Perimeter

News & Commentary
Understanding Firewalls: Build Them Up, Tear Them Down
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/8/2018
Comment0 comments  |  Read  |  Post a Comment
Google Details Tech Built into Shielded VMs
Kelly Sheridan, Staff Editor, Dark ReadingNews
Specialized virtual machines, recently released in beta mode, ensure cloud workloads haven't been compromised.
By Kelly Sheridan Staff Editor, Dark Reading, 8/6/2018
Comment0 comments  |  Read  |  Post a Comment
Mastering MITRE's ATT&CK Matrix
Curtis Franklin Jr., Senior Editor at Dark Reading
This breakdown of Mitre's model for cyberattacks and defense can help organizations understand the stages of attack events and, ultimately, build better security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/6/2018
Comment3 comments  |  Read  |  Post a Comment
FBI Offers New IoT Security Tips
Dark Reading Staff, Quick Hits
A new article from the FBI offers insight into IoT risks and ways to reduce them.
By Dark Reading Staff , 8/3/2018
Comment0 comments  |  Read  |  Post a Comment
Cryptojacker Campaign Hits MikroTik Routers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
More than 200,000 routers hit with a sophisticated cryptomining attack that appears to be spreading.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
Multifactor Acquisition: Cisco Plans to Buy Duo for $2.35B
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cisco intends to use Duo's authentication technology to ramp up security across hybrid and multicloud environments.
By Kelly Sheridan Staff Editor, Dark Reading, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
Power Grid Security: How Safe Are We?
Cameron Camp, ESET Security ResearcherCommentary
Experiencing a power outage? It could have been caused by a hacker or just a squirrel chewing through some equipment. And that's a problem.
By Cameron Camp ESET Security Researcher, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways DevOps Can Supercharge Security
Ericka Chickowski, Contributing Writer, Dark Reading
Security teams have a huge opportunity to make major inroads by embracing the DevOps movement.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
UnityPoint Health Reveals 1.4 Million Patient Breach
Dark Reading Staff, Quick Hits
The hospital company's second breach this year is far larger than the first.
By Dark Reading Staff , 8/1/2018
Comment0 comments  |  Read  |  Post a Comment
Imperva Plans to Purchase Prevoty
Dark Reading Staff, Quick Hits
Deal will bring DevOps security to the enterprise security vendor.
By Dark Reading Staff , 7/27/2018
Comment1 Comment  |  Read  |  Post a Comment
'Identity Has Become the Perimeter': Oracle Security SVP
Kelly Sheridan, Staff Editor, Dark ReadingNews
Eric Olden, Oracle's new leader in security and identity, shares how the enterprise tech giant plans to operate in a cloud-first world.
By Kelly Sheridan Staff Editor, Dark Reading, 7/27/2018
Comment1 Comment  |  Read  |  Post a Comment
5 Ways Small Security Teams Can Defend Like Fortune 500 Companies
Mike Armistead, Co-Founder & CEO of Respond SoftwareCommentary
Keep your company protected with a mix of old- and new-school technologies.
By Mike Armistead Co-Founder & CEO of Respond Software, 7/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Stealth Mango Proves Malware Success Doesn't Require Advanced Tech
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
At Black Hat USA, a pair of researchers will show how unsophisticated software can still be part of a successful surveillance campaign.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/26/2018
Comment6 comments  |  Read  |  Post a Comment
Tenable Prices IPO, Raises $250 Million
Kelly Sheridan, Staff Editor, Dark ReadingNews
The past year has been one of significant growth for the cybersecurity firm, which is trading under the NASDAQ symbol TENB.
By Kelly Sheridan Staff Editor, Dark Reading, 7/26/2018
Comment1 Comment  |  Read  |  Post a Comment
US-CERT Warns of ERP Application Hacking
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
ERP applications such as Oracle and SAP's are open to exploit and under attack, according to a new report referenced in a US-CERT warning.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/25/2018
Comment0 comments  |  Read  |  Post a Comment
New Report Shows Pen Testers Usually Win
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Pen testers are successful most of the time, and it's not all about stolen credentials, according to a new report based on hundreds of tests.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/24/2018
Comment1 Comment  |  Read  |  Post a Comment
Beyond Passwords: Why Your Company Should Rethink Authentication
Rajiv Dholakia, VP Products, Nok Nok LabsCommentary
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
By Rajiv Dholakia VP Products, Nok Nok Labs, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
10 Ways to Protect Protocols That Aren't DNS
Curtis Franklin Jr., Senior Editor at Dark Reading
Here's how to safeguard three other network foundation protocols so they don't become weapons or critical vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Bomgar Acquires Avecto
Dark Reading Staff, Quick Hits
Purchase adds layers to privileged access management system.
By Dark Reading Staff , 7/10/2018
Comment0 comments  |  Read  |  Post a Comment
Creating a Defensible Security Architecture
Justin Henderson, SANS Instructor and CEO of H & A Security SolutionsCommentary
Take the time to learn about your assets. You'll be able to layer in multiple prevention and detection solutions and have a highly effective security architecture.
By Justin Henderson SANS Instructor and CEO of H & A Security Solutions, 7/9/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark Reading,  8/8/2018
PGA of America Struck By Ransomware
Dark Reading Staff 8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Now about that mortgage refinance offer from Wells Fargo .....
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3937
PUBLISHED: 2018-08-14
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2018-3938
PUBLISHED: 2018-08-14
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST r...
CVE-2018-12537
PUBLISHED: 2018-08-14
In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response headers and HttpClient request headers do not filter carriage return and line feed characters from the header value. This allow unfiltered values to inject a new header in the client request or server response.
CVE-2018-12539
PUBLISHED: 2018-08-14
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on Windows,...
CVE-2018-3615
PUBLISHED: 2018-08-14
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.