News & Commentary

Latest Content tagged with Perimeter
Page 1 / 2   >   >>
Nearly 2/3 of Industrial Companies Lack Security Monitoring
Quick Hits  |  12/6/2017  | 
New Honeywell survey shows more than half of industrial sector organizations have suffered cyberattacks.
FBI, Europol, Microsoft, ESET Team Up, Dismantle One of World's Largest Malware Operations
News  |  12/4/2017  | 
Avalanche, aka Gamarue, aka Wauchos, malware enterprise spanned hundreds of botnets and 88 different malware families.
The Critical Difference Between Vulnerabilities Equities & Threat Equities
Commentary  |  11/30/2017  | 
Why the government has an obligation to share its knowledge of flaws in software and hardware to strengthen digital infrastructure in the face of growing cyberthreats.
Death of the Tier 1 SOC Analyst
News  |  11/16/2017  | 
Say goodbye to the entry-level security operations center (SOC) analyst as we know it.
Optiv Buys Conexsys for Canadian Market Growth
Quick Hits  |  11/13/2017  | 
Optiv ramps up its growth strategy with an acquisition of Conexsys, security and networking firm based in Toronto.
Siemens Teams Up with Tenable
News  |  11/8/2017  | 
ICS/SCADA vendor further extends its managed security services for critical infrastructure networks.
Greg Touhill: How an Air Force Lieutenant Became One of Cybersecurity's Top Guns
News  |  11/8/2017  | 
Security Pro File: After leading cyber efforts in the military, DHS, and the federal government, the former Federal CISO now sets his sights on new security technology.
Its Time to Change the Cybersecurity Conversation
Commentary  |  10/30/2017  | 
The IT security industry needs more balance between disclosure of threats and discussion of defense practices and greater sharing of ideas
10 Steps for Stretching Your IT Security Budget
Slideshows  |  10/24/2017  | 
When the budget gods decline your request for an increase, here are 10 ways to stretch that dollar.
US Critical Infrastructure Target of Russia-Linked Cyberattacks
News  |  10/23/2017  | 
Attacks have been under way since May, targeting energy, nuclear, aviation, water, and manufacturing, FBI and DHS say.
Security Training & Awareness: 3 Big Myths
Commentary  |  10/23/2017  | 
The once-overwhelming consensus that security awareness programs are invaluable is increasingly up for debate.
IoT Deployment Security Top Concern for Enterprises
Quick Hits  |  10/19/2017  | 
A new survey shows that 63% of respondents are worried about the impact of the Internet of Things on corporate security technologies and processes.
Game Change: Meet the Mach37 Fall Startups
Slideshows  |  10/18/2017  | 
CEOs describe how they think their fledgling ventures will revolutionize user training, privacy, identity management and embedded system security.
'Hacker Door' Backdoor Resurfaces as RAT a Decade Later
Quick Hits  |  10/18/2017  | 
Sophisticated backdoor re-emerges as a RAT more than a decade after its 2004 public release, with updated advanced malicious functionality.
What's Next After HTTPS: A Fully Encrypted Web?
Commentary  |  10/18/2017  | 
As the rate of HTTPS adoption grows faster by the day, it's only a matter of time before a majority of websites turn on SSL. Here's why.
ATM Machine Malware Sold on Dark Web
Quick Hits  |  10/17/2017  | 
Cybercriminals are advertising ATM malware that's designed to exploit hardware and software vulnerabilities on the cash-dispensing machines.
DHS to Require All Fed Agencies to Use DMARC, HTTPS, and STARTTLS
News  |  10/16/2017  | 
The move follows a DHS review of federal government agencies' steps to secure email and deploy authentication technologies.
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Commentary  |  10/12/2017  | 
With social media, gathering information has never been easier, making Business Email Compromise the land of milk and honey for cybercriminals.
How Systematic Lying Can Improve Your Security
Commentary  |  10/11/2017  | 
No, you don't have to tell websites your mother's actual maiden name.
Unstructured Data: The Threat You Cannot See
Commentary  |  10/10/2017  | 
Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.
New 4G, 5G Network Flaw 'Worrisome'
News  |  10/9/2017  | 
Weaknesses in the voice and data convergence technology can be exploited to allow cybercriminals to launch DoS attacks and hijack mobile data.
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Commentary  |  10/6/2017  | 
As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.
Equifax Lands $7.25 Million Contract with IRS
Quick Hits  |  10/5/2017  | 
The embattled credit monitoring agency will provide taxpayer identification verification and fraud prevention services to the federal tax agency.
DNS a 'Victim of its Own Success'
News  |  10/4/2017  | 
Why securing the Domain Name System remains an afterthought at many organizations.
New Standards Will Shore up Internet Router Security
News  |  10/3/2017  | 
The BGP Path Validation draft standards were designed to ensure that Internet traffic flows only along digitally signed, authorized paths.
5 IT Practices That Put Enterprises at Risk
Commentary  |  10/2/2017  | 
No one solution will keep you 100% protected, but if you avoid these common missteps, you can shore up your security posture.
Weakness In Windows Defender Lets Malware Slip Through Via SMB Shares
News  |  10/2/2017  | 
CyberArk says the manner in which Defender scans for malicious executables in SMB shares gives attackers an opening.
Best and Worst Security Functions to Outsource
Slideshows  |  9/29/2017  | 
Which security functions are best handled by third parties, and which should be kept in-house? Experts weigh in.
Equihax: Identifying & Wrangling Vulnerabilities
Commentary  |  9/28/2017  | 
Now that we know what was taken from Equifax, how it was taken, and what is being sold, what more do we need to learn before the next time?
Cybercrime Costs Each Business $11.7M Per Year
News  |  9/26/2017  | 
The most expensive attacks are malware infections, which cost global businesses $2.4 million per incident.
Siemens' New ICS/SCADA Security Service a Sign of the Times
News  |  9/19/2017  | 
Major ICS/SCADA vendors are entering the managed security services business with cloud-based offerings for energy and other industrial sectors.
How Apple's New Facial Recognition Technology Will Change Enterprise Security
Commentary  |  9/19/2017  | 
Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.
Encryption: A New Boundary for Distributed Infrastructure
Commentary  |  9/14/2017  | 
As the sheet metal surrounding traditional infrastructure continues to fall away, where should security functions in a cloud environment reside?
Deception: A Convincing New Approach to Cyber Defense
Commentary  |  9/12/2017  | 
How defenders in a US national security agency capture-the-flag exercise used an endless stream of false data across the network to thwart attackers and contain damage.
Paul Vixie: How CISOs Can Use DNS to Up Security
Paul Vixie: How CISOs Can Use DNS to Up Security
Dark Reading Videos  |  9/11/2017  | 
FarSight CEO and DNS master Paul Vixie explains how enterprises, not just telecoms and infrastructure providers, can use DNS to improve cybersecurity.
Juniper Networks to Buy Cyphort for Threat Detection
Quick Hits  |  9/1/2017  | 
Company will integrate Cyphort into its Sky ATP platform to support more file types, and offer on- and off-premise support, analytics, and improved malware detection.
IoTCandyJar: A HoneyPot for any IoT Device
IoTCandyJar: A HoneyPot for any IoT Device
Dark Reading Videos  |  8/29/2017  | 
Palo Alto Networks researchers explain how they designed an affordable, behavior-based honeypot to detect attacks on an IoT device -- any kind of IoT device.
Forcepoint Snaps Up RedOwl
Quick Hits  |  8/28/2017  | 
The acquisition aims to bolster Forcepoint's behavioral analytics offerings.
The Pitfalls of Cyber Insurance
Commentary  |  8/21/2017  | 
Cyber insurance is 'promising' but it won't totally protect your company against hacks.
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
News  |  7/20/2017  | 
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
Zero-Day Exploit Surfaces that May Affect Millions of IoT Users
Quick Hits  |  7/18/2017  | 
A zero-day vulnerability dubbed Devil's Ivy is discovered in a widely used third-party toolkit called gSOAP.
How Active Intrusion Detection Can Seek and Block Attacks
News  |  7/12/2017  | 
Researchers at Black Hat USA will demonstrate how active intrusion detection strategies can help administrators detect hackers who are overly reliant on popular attack tools and techniques.
The SOC Is DeadLong Live the SOC
Commentary  |  7/7/2017  | 
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
Hacking the State of the ISIS Cyber Caliphate
News  |  7/6/2017  | 
Researchers say Islamic State's United Cyber Caliphate remains in its infancy when it comes to cyberattack expertise.
Avoiding the Dark Side of AI-Driven Security Awareness
Commentary  |  7/5/2017  | 
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
Why Enterprise Security Needs a New Focus
Commentary  |  6/29/2017  | 
The WannaCry ransomware attack shows patching and perimeter defenses aren't enough. Enterprises should combine preventative measures with threat detection tactics.
Defining Security: The Difference Between Safety & Privacy
Commentary  |  6/28/2017  | 
Words matter, especially if you are making a case for new security measures, state-of-the-art technology or personnel.
WannaCry Blame Game: Why Delayed Patching is Not the Problem
Commentary  |  6/27/2017  | 
While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.
Recovering from Bad Decisions in the Cloud
Commentary  |  6/26/2017  | 
The cloud makes it much easier to make changes to security controls than in traditional networks.
WannaCry? Youre Not Alone: The 5 Stages of Security Grief
Commentary  |  6/22/2017  | 
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
Page 1 / 2   >   >>


5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Gee, these virtual reality goggles work great!!! 
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] Cloud Security's Changing Landscape
[Strategic Security Report] Cloud Security's Changing Landscape
Cloud services are increasingly becoming the platform for mission-critical apps and data. Heres how enterprises are adapting their security strategies!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.