Perimeter

News & Commentary
At RSAC, SOC 'Sees' User Behaviors
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/20/2018
Comment0 comments  |  Read  |  Post a Comment
First Public Demo of Data Breach via IoT Hack Comes to RSAC
Sara Peters, Senior Editor at Dark ReadingNews
At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.
By Sara Peters Senior Editor at Dark Reading, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
How to Protect Industrial Control Systems from State-Sponsored Hackers
Matt Cauthorn, VP of Security, ExtraHopCommentary
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
By Matt Cauthorn VP of Security, ExtraHop, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
Trump Administration Cyber Czar Rob Joyce to Return to the NSA
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
First year of Trump White House's cybersecurity policy mostly followed in the footsteps of the Obama administration.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/17/2018
Comment0 comments  |  Read  |  Post a Comment
New Malware Adds RAT to a Persistent Loader
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A newly discovered variant of a long-known malware loader adds the ability to control the victim from afar.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/17/2018
Comment1 Comment  |  Read  |  Post a Comment
INsecurity Conference Seeks Security Pros to Speak on Best Practices
Tim Wilson, Editor in Chief, Dark Reading, News
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
By Tim Wilson, Editor in Chief, Dark Reading , 4/16/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Non-Financial Data Types to Secure
Curtis Franklin Jr., Senior Editor at Dark Reading
Credit card and social security numbers aren't the only sensitive information that requires protection.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Microsegmentation: Strong Security in Small Packages
Avishai Wool, Co-Founder and CTO at AlgoSecCommentary
A deep dive into how organizations can effectively devise and implement microsegmentation in a software-defined networking data center.
By Avishai Wool Co-Founder and CTO at AlgoSec, 4/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Hack Back: An Eye for an Eye Could Make You Blind
Dr. Salvatore Stolfo, Fouder & CTO, Allure SecurityCommentary
Attackers have had almost zero consequences or cost for stealing data from innocent victims. But what if we could hack their wallets, not their systems?
By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 4/11/2018
Comment0 comments  |  Read  |  Post a Comment
20 Ways to Increase the Efficiency of the Incident Response Workflow
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Despite all the good intentions of some great security teams, we are still living in a "cut-and-paste" incident management world.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 4/10/2018
Comment0 comments  |  Read  |  Post a Comment
Attackers Exploit Cisco Switch Issue as Vendor Warns of Yet Another Critical Flaw
Jai Vijayan, Freelance writerNews
Cisco says companies fixing previously known protocol issue should also patch against critical remote-code execution issue.
By Jai Vijayan Freelance writer, 4/9/2018
Comment0 comments  |  Read  |  Post a Comment
Deep Instinct Adds MacOS Support
Dark Reading Staff, Quick Hits
Deep Instinct adds support for MacOS, Citrix, and multi-tenancy in its version 2.2 release.
By Dark Reading Staff , 4/9/2018
Comment0 comments  |  Read  |  Post a Comment
Mirai Variant Botnet Takes Aim at Financials
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
In January, a botnet based on Mirai was used to attack at least three European financial institutions.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Supply Chain Attacks Could Pose Biggest Threat to Healthcare
Kelly Sheridan, Staff Editor, Dark ReadingNews
Healthcare organizations often overlook the supply chain, which researchers say is their most vulnerable facet.
By Kelly Sheridan Staff Editor, Dark Reading, 4/5/2018
Comment0 comments  |  Read  |  Post a Comment
RSA to Acquire Fortscale
Dark Reading Staff, Quick Hits
RSA plans to add Fortscale's embedded behavioral analytics to the RSA NetWitness Platform.
By Dark Reading Staff , 4/5/2018
Comment0 comments  |  Read  |  Post a Comment
Four Gas Pipeline Firms Hit in Attack on Their EDI Service Provider
Jai Vijayan, Freelance writerNews
Attack a warning on vulnerabilities in energy networks, security analysts say.
By Jai Vijayan Freelance writer, 4/5/2018
Comment0 comments  |  Read  |  Post a Comment
How Gamers Could Save the Cybersecurity Skills Gap
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
McAfee shares its firsthand experience on training in-house cybersecurity pros and publishes new data on how other organizations deal with filling security jobs.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/4/2018
Comment1 Comment  |  Read  |  Post a Comment
Iran 'the New China' as a Pervasive Nation-State Hacking Threat
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security investigations by incident responders at FireEye's Mandiant in 2017 found more prolific and sophisticated attacks out of Iran.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/4/2018
Comment0 comments  |  Read  |  Post a Comment
Active Cyber Defense Is an Opportunity, Not a Threat
Markus Jakobsson, Chief Scientist at AgariCommentary
If honest citizens can be tracked online with cookies and beacons that share where we are and what we are doing, then why should security professionals restrict their ability to hack attackers?
By Markus Jakobsson Chief Scientist at Agari, 4/4/2018
Comment0 comments  |  Read  |  Post a Comment
Hudson's Bay Brands Hacked, 5 Million Credit Card Accounts Stolen
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The infamous Carbanak/FIN7 cybercrime syndicate breached Saks and Lord & Taylor and is now selling some of the stolen credit card accounts on the Dark Web.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/2/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Diversity: It's About Inclusion
Kelly Jackson Higgins, Executive Editor at Dark Reading,  4/25/2018
Coviello: Modern Security Threats are 'Less About the Techniques'
Kelly Sheridan, Staff Editor, Dark Reading,  4/24/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.