Perimeter
News & Commentary
Smartwatches Could Become New Frontier for Cyber Attackers
Jai Vijayan, Freelance writerNews
Every single smartwatch tested in a recent study by HP had serious security weaknesses.
By Jai Vijayan Freelance writer, 7/24/2015
Comment1 Comment  |  Read  |  Post a Comment
Detection: A Balanced Approach For Mitigating Risk
Joshua Goldfarb, VP & CTO - Americas, FireEye.Commentary
Only detection and response can complete the security picture that begins with prevention.
By Joshua Goldfarb VP & CTO - Americas, FireEye., 7/21/2015
Comment0 comments  |  Read  |  Post a Comment
Time’s Running Out For The $76 Billion Detection Industry
Simon Crosby, Co-founder & CTO, BromiumCommentary
The one strategy that can deliver the needle to the security team without the haystack is prevention.
By Simon Crosby Co-founder & CTO, Bromium, 7/21/2015
Comment2 comments  |  Read  |  Post a Comment
Spam Hits 12-Year Low, Symantec Report Finds
Larry Loeb, Blogger, InformationweekCommentary
While cyber-attacks grab all the headlines, the amount of spam hitting the in-boxes of the corporate world is actually at its lowest level in 12 years, according to Symantec.
By Larry Loeb Blogger, Informationweek, 7/18/2015
Comment4 comments  |  Read  |  Post a Comment
Dark Reading Radio: Firewall Smackdown
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Is there a future for the venerable firewall? Security CEOs Asaf Cidon of Sookasa and Jody Brazil of FireMon debate the issues in our latest radio show.
By Marilyn Cohodas Community Editor, Dark Reading, 7/13/2015
Comment1 Comment  |  Read  |  Post a Comment
Smart Cities' 4 Biggest Security Challenges
Sara Peters, Senior Editor at Dark ReadingNews
The messiness of politics and the vulnerability of the Internet of Things in one big, unwieldy package.
By Sara Peters Senior Editor at Dark Reading, 7/1/2015
Comment4 comments  |  Read  |  Post a Comment
DDoS Attackers Exploiting '80s-Era Routing Protocol
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Latest wave of DDoS attacks abuses small office-home routers via the 27-year-old, outdated Routing Information Protocol Version 1 (RIPv1).
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/1/2015
Comment2 comments  |  Read  |  Post a Comment
Gas Stations In the Bullseye
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
White hats at Black Hat USA will release free honeypot tool for monitoring attacks against gas tank monitoring systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 6/29/2015
Comment6 comments  |  Read  |  Post a Comment
Few Skills Needed to Build DDoS Infrastructure, Honeypot Project Shows
Jai Vijayan, Freelance writerNews
Novetta's analysis of the tactics used by attackers to exploit a flaw in Elasticsearch shows script kiddies can build DDoS attacks.
By Jai Vijayan Freelance writer, 6/11/2015
Comment0 comments  |  Read  |  Post a Comment
Smart Cities, Finance Security Hot Topics At London Technology Week
Sara Peters, Senior Editor at Dark ReadingNews
IFSEC, Interop, Black Hat, DarkReading's Crash Course, and over 100 other tech events descend upon London next week.
By Sara Peters Senior Editor at Dark Reading, 6/11/2015
Comment1 Comment  |  Read  |  Post a Comment
Firewalls Sustain Foundation of Sound Security
Jody Brazil, Founder and CEO of FireMonCommentary
Simply put, organizations that cannot maintain rigid firewall enforcement are more likely to be compromised.
By Jody Brazil Founder and CEO of FireMon, 6/10/2015
Comment1 Comment  |  Read  |  Post a Comment
Why the Firewall is Increasingly Irrelevant
Asaf Cidon, CEO & Co-founder, SookasaCommentary
It will take a dramatic reimagining of security to dedicate focus to the areas where company data actually resides. It starts with tearing down the firewall.
By Asaf Cidon CEO & Co-founder, Sookasa, 6/10/2015
Comment4 comments  |  Read  |  Post a Comment
How The Hacker Economy Impacts Your Network & The Cloud
Bill Kleyman, VP of Strategy and InnovationCommentary
To protect data against growing threats, networks must now act as both sensor and enforcer around traffic that passes through users and data centers to the cloud.
By Bill Kleyman VP of Strategy and Innovation, 6/4/2015
Comment4 comments  |  Read  |  Post a Comment
Moose Malware Uses Linux Routers For Social Network Fraud
Sara Peters, Senior Editor at Dark ReadingNews
Linux/Moose is sophisticated enough to do DNS hijacks, DDoSes, and deep network penetration...so why is it wasting its time on Instagram?
By Sara Peters Senior Editor at Dark Reading, 5/27/2015
Comment13 comments  |  Read  |  Post a Comment
5 Signs Credentials In Your Network Are Being Compromised
Idan Tendler, CEO, FortscaleCommentary
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
By Idan Tendler CEO, Fortscale, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Cloud Security Alliance, Waverley Labs Collaborate On Open-Source Software-Defined Perimeter Spec
Jai Vijayan, Freelance writerNews
SDPs offer enterprises an alternative to traditional perimeter tools for protecting network assets, says CSA, Waverley
By Jai Vijayan Freelance writer, 5/13/2015
Comment0 comments  |  Read  |  Post a Comment
Dyre Trojan Adds New Sandbox-Evasion Feature
Jai Vijayan, Freelance writerNews
New tactic makes it that much harder to detect, says Seculert.
By Jai Vijayan Freelance writer, 5/1/2015
Comment1 Comment  |  Read  |  Post a Comment
Wi-Fi Woes Continue To Plague Infosec
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Several pieces of research coincide to send the message that hotspot connectivity is probably always going to be a sore spot for security.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/30/2015
Comment8 comments  |  Read  |  Post a Comment
IRC Botnets Are Not Quite Dead Yet
Jai Vijayan, Freelance writerNews
The handful that still operate are more sophisticated and resilient than before, Zscaler says.
By Jai Vijayan Freelance writer, 4/29/2015
Comment2 comments  |  Read  |  Post a Comment
Inside the 4 Most Common Threat Actor Tools
 Dr. Chase Cunningham, Head of Threat Intelligence, FireHostCommentary
How do you prevent your environment from becoming the next target? Turn the tables on your attackers.
By Dr. Chase Cunningham Head of Threat Intelligence, FireHost, 4/17/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by suhasuseless
Current Conversations cool article..really cool
In reply to: good post
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4692
Published: 2015-07-27
The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging /dev/kvm access for an ioctl call.

CVE-2015-1840
Published: 2015-07-26
jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space cha...

CVE-2015-1872
Published: 2015-07-26
The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via craft...

CVE-2015-2847
Published: 2015-07-26
Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream.

CVE-2015-2848
Published: 2015-07-26
Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-automation commands, as demonstrated by a door-unlock command.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!