News & Commentary

Latest Content tagged with Perimeter
Page 1 / 2   >   >>
Cybercriminals Battle Against Banks' Incident Response
News  |  5/22/2018  | 
'Filess' attacks account for more than half of successful breaches of bank networks, new data shows.
Tanium's Valuation Reaches $5 Billion With New Investment
Quick Hits  |  5/17/2018  | 
Tanium has received a $175 million investment from TPG Growth.
7 Tools for Stronger IoT Security, Visibility
Slideshows  |  5/16/2018  | 
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
IT Pros Worried About IoT But Not Prepared to Secure It
News  |  5/16/2018  | 
Few organizations have a security policy in place for Internet of Things devices, new survey shows.
Hide and Seek Brings Persistence to IoT Botnets
News  |  5/11/2018  | 
The rapidly evolving Hide and Seek botnet is now persistent on a wide range of infected IoT devices.
Script Kiddies, Criminals Hacking Video Streams for Fun & Profit
Quick Hits  |  5/9/2018  | 
Video streams are getting hijacked for 'prestige,' DDoS, and financial gain, a new report found.
10 Lessons From an IoT Demo Lab
Slideshows  |  5/7/2018  | 
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
LoJack Attack Finds False C2 Servers
News  |  5/1/2018  | 
A new attack uses compromised LoJack endpoint software to take root on enterprise networks.
10 Security Innovators to Watch
Slideshows  |  4/30/2018  | 
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
Routing Security Gets Boost with New Set of MANRS for IXPs
Quick Hits  |  4/26/2018  | 
The Internet Society debuts a new mutually agreed norms initiative for IXPs.
At RSAC, SOC 'Sees' User Behaviors
News  |  4/20/2018  | 
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
First Public Demo of Data Breach via IoT Hack Comes to RSAC
News  |  4/19/2018  | 
At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.
How to Protect Industrial Control Systems from State-Sponsored Hackers
Commentary  |  4/19/2018  | 
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
Trump Administration Cyber Czar Rob Joyce to Return to the NSA
News  |  4/17/2018  | 
First year of Trump White House's cybersecurity policy mostly followed in the footsteps of the Obama administration.
New Malware Adds RAT to a Persistent Loader
News  |  4/17/2018  | 
A newly discovered variant of a long-known malware loader adds the ability to control the victim from afar.
INsecurity Conference Seeks Security Pros to Speak on Best Practices
News  |  4/16/2018  | 
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
7 Non-Financial Data Types to Secure
Slideshows  |  4/14/2018  | 
Credit card and social security numbers aren't the only sensitive information that requires protection.
Microsegmentation: Strong Security in Small Packages
Commentary  |  4/12/2018  | 
A deep dive into how organizations can effectively devise and implement microsegmentation in a software-defined networking data center.
Hack Back: An Eye for an Eye Could Make You Blind
Commentary  |  4/11/2018  | 
Attackers have had almost zero consequences or cost for stealing data from innocent victims. But what if we could hack their wallets, not their systems?
20 Ways to Increase the Efficiency of the Incident Response Workflow
Commentary  |  4/10/2018  | 
Despite all the good intentions of some great security teams, we are still living in a "cut-and-paste" incident management world.
Attackers Exploit Cisco Switch Issue as Vendor Warns of Yet Another Critical Flaw
News  |  4/9/2018  | 
Cisco says companies fixing previously known protocol issue should also patch against critical remote-code execution issue.
Deep Instinct Adds MacOS Support
Quick Hits  |  4/9/2018  | 
Deep Instinct adds support for MacOS, Citrix, and multi-tenancy in its version 2.2 release.
Mirai Variant Botnet Takes Aim at Financials
News  |  4/5/2018  | 
In January, a botnet based on Mirai was used to attack at least three European financial institutions.
Supply Chain Attacks Could Pose Biggest Threat to Healthcare
News  |  4/5/2018  | 
Healthcare organizations often overlook the supply chain, which researchers say is their most vulnerable facet.
RSA to Acquire Fortscale
Quick Hits  |  4/5/2018  | 
RSA plans to add Fortscale's embedded behavioral analytics to the RSA NetWitness Platform.
Four Gas Pipeline Firms Hit in Attack on Their EDI Service Provider
News  |  4/5/2018  | 
Attack a warning on vulnerabilities in energy networks, security analysts say.
How Gamers Could Save the Cybersecurity Skills Gap
News  |  4/4/2018  | 
McAfee shares its firsthand experience on training in-house cybersecurity pros and publishes new data on how other organizations deal with filling security jobs.
Iran 'the New China' as a Pervasive Nation-State Hacking Threat
News  |  4/4/2018  | 
Security investigations by incident responders at FireEye's Mandiant in 2017 found more prolific and sophisticated attacks out of Iran.
Active Cyber Defense Is an Opportunity, Not a Threat
Commentary  |  4/4/2018  | 
If honest citizens can be tracked online with cookies and beacons that share where we are and what we are doing, then why should security professionals restrict their ability to hack attackers?
Hudson's Bay Brands Hacked, 5 Million Credit Card Accounts Stolen
News  |  4/2/2018  | 
The infamous Carbanak/FIN7 cybercrime syndicate breached Saks and Lord & Taylor and is now selling some of the stolen credit card accounts on the Dark Web.
10 Women in Security You May Not Know But Should
Slideshows  |  3/30/2018  | 
The first in a series of articles shining a spotlight on women who are quietly changing the game in cybersecurity.
MITRE Evaluates Tools for APT Detection
News  |  3/29/2018  | 
A new service from MITRE will evaluate products based on how well they detect advanced persistent threats.
Deconstructing the DOJ Iranian Hacking Indictment
Commentary  |  3/29/2018  | 
The alleged attackers used fairly simple tools, techniques and procedures to compromise a new victim organization on an almost weekly basis for over five years.
Destructive and False Flag Cyberattacks to Escalate
News  |  3/28/2018  | 
Rising geopolitical tensions between the US and Russia, Iran, and others are the perfect recipe for nastier nation-state cyberattacks.
How Measuring Security for Risk & ROI Can Empower CISOs
Commentary  |  3/28/2018  | 
For the vast majority of business decisions, organizations seek metrics-driven proof. Why is cybersecurity the exception?
Kaspersky Lab Open-Sources its Threat-Hunting Tool
Quick Hits  |  3/28/2018  | 
'KLara' was built to speed up and automate the process of identifying malware samples.
New Ransomware Attacks Endpoint Defenses
News  |  3/26/2018  | 
AVCrypt tries to disable anti-malware software before it can be detected and removed.
Looking Back to Look Ahead: Cyber Threat Trends to Watch
Commentary  |  3/23/2018  | 
Data from the fourth quarter of last year shows the state of application exploits, malicious software, and botnets.
New Survey Illustrates Real-World Difficulties in Cloud Security
News  |  3/22/2018  | 
Depending on traditional models makes cloud security more challenging for organizations, according to a Barracuda Networks report.
Russian APT Compromised Cisco Router in Energy Sector Attacks
News  |  3/19/2018  | 
DragonFly hacking team that targeted US critical infrastructure compromised a network router as part of its attack campaign against UK energy firms last year.
Half of Cyberattacks in the Middle East Target Oil & Gas Sector: Siemens
Quick Hits  |  3/19/2018  | 
Nearly one-third of all cyberattacks worldwide are against operations technology (OT), or industrial networks, a new report by Siemens and The Ponemon Institute shows.
Google Rolls Out New Security Features for Chrome Enterprise
Quick Hits  |  3/16/2018  | 
The business-friendly browser now includes new admin controls, EMM partnerships, and additions to help manage Active Directory.
Palo Alto Buys Evident.io to Secure the Cloud
News  |  3/15/2018  | 
The $300 million deal is part of an industry-wide consolidation of cloud, data, and network security companies.
Segmentation: The Neglected (Yet Essential) Control
Commentary  |  3/14/2018  | 
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
'Slingshot' Cyber Espionage Campaign Hacks Network Routers
News  |  3/9/2018  | 
Advanced hacking group appears to be native English speakers targeting Africa, Middle East.
McAfee Closes Acquisition of VPN Provider TunnelBear
Quick Hits  |  3/8/2018  | 
This marks McAfee's second acquisition since its spinoff from Intel last year.
Why Cryptocurrencies Are Dangerous for Enterprises
Commentary  |  2/28/2018  | 
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
Oracle Buys Zenedge for Cloud Security
Quick Hits  |  2/15/2018  | 
Oracle announces its acquisition of Zenedge, which focuses on cloud-based network and infrastructure security.
Encrypted Attacks Continue to Dog Perimeter Defenses
Slideshows  |  2/14/2018  | 
Attacks using SSL to obfuscate malicious traffic finding fertile ground for growth.
One in Three SOC Analysts Now Job-Hunting
News  |  2/12/2018  | 
The more experienced a SOC analyst gets, the more his or her job satisfaction declines, a new survey of security operations center staffers shows.
Page 1 / 2   >   >>


Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-8656
PUBLISHED: 2018-05-22
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
CVE-2017-2609
PUBLISHED: 2018-05-22
jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to.
CVE-2017-2617
PUBLISHED: 2018-05-22
hawtio before version 1.5.5 is vulnerable to remote code execution via file upload. An attacker could use this vulnerability to upload a crafted file which could be executed on a target machine where hawtio is deployed.
CVE-2018-11372
PUBLISHED: 2018-05-22
iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.
CVE-2018-11373
PUBLISHED: 2018-05-22
iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.