Perimeter

News & Commentary
'Tis the Season: Dark Reading Caption Contest Winners
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Bricked devices, penetration tests, and virtual reality were among the themes submitted in our latest holiday caption competition. And the winners are ...
By Marilyn Cohodas Community Editor, Dark Reading, 1/9/2018
Comment0 comments  |  Read  |  Post a Comment
DHS Discovers Privacy Incident Involving Former Employee
Dark Reading Staff, Quick Hits
Former DHS OIG employee makes an unauthorized copy of PII data of DHS employees and parties involved in DHS OIG investigations.
By Dark Reading Staff , 1/4/2018
Comment1 Comment  |  Read  |  Post a Comment
Uber's Biggest Mistake: It Wasn't Paying Ransom
Kirsten Bay, President and CEO, Cyber adAPTCommentary
Rather than scrambling to deal with attacks after the fact, companies need to focus on improving detection capabilities with tools that help them work within data laws, not outside of them.
By Kirsten Bay President and CEO, Cyber adAPT, 1/4/2018
Comment0 comments  |  Read  |  Post a Comment
Intel Processor Security Flaw Prompts Kernel Makeovers in Linux, Windows
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
As-yet undisclosed design flaw in Intel processors has OS programmers working on kernel updates that reportedly could slow performance.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/3/2018
Comment4 comments  |  Read  |  Post a Comment
21st Century Oncology Faces $2.3M HIPAA Settlement Cost after Breach
Dark Reading Staff, Quick Hits
Company to pay US Department of Health and Human Services over potential HIPAA violations after patient medical data was stolen by cyberthieves.
By Dark Reading Staff , 12/29/2017
Comment1 Comment  |  Read  |  Post a Comment
China Shuts Down 13,000 Websites for Breaking Internet Laws
Dark Reading Staff, Quick Hits
The government says its rules are to protect security and stability, but some say they are repressive.
By Dark Reading Staff , 12/29/2017
Comment3 comments  |  Read  |  Post a Comment
Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation
Dave Klein, Regional Director of Sales Engineering & Architecture, GuardiCoreCommentary
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.
By Dave Klein Regional Director of Sales Engineering & Architecture, GuardiCore, 12/29/2017
Comment0 comments  |  Read  |  Post a Comment
Jailed Hacker Claims Proof He Breached DNC on Russia's Orders
Dark Reading Staff, Quick Hits
A Russian national in jail for hacking the Democratic National Committee says a data signature proves he acted on the Kremlin's orders.
By Dark Reading Staff , 12/28/2017
Comment6 comments  |  Read  |  Post a Comment
Nissan Canada Finance Alerts 1.13 Million Customers of Data Breach
Dark Reading Staff, Quick Hits
Attackers gain access to personal information of Nissan Canada Finance and Infiniti Financial Services Canada customers.
By Dark Reading Staff , 12/27/2017
Comment1 Comment  |  Read  |  Post a Comment
Hacker Targeted Huawei Router 0-Day in Attempt to Create New Mirai Botnet
Dark Reading Staff, Quick Hits
Thousands of attempts have been made to exploit a zero-day vulnerability in the Huawei home router HG532.
By Dark Reading Staff , 12/27/2017
Comment0 comments  |  Read  |  Post a Comment
The Financial Impact of Cyber Threats
Anand Paturi, Senior Research Scientist, RiskSenseCommentary
Determining the financial impact of specific IT vulnerabilities is a good way to prioritize remediation and prevent attacks.
By Anand Paturi Senior Research Scientist, RiskSense, 12/27/2017
Comment0 comments  |  Read  |  Post a Comment
2017 Security Predictions through the Rear Window
Dave Lewis, Global Security Advocate, AkamaiCommentary
If you're going to forecast the future, go big.
By Dave Lewis Global Security Advocate, Akamai, 12/26/2017
Comment0 comments  |  Read  |  Post a Comment
Exposed File From Ancestry's RootsWeb.com Contains Data on 300,000 Users
Dark Reading Staff, Quick Hits
A file containing hundreds of thousands of RootsWeb users' email, login information, and passwords was found externally exposed, genealogy site says.
By Dark Reading Staff , 12/26/2017
Comment0 comments  |  Read  |  Post a Comment
Network Printer & Scanner Spoofing Campaign Targets Millions
Dark Reading Staff, Quick Hits
Cybercriminals distribute malicious email attachments purportedly coming from three common brands of network printer-scanner devices.
By Dark Reading Staff , 12/22/2017
Comment1 Comment  |  Read  |  Post a Comment
Fileless Malware Attacks Hit Milestone in 2017
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Non-malware attacks account for the majority of all attacks this year, and ransomware grows to a $5 billion industry, new data shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/21/2017
Comment0 comments  |  Read  |  Post a Comment
Why Network Visibility Is Critical to Removing Security Blind Spots
Zeus Kerravala, Founder and Principal Analyst, ZK ResearchCommentary
You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.
By Zeus Kerravala Founder and Principal Analyst, ZK Research, 12/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Small,Targeted Ransomware Attacks Emerge
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Cybercriminals narrow their focus on specific industries, geographies, or size for a better return on investment, security experts say.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/21/2017
Comment0 comments  |  Read  |  Post a Comment
Security Worries? Let Policies Automate the Right Thing
John De Santis, CEO, HyTrustCommentary
By programming 'good' cybersecurity practices, organizations can override bad behavior, reduce risk, and improve the bottom line.
By John De Santis CEO, HyTrust, 12/20/2017
Comment6 comments  |  Read  |  Post a Comment
Trump Adviser: North Korea Waged WannaCry Attack
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
White House declares the North Korean government as perpetrators of the epic ransomware attack that spread around the globe in early May.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/19/2017
Comment0 comments  |  Read  |  Post a Comment
Top 8 Cybersecurity Skills IT Pros Need in 2018
Dawn Kawamoto, Associate Editor, Dark Reading
Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/18/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
CISOs' No. 1 Concern in 2018: The Talent Gap
Dawn Kawamoto, Associate Editor, Dark Reading,  1/10/2018
'Back to Basics' Might Be Your Best Security Weapon
Lee Waskevich, Vice President, Security Solutions at ePlus Technology,  1/10/2018
How to Attract More Women Into Cybersecurity - Now
Dawn Kawamoto, Associate Editor, Dark Reading,  1/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.