Perimeter

News & Commentary
Email Bomb Threats Follow Sextortion Playbook
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Iranian Hackers Target Nuclear Experts, US Officials
Dark Reading Staff, Quick Hits
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
By Dark Reading Staff , 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Who Are You, Really? A Peek at the Future of Identity
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
By Kelly Sheridan Staff Editor, Dark Reading, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Retailers: Avoid the Hackable Holidaze
Fred Kneip, CEO at CyberGRXCommentary
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
By Fred Kneip CEO at CyberGRX, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Change Tactics to Outwit Machine-Learning Defense
Dark Reading Staff, Quick Hits
The rise in machine learning for security has forced criminals to rethink how to avoid detection.
By Dark Reading Staff , 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Universities Get Schooled by Hackers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Education Gets an 'F' for Cybersecurity
Dark Reading Staff, Quick Hits
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
By Dark Reading Staff , 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018
Comment3 comments  |  Read  |  Post a Comment
Bug Hunting Paves Path to Infosec Careers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
By Kelly Sheridan Staff Editor, Dark Reading, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
Jai Vijayan, Freelance writerNews
McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
By Jai Vijayan Freelance writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Deception: Honey vs. Real Environments
Dr. Salvatore Stolfo, Fouder & CTO, Allure SecurityCommentary
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Mac Malware Cracks WatchGuards Top 10 List
Steve Zurier, Freelance WriterNews
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
By Steve Zurier Freelance Writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Arctic Wolf Buys RootSecure
Dark Reading Staff, Quick Hits
The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.
By Dark Reading Staff , 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
Dark Reading Staff, Quick Hits
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
By Dark Reading Staff , 12/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Equifax Breach Underscores Need for Accountability, Simpler Architectures
Robert Lemos, Technology Journalist/Data ResearcherNews
A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'
By Robert Lemos Technology Journalist/Data Researcher, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
49% of Cloud Databases Left Unencrypted
Kelly Sheridan, Staff Editor, Dark ReadingNews
Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
The Grinch Bot Before Christmas: A Security Story for the Holidays
Julian Waits, GM Cyber Security Business Unit, Devo TechnologyCommentary
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
By Julian Waits GM Cyber Security Business Unit, Devo Technology, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20168
PUBLISHED: 2018-12-17
Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure cache intact, which allows attackers to cause a denial of service ("physical address not valid" panic) via a crafted application.
CVE-2018-20167
PUBLISHED: 2018-12-17
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME typ...
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.