Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

News & Commentary
NordVPN Breached Via Data Center Provider's Error
Dark Reading Staff, Quick Hits
The VPN company said that one of its 3,000 servers in a third-party data center was open to exploitation through a misconfigured management tool.
By Dark Reading Staff , 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Autoclerk Database Spills 179GB of Customer, US Government Data
Dark Reading Staff, Quick Hits
An open Elasticsearch database exposed hundreds of thousands of hotel booking reservations, compromising data from full names to room numbers.
By Dark Reading Staff , 10/22/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Turn Alexa and Google Home Into Credential Thieves
Dark Reading Staff, Quick Hits
Eight Amazon Alexa and Google Home apps were approved for official app stores even though their actual purposes were eavesdropping and phishing.
By Dark Reading Staff , 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
Trend Micro Buys Cloud Conformity to Fight Cloud Competition
Dark Reading Staff, Quick Hits
The cloud security posture management startup was acquired for a reported $70 million.
By Dark Reading Staff , 10/21/2019
Comment0 comments  |  Read  |  Post a Comment
In a Crowded Endpoint Security Market, Consolidation Is Underway
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 10/18/2019
Comment0 comments  |  Read  |  Post a Comment
Phishing Campaign Targets Stripe Credentials, Financial Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers make use of an old trick and evade detection by blocking users from viewing an embedded link when hovering over the URL.
By Kelly Sheridan Staff Editor, Dark Reading, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer
SMBs still perceive themselves at low risk from cyberthreats in spite of attack statistics that paint a different pictur
By Ericka Chickowski Contributing Writer, 10/17/2019
Comment2 comments  |  Read  |  Post a Comment
Cozy Bear Emerges from Hibernation to Hack EU Ministries
Robert Lemos, Contributing WriterNews
The cyber-espionage group, linked to Russia and blamed for hacking the Democratic National Committee in 2016, has been using covert communications and other techniques to escape detection for at least two years.
By Robert Lemos Contributing Writer, 10/17/2019
Comment0 comments  |  Read  |  Post a Comment
SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance
Dark Reading Staff, Quick Hits
The $37.5 million acquisitions will boost SailPoint's portfolio across all cloud platforms.
By Dark Reading Staff , 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Launches Security Health Analytics in Beta
Dark Reading Staff, Quick Hits
The tool is designed to help identify misconfigurations and compliance violations in the Google Cloud Platform.
By Dark Reading Staff , 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Cryptojacking Worm Targets and Infects 2,000 Docker Hosts
Robert Lemos, Contributing WriterNews
Basic and 'inept' worm managed to compromise Docker hosts by exploiting misconfigurations.
By Robert Lemos Contributing Writer, 10/16/2019
Comment0 comments  |  Read  |  Post a Comment
Symantec Adds Endpoint Security Tool to Revamp Portfolio
Dark Reading Staff, Quick Hits
Symantec Endpoint Security aims to deliver protection, detection, threat hunting, and response in a single tool.
By Dark Reading Staff , 10/15/2019
Comment0 comments  |  Read  |  Post a Comment
Sophos for Sale: Thoma Bravo Offers $3.9B
Kelly Sheridan, Staff Editor, Dark ReadingNews
Sophos' board of directors plans to unanimously recommend the offer to the company's shareholders.
By Kelly Sheridan Staff Editor, Dark Reading, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
Pitney Bowes Hit by Ransomware
Dark Reading Staff, Quick Hits
The attack does not appear to have endangered customer data, but it has had an impact on orders for supplies and postage refills.
By Dark Reading Staff , 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
When Using Cloud, Paranoia Can Pay Off
Robert Lemos, Contributing WriterNews
Journalists are increasingly concerned about what cloud providers may access or share with governments - and companies should worry as well.
By Robert Lemos Contributing Writer, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
By Steve Zurier Contributing Writer, 10/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Imperva Details Response to Customer Database Exposure
Dark Reading Staff, Quick Hits
The cloud security's CEO and CTO lay out the timeline of events and the steps customers should take to protect their accounts.
By Dark Reading Staff , 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Akamai Snaps Up ChameleonX to Tackle Magecart
Dark Reading Staff, Quick Hits
The Israel-based ChameleonX aims to protect websites from cyberattacks targeting payment data.
By Dark Reading Staff , 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
How to Think Like a Hacker
Dr. Giovanni Vigna, Chief Technology Officer at LastlineCommentary
In the arms race of computer security, it's never been more important to develop an adversarial mindset that can identify assumptions and determine if and how they can be violated.
By Dr. Giovanni Vigna Chief Technology Officer at Lastline, 10/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Magecart Attack on Volusion Highlights Supply Chain Dangers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
By Kelly Sheridan Staff Editor, Dark Reading, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Mia Doyle
Current Conversations really useful, thank you!
In reply to: comment
Post Your Own Reply
More Conversations
PR Newswire
Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-9501
PUBLISHED: 2019-10-22
The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.
CVE-2019-16971
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS.
CVE-2019-16972
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\contacts\contact_addresses.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2019-16973
PUBLISHED: 2019-10-22
In FusionPBX up to 4.5.7, the file app\contacts\contact_edit.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.
CVE-2015-9496
PUBLISHED: 2019-10-22
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.