Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

News & Commentary
When WAFs Go Wrong
Ericka Chickowski, Contributing WriterNews
Web application firewalls are increasingly disappointing enterprises today. Here's why.
By Ericka Chickowski Contributing Writer, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Introducing 'Secure Access Service Edge'
Rik Turner, Principal Analyst, Infrastructure Solutions, OmdiaCommentary
The industry's latest buzzword is largely a repackaging exercise that bundles a collection of capabilities together and offers them as a cloud-delivered service.
By Rik Turner Principal Analyst, Infrastructure Solutions, Omdia, 7/3/2020
Comment1 Comment  |  Read  |  Post a Comment
Building Security Strategies in Sub-Saharan Africa: Trends and Concerns
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security experts discuss the rise in cybercrime affecting sub-Saharan Africa and the necessary changes to improve security.
By Kelly Sheridan Staff Editor, Dark Reading, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Anatomy of a Long-Con Phish
Chenxi Wang, Founder and General Partner, Rain CapitalExpert Insights
A fraudster on LinkedIn used my online profile in an apparent attempt to pull off a wide-ranging scam business venture.
By Chenxi Wang Founder and General Partner, Rain Capital, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Making Sense of EARN IT & LAED Bills' Implications for Crypto
Seth Rosenblatt, Contributing WriterNews
After Senate Judiciary Committee pushes EARN IT Act a step closer to ratification, raising further concerns for privacy advocates, here's what to know.
By Seth Rosenblatt Contributing Writer, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
22,900 MongoDB Databases Affected in Ransomware Attack
Dark Reading Staff, Quick Hits
An attacker scanned for databases misconfigured to expose information and wiped the data, leaving a ransom note behind.
By Dark Reading Staff , 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Businesses Invest in Cloud Security Tools Despite Concerns
Kelly Sheridan, Staff Editor, Dark ReadingNews
A majority of organizations say the acceleration was driven by a need to support more remote employees.
By Kelly Sheridan Staff Editor, Dark Reading, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
5 New InfoSec Job Training Trends: What We're Studying During COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading
With the pandemic uprooting networks and upending careers, which security skills are hot -- and which are not?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/26/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tips for Effective Deception
Jai Vijayan, Contributing Writer
The right decoys can frustrate attackers and help detect threats more quickly.
By Jai Vijayan Contributing Writer, 6/25/2020
Comment0 comments  |  Read  |  Post a Comment
No Internet Access? Amid Protests, Here's How to Tell Whether the Government Is Behind it
Seth Rosenblatt, Contributing WriterNews
Government-mandated Internet shutdowns occur far more regularly than you might expect.
By Seth Rosenblatt Contributing Writer, 6/24/2020
Comment0 comments  |  Read  |  Post a Comment
Rethinking Enterprise Access, Post-COVID-19
Dor Knafo, Co-Founder & CEO of Axis SecurityCommentary
New approaches will allow businesses to reduce risk while meeting the needs of users, employees, and third parties. Here are three issues to consider when reimagining enterprise application access.
By Dor Knafo Co-Founder & CEO of Axis Security, 6/24/2020
Comment0 comments  |  Read  |  Post a Comment
Twitter Says Business Users Were Vulnerable to Data Breach
Dark Reading Staff, Quick Hits
The now-patched vulnerability left business users' personal information in web browser caches for anyone to find.
By Dark Reading Staff , 6/23/2020
Comment1 Comment  |  Read  |  Post a Comment
Back to Basics with Cloud Permissions Management
Raj Mallempati, COO, CloudKnox SecurityCommentary
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
By Raj Mallempati COO, CloudKnox Security, 6/23/2020
Comment0 comments  |  Read  |  Post a Comment
5 Steps for Implementing Multicloud Identity
Eric Olden, CEO, Strata IdentityCommentary
Why embracing, not fighting, decentralization will pave the way to smoother cloud migrations.
By Eric Olden CEO, Strata Identity, 6/23/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Threats and Priorities as We Head Into the Second Half of 2020
Ericka Chickowski, Contributing Writer
With millions working from home and relying on the cloud, security leaders are under increasing pressure to keep their enterprises breach-free.
By Ericka Chickowski Contributing Writer, 6/22/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Security Alliance Offers Tips to Protect Telehealth Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
As telehealth grows more common, security experts address the privacy and security concerns of storing health data in the cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 6/19/2020
Comment2 comments  |  Read  |  Post a Comment
O365 Phishing Campaign Leveraged Legit Domains
Dark Reading Staff, Quick Hits
A sophisticated scheme used legitimate redirection tools to convince victims to give up Office 365 credentials.
By Dark Reading Staff , 6/18/2020
Comment0 comments  |  Read  |  Post a Comment
Zoom Changes Course on End-to-End Encryption
Dark Reading Staff, Quick Hits
The videoconferencing company now says it will offer end-to-end encryption to all users beginning in July.
By Dark Reading Staff , 6/17/2020
Comment0 comments  |  Read  |  Post a Comment
Adobe Releases PDF Protected Mode for Acrobat DC
Dark Reading Staff, Quick Hits
The preview, open to Windows users, opens PDF files in a sandbox to protect users who open malicious Acrobat documents.
By Dark Reading Staff , 6/16/2020
Comment0 comments  |  Read  |  Post a Comment
Cisco Brings SecureX into Full Security Lineup to Cut Complexity
Kelly Sheridan, Staff Editor, Dark ReadingNews
This step is intended to address growing enterprise concerns around security and complexity, both top of mind among CISOs and CIOs.
By Kelly Sheridan Staff Editor, Dark Reading, 6/16/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, Gigamon,  7/10/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...