition
Quick Hits  |  10/21/2019  | 
The cloud security posture management startup was acquired for a reported $70 million.
In a Crowded Endpoint Security Market, Consolidation Is Underway
News  |  10/18/2019  | 
Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.
Phishing Campaign Targets Stripe Credentials, Financial Data
News  |  10/17/2019  | 
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.
State of SMB Insecurity by the Numbers
Slideshows  |  10/17/2019  | 
SMBs still perceive themselves at low risk from cyberthreats in spite of attack statistics that paint a different pictur
Cozy Bear Emerges from Hibernation to Hack EU Ministries
News  |  10/17/2019  | 
The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.
SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance
Quick Hits  |  10/16/2019  | 
The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.
Google Cloud Launches Security Health Analytics in Beta
Quick Hits  |  10/16/2019  | 
The tool is designed to help identify misconfigurations and compliance violations in the Google Cloud Platform.
Cryptojacking Worm Targets and Infects 2,000 Docker Hosts
News  |  10/16/2019  | 
Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.
Symantec Adds Endpoint Security Tool to Revamp Portfolio
Quick Hits  |  10/15/2019  | 
Symantec Endpoint Security aims to deliver protection, detection, threat hunting, and response in a single tool.
Page 1 / 2   >   >>


Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...