Perimeter

News & Commentary
Oracle Buys Zenedge for Cloud Security
Dark Reading Staff, Quick Hits
Oracle announces its acquisition of Zenedge, which focuses on cloud-based network and infrastructure security.
By Dark Reading Staff , 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading
Attacks using SSL to obfuscate malicious traffic finding fertile ground for growth.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/14/2018
Comment1 Comment  |  Read  |  Post a Comment
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The more experienced a SOC analyst gets, the more his or her job satisfaction declines, a new survey of security operations center staffers shows.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Better Security Analytics? Clean Up the Data First!
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
Even the best analytics algorithms using incomplete and unclean data won't yield useful results.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 2/12/2018
Comment0 comments  |  Read  |  Post a Comment
Cisco Issues New Patch for Critical ASA Vulnerability
Dark Reading Staff, Quick Hits
Cisco engineers discover that the flaw in Adaptive Security Appliance devices is worse than they initially understood.
By Dark Reading Staff , 2/7/2018
Comment0 comments  |  Read  |  Post a Comment
2017 Smashed World's Records for Most Data Breaches, Exposed Information
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Five mega-breaches last year accounted for more than 72% of all data records exposed in 2017.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/6/2018
Comment0 comments  |  Read  |  Post a Comment
IoT Botnets by the Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
IoT devices are a botherder's dream attack-vector.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/31/2018
Comment6 comments  |  Read  |  Post a Comment
Industrial Safety Systems in the Bullseye
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
TRITON/TRISIS attack on Schneider Electric plant safety systems could be re-purposed in future attacks, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/25/2018
Comment0 comments  |  Read  |  Post a Comment
9 Steps to More-Effective Organizational Security
Tim Bandos, Senior Director of Cybersecurity at Digital GuardianCommentary
Too often security is seen as a barrier, but it's the only way to help protect the enterprise from threats. Here are tips on how to strengthen your framework.
By Tim Bandos Senior Director of Cybersecurity at Digital Guardian, 1/22/2018
Comment0 comments  |  Read  |  Post a Comment
Understanding Supply Chain Cyber Attacks
Liviu Arsene, Senior E-threat Analyst, BitdefenderCommentary
While the attack surface has increased exponentially because of the cloud and everything-as-a-service providers, there are still ways in which host companies can harden supply chain security.
By Liviu Arsene Senior E-threat Analyst, Bitdefender, 1/19/2018
Comment0 comments  |  Read  |  Post a Comment
Applying Defense-in-Depth to the Digital Battlefield
Chris Park, Chris Park, CIO, iboss
How a layered security strategy can minimize the threat and impact of a data breach.
By Chris Park Chris Park, CIO, iboss, 1/18/2018
Comment0 comments  |  Read  |  Post a Comment
Schneider Electric: TRITON/TRISIS Attack Used 0-Day Flaw in its Safety Controller System, and a RAT
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
ICS/SCADA vendor discloses in-depth analysis of a recent targeted attack against one of its customers.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/18/2018
Comment1 Comment  |  Read  |  Post a Comment
'Tis the Season: Dark Reading Caption Contest Winners
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Bricked devices, penetration tests, and virtual reality were among the themes submitted in our latest holiday caption competition. And the winners are ...
By Marilyn Cohodas Community Editor, Dark Reading, 1/9/2018
Comment0 comments  |  Read  |  Post a Comment
DHS Discovers Privacy Incident Involving Former Employee
Dark Reading Staff, Quick Hits
Former DHS OIG employee makes an unauthorized copy of PII data of DHS employees and parties involved in DHS OIG investigations.
By Dark Reading Staff , 1/4/2018
Comment2 comments  |  Read  |  Post a Comment
Uber's Biggest Mistake: It Wasn't Paying Ransom
Kirsten Bay, President and CEO, Cyber adAPTCommentary
Rather than scrambling to deal with attacks after the fact, companies need to focus on improving detection capabilities with tools that help them work within data laws, not outside of them.
By Kirsten Bay President and CEO, Cyber adAPT, 1/4/2018
Comment0 comments  |  Read  |  Post a Comment
Intel Processor Security Flaw Prompts Kernel Makeovers in Linux, Windows
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
As-yet undisclosed design flaw in Intel processors has OS programmers working on kernel updates that reportedly could slow performance.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 1/3/2018
Comment10 comments  |  Read  |  Post a Comment
21st Century Oncology Faces $2.3M HIPAA Settlement Cost after Breach
Dark Reading Staff, Quick Hits
Company to pay US Department of Health and Human Services over potential HIPAA violations after patient medical data was stolen by cyberthieves.
By Dark Reading Staff , 12/29/2017
Comment1 Comment  |  Read  |  Post a Comment
China Shuts Down 13,000 Websites for Breaking Internet Laws
Dark Reading Staff, Quick Hits
The government says its rules are to protect security and stability, but some say they are repressive.
By Dark Reading Staff , 12/29/2017
Comment3 comments  |  Read  |  Post a Comment
Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation
Dave Klein, Regional Director of Sales Engineering & Architecture, GuardiCoreCommentary
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.
By Dave Klein Regional Director of Sales Engineering & Architecture, GuardiCore, 12/29/2017
Comment0 comments  |  Read  |  Post a Comment
Jailed Hacker Claims Proof He Breached DNC on Russia's Orders
Dark Reading Staff, Quick Hits
A Russian national in jail for hacking the Democratic National Committee says a data signature proves he acted on the Kremlin's orders.
By Dark Reading Staff , 12/28/2017
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.