Cloud

News & Commentary
Cloud Security Spend Set to Reach $12.6B by 2023
Kelly Sheridan, Staff Editor, Dark ReadingNews
Growth corresponds with a greater reliance on public cloud services.
By Kelly Sheridan Staff Editor, Dark Reading, 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
VPN Vulnerabilities Point Out Need for Comprehensive Remote Security
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
VPNs are the primary tool for securing remote access, but recently disclosed vulnerabilities point out the weakness of relying on them as the only tool.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/17/2019
Comment0 comments  |  Read  |  Post a Comment
This Week in Security Funding: Where the Money Went
Kelly Sheridan, Staff Editor, Dark ReadingNews
Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.
By Kelly Sheridan Staff Editor, Dark Reading, 4/12/2019
Comment0 comments  |  Read  |  Post a Comment
8 'SOC-as-a-Service' Offerings
Steve Zurier, Freelance Writer
These new cloud services seek to help companies figure out what their traditional SIEM alerts mean, plus how they can prioritize responses and improve their security operations.
By Steve Zurier Freelance Writer, 4/12/2019
Comment2 comments  |  Read  |  Post a Comment
Cloudy with a Chance of Security Breach
Ronan David, Chief Marketing Officer and Vice President of Business Development for EfficientIPCommentary
Businesses must be aware of the security weaknesses of the public cloud and not assume that every angle is covered.
By Ronan David Chief Marketing Officer and Vice President of Business Development for EfficientIP, 4/12/2019
Comment0 comments  |  Read  |  Post a Comment
Senate Report on Equifax Raises Questions Ahead of FICO Product Announcement
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Equifax is slammed in a Senate subcommittee report ahead of the announcement of a joint service with FICO.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/11/2019
Comment0 comments  |  Read  |  Post a Comment
In Security, All Logs Are Not Created Equal
Joe Partlow, Chief Technology Officer, ReliaQuestCommentary
Prioritizing key log sources goes a long way toward effective incident response.
By Joe Partlow Chief Technology Officer, ReliaQuest, 4/11/2019
Comment0 comments  |  Read  |  Post a Comment
When Your Sandbox Fails
Kowsik Guruswamy, Chief Technology Officer at Menlo SecurityCommentary
The sandbox is an important piece of the security stack, but an organization's entire strategy shouldn't rely on its ability to detect every threat. Here's why.
By Kowsik Guruswamy Chief Technology Officer at Menlo Security, 4/11/2019
Comment2 comments  |  Read  |  Post a Comment
25% of Phishing Emails Sneak into Office 365: Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers analyzed 55.5 million emails and found one out of every 99 messages contains a phishing attack.
By Kelly Sheridan Staff Editor, Dark Reading, 4/10/2019
Comment0 comments  |  Read  |  Post a Comment
Merging Companies, Merging Clouds
Scott Totman, VP of Engineering, DivvyCloudCommentary
Integrating cloud environments is anything but easy. Evaluating the security risks in doing so must be a starting component of an overall M&A strategy.
By Scott Totman VP of Engineering, DivvyCloud, 4/10/2019
Comment0 comments  |  Read  |  Post a Comment
A New Approach to Application Security Testing
Manish Gupta, CEO of ShiftLeftCommentary
If the appsec industry were to develop a better AST solution from scratch, what would it look like?
By Manish Gupta CEO of ShiftLeft, 4/9/2019
Comment1 Comment  |  Read  |  Post a Comment
6 Essential Skills Cybersecurity Pros Need to Develop in 2019
Ericka Chickowski, Contributing Writer, Dark Reading
In a time of disruption in the security and tech worlds, cybersecurity professionals can't afford to become complacent even in the face of a skills shortage.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/3/2019
Comment2 comments  |  Read  |  Post a Comment
Rapid7 Buys Network Monitoring Firm NetFort
Dark Reading Staff, Quick Hits
New technology will be integrated into Rapid7's cloud-based security analytics platform.
By Dark Reading Staff , 4/2/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Tackles IoT Security with New Azure Updates
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Azure Security Center for IoT provides teams with an overview of IoT devices and helps monitor their security properties.
By Kelly Sheridan Staff Editor, Dark Reading, 3/28/2019
Comment2 comments  |  Read  |  Post a Comment
New Shodan Tool Warns Organizations of Their Internet-Exposed Devices
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Shodan Monitor is free to members of the popular Internet search engine.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/27/2019
Comment8 comments  |  Read  |  Post a Comment
Small Businesses Turn to Managed Service Providers for Security
Steve Zurier, Freelance WriterNews
The average cost of a cyberattack at an SMB is $54,650, a new study shows.
By Steve Zurier Freelance Writer, 3/26/2019
Comment0 comments  |  Read  |  Post a Comment
Under Attack: Over Half of SMBs Breached Last Year
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.
By Marc Wilczek Digital Strategist & CIO Advisor, 3/26/2019
Comment2 comments  |  Read  |  Post a Comment
87% of Cloud Pros Say Lack of Visibility Masks Security
Dark Reading Staff, Quick Hits
The majority of cloud IT professionals find a direct link between network visibility and business value, new data shows.
By Dark Reading Staff , 3/26/2019
Comment2 comments  |  Read  |  Post a Comment
Inside Incident Response: 6 Key Tips to Keep in Mind
Kelly Sheridan, Staff Editor, Dark Reading
Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.
By Kelly Sheridan Staff Editor, Dark Reading, 3/22/2019
Comment1 Comment  |  Read  |  Post a Comment
SaaS Ecosystem Complexity Ratcheting Up Risk of Insider Threats
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Even with common security platforms like CASBs, organizations struggle to deal with the volume of apps and accounts that interact with business-critical data.
By Ericka Chickowski Contributing Writer, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7303
PUBLISHED: 2019-04-23
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 b...
CVE-2019-7304
PUBLISHED: 2019-04-23
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
CVE-2019-0223
PUBLISHED: 2019-04-23
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1...
CVE-2017-12619
PUBLISHED: 2019-04-23
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".
CVE-2018-1317
PUBLISHED: 2019-04-23
In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.