Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Cloud
Page 1 / 2   >   >>
Former Salesforce Execs Launch Data Protection Startup
News  |  5/22/2020  | 
Cloud-based API service stores and manages sensitive consumer data with a zero-trust, database-as-a service approach.
10 iOS Security Tips to Lock Down Your iPhone
Slideshows  |  5/22/2020  | 
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
Telcos Become Richer Hacking Targets
News  |  5/21/2020  | 
The shift of moving telecommunications networks toward more commercial networking equipment and systems also expanded their attack surface.
Hackers Serve Up Stolen Credentials from Home Chef
Quick Hits  |  5/21/2020  | 
Some 8 million of the meal delivery company's customer records have been offered for sale on the Dark Web.
Web Application Attacks Double from 2019: Verizon DBIR
News  |  5/19/2020  | 
Verizon's annual data breach report shows most attackers are external, money remains their top motivator, and web applications and unsecured cloud storage are hot targets.
Microsoft Open Sources Its Coronavirus Threat Data
Quick Hits  |  5/15/2020  | 
Microsoft's COVID-19 intelligence will be made publicly available to help businesses fight virus-related security threats.
As Businesses Rush to the Cloud, Security Teams Struggle to Keep Up
News  |  5/14/2020  | 
Most organizations have a gap between current and planned cloud usage and the maturity of their cloud security programs.
8 Supply Chain Security Requirements
Slideshows  |  5/14/2020  | 
Complex supply chains have complex security requirements, but secure them you must. Here's where to start.
Organizations Conduct App Penetration Tests More Frequently - and Broadly
News  |  5/13/2020  | 
Compliance is no longer the primary motivator. AppSec is, Cobalt.io says.
CyberArk Acquires Idaptive for Identity-as-a-Service Tech
Quick Hits  |  5/13/2020  | 
The $70 million deal is intended to help CyberArk strengthen its portfolio with secure and SaaS-based identity management.
Microsoft Fixes 111 Vulnerabilities for Patch Tuesday
News  |  5/12/2020  | 
This marks the third month in a row that Microsoft patched more than 100 bugs, of which 16 are classified as critical.
As Remote Work Becomes the Norm, Security Fight Moves to Cloud, Endpoints
News  |  5/8/2020  | 
A majority of firms expect to keep more employees working remotely post-pandemic, forcing businesses to undertake more comprehensive digital and cloud transformations.
Why DevSecOps Is Critical for Containers and Kubernetes
Commentary  |  5/8/2020  | 
DevSecOps is a big and sometimes difficult shift for organizations. The key to success? Take small steps.
Malicious Bots Infiltrate Online Food Delivery
News  |  5/7/2020  | 
With grocery delivery in higher demand than ever, new add-ons have emerged to secure slots for consumers, presenting a new pathway for bad bots to wreak havoc.
Breach Hits GoDaddy SSH Customers
Quick Hits  |  5/5/2020  | 
The October 2019 breach left some customer data open to hacking eyes.
Cloud Startup Orca Security Raises $20M Series A
Quick Hits  |  5/5/2020  | 
The Israeli cloud security startup has built a platform to help organizations gain greater visibility into multicloud deployments.
SMB Security Catches Up to Large Companies, Data Shows
News  |  5/4/2020  | 
Small and midsize businesses face issues similar to those of large organizations and have updated security practices to respond with threat hunting, patch management, and dedicated personnel.
7 Tips for Security Pros Patching in a Pandemic
Slideshows  |  5/4/2020  | 
The shift to remote work has worsened patch management challenges and created new ones. Security pros share insights and best practices.
Fake Microsoft Teams Emails Phish for Credentials
News  |  5/1/2020  | 
Employees belonging to organizations in industries such as energy, retail, and hospitality have been recipients, Abnormal Security says.
Microsoft's Records Management Tool Aims to Simplify Data Governance
News  |  4/30/2020  | 
Records Management is intended to help businesses manage security and data governance as more struggle to handle increased amounts of data and regulatory requirements.
Researchers Find Baby Banking Trojan, Watch It Grow
News  |  4/30/2020  | 
EventBot is an Android information stealer on its way to becoming a very capable piece of malware.
Researchers Find Vulnerabilities in Popular Remote Learning Plug-ins
News  |  4/30/2020  | 
As more students move to online learning platforms, vulnerability researchers are revealing security flaws in some common software plug-ins.
Rapid7 Announces Plan to Buy DivvyCloud
Quick Hits  |  4/28/2020  | 
The purchase will boost Rapid7's multicloud capabilities.
New Startup Accurics Tackles Cloud Infrastructure Security
News  |  4/28/2020  | 
Accurics offers a free product to prevent "drift" between infrastructure defined through code and infrastructure running in the cloud.
Top 10 Cyber Incident Response Mistakes and How to Avoid Them
Slideshows  |  4/27/2020  | 
From lack of planning to rushing the closure of incidents, these mistakes seriously harm IR effectiveness.
Cloud Services Are the New Critical Infrastructure. Can We Rely on Them?
Commentary  |  4/27/2020  | 
If cloud services vendors successfully asked themselves these three questions, we'd all be better off.
Paay Misconfiguration Leaves Transaction Data Exposed
Quick Hits  |  4/23/2020  | 
The New York-based credit-card processor left a server without password protection for approximately three weeks.
Communication, Cloud & Finance Apps Most Vulnerable to Insider Threat
Quick Hits  |  4/23/2020  | 
Businesses say customer data, financial data, and intellectual property are the types of data most vulnerable to insider attacks.
IBM Cloud Data Shield Brings Confidential Computing to Public Cloud
News  |  4/22/2020  | 
The Cloud Data Shield relies on confidential computing, which protects data while it's in use by enterprise applications.
Automated Bots Are Increasingly Scraping Data & Attempting Logins
News  |  4/21/2020  | 
The share of bot traffic to online sites declines, but businesses are seeing an overall increase in automated scraping of data, login attempts, and other detrimental activity.
7 Steps to Avoid the Top Cloud Access Risks
Commentary  |  4/21/2020  | 
Securing identities and data in the cloud is challenging, but a least-privilege access approach helps.
COVID-Themed Phishing Messages Fill Phishing Filters on Gmail
Quick Hits  |  4/17/2020  | 
In the past week, Google says it identified more than 18 million daily phishing messages featuring coronavirus themes.
10 Standout Security M&A Deals from Q1 2020
Slideshows  |  4/17/2020  | 
The first quarter of 2020 brought investments in enterprise IoT and endpoint security, as well as billion-dollar investments from private equity firms.
Neglected Infrastructure, Invasive Tech to Plague Infosec in 2022
News  |  4/16/2020  | 
Researchers outline cybersecurity threats they predict businesses will face in two years as technology evolves.
Arxan Technologies Joins New Software Company Digital.ai
Quick Hits  |  4/16/2020  | 
The application security provider teams up with CollabNet VersionOne and XebiaLabs to create Digital.ai, a new enterprise DevOps platform.
Slack's Incoming Webhooks Can Be Weaponized in Phishing Attacks
News  |  4/15/2020  | 
Researchers report how attackers could weaponize a feature in the Slack collaboration platform to access corporate data and messages.
Cybersecurity Prep for the 2020s
Commentary  |  4/15/2020  | 
The more things change, the more they stay the same. Much of the world is still behind on the basics.
TikTok Vulnerability Leaves Users Open to Fake News
Quick Hits  |  4/14/2020  | 
A vulnerability in the way TikTok requests and receives video content could leave users streaming video from bogus servers.
Apple Is Top Pick for Brand Phishing Attempts
Quick Hits  |  4/14/2020  | 
Ten percent of all brand phishing attempts in the first quarter of 2020 tried to deceive victims by imitating the Apple brand.
You're One Misconfiguration Away from a Cloud-Based Data Breach
Commentary  |  4/14/2020  | 
Don't assume that cyberattacks are all you have to worry about. Misconfigurations should also be a top cause of concern.
7 Ways COVID-19 Has Changed Our Online Lives
Slideshows  |  4/14/2020  | 
The pandemic has driven more of our personal and work lives online and for the bad guys, business is booming. Here's how you can protect yourself.
Network Data Shows Spikes, Vulnerability of Work-at-Home Shift
News  |  4/13/2020  | 
Traffic on the public Internet has grown by half this year, and videoconferencing bandwidth has grown by a factor of five, all driven by remote-work edicts.
Only 40% of Small Business Owners Have a Cybersecurity Policy
Quick Hits  |  4/10/2020  | 
Small business owners are concerned about cyberattacks targeting remote workers but lack the resources to invest in security.
Zscaler to Buy Cloudneeti
Quick Hits  |  4/9/2020  | 
The security service provider adds cloud security "posture" management with the deal.
Zoom, Microsoft & NTT Data Leaders Share Work-from-Home Security Tips
Quick Hits  |  4/9/2020  | 
Tech leaders encourage organizations to maintain security awareness training and offer advice on how to protect their information.
Microsoft Releases COVID-19 Security Guidance
Quick Hits  |  4/8/2020  | 
Information includes tips on how to keep IT systems infection-free.
Why Threat Hunting with XDR Matters
Commentary  |  4/8/2020  | 
Extended detection response technology assumes a breach across all your endpoints, networks, SaaS applications, cloud infrastructure, and any network-addressable resource.
Misconfigured Containers Again Targeted by Cryptominer Malware
News  |  4/6/2020  | 
An attack group is searching for insecure containers exposing the Docker API and then installing a program that attempts to mine cryptocurrency. It's not the first time.
Want to Improve Cloud Security? It Starts with Logging
Commentary  |  4/3/2020  | 
Remedying the "garbage in, garbage out" problem requires an understanding of what is causing the problem in the first place.
Defense Evasion Dominated 2019 Attack Tactics
News  |  3/31/2020  | 
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5537
PUBLISHED: 2020-05-25
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.
CVE-2020-13438
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.
CVE-2020-13439
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.
CVE-2020-13440
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
CVE-2020-13433
PUBLISHED: 2020-05-24
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.