Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Perimeter
Page 1 / 2   >   >>
BG-IP Vulnerabilities Could be Big Trouble for Customers
Quick Hits  |  7/2/2020  | 
Left unpatched, pair of vulnerabilities could give attackers wide access to a victim's application delivery network.
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Commentary  |  7/2/2020  | 
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
Businesses Invest in Cloud Security Tools Despite Concerns
News  |  7/1/2020  | 
A majority of organizations say the acceleration was driven by a need to support more remote employees.
4 Steps to a More Mature Identity Program
Commentary  |  7/1/2020  | 
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn
News  |  6/30/2020  | 
After Palo Alto Networks alerted users to a simple-to-exploit vulnerability in its network security gear, security agencies quickly warn that attackers won't wait to jump on it.
CISA Issues Advisory on Home Routers
Quick Hits  |  6/30/2020  | 
The increase in work-from-home employees raises the importance of home router security.
7 Tips for Effective Deception
Slideshows  |  6/25/2020  | 
The right decoys can frustrate attackers and help detect threats more quickly.
Apple Buys Fleetsmith
Quick Hits  |  6/24/2020  | 
The fleet management company becomes part of Apple in a deal announced today.
Back to Basics with Cloud Permissions Management
Commentary  |  6/23/2020  | 
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
News  |  6/22/2020  | 
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
Firmware Flaw Allows Attackers to Evade Security on Some Home Routers
News  |  6/22/2020  | 
Networking devices sold under at least one major brand have a firmware vulnerability that allows hackers to take control of the device, a cybersecurity firm claims.
Healthcare CISOs Share COVID-19 Response Stories
News  |  6/18/2020  | 
Cybersecurity leaders discussed the threats and challenges that arose during the pandemic, and how they responded, during a virtual roundtable.
What's Anonymous Up to Now?
News  |  6/17/2020  | 
The hacker group recently took credit for two high-profile incidents -- but its actions aren't quite the same as they once were, some say.
3 Things Wilderness Survival Can Teach Us About Email Security
Commentary  |  6/17/2020  | 
It's a short hop from shows like 'Naked and Afraid' and 'Alone' to your email server and how you secure it
'Ripple20' Bugs Plague Enterprise, Industrial & Medical IoT Devices
News  |  6/16/2020  | 
Researchers discover 19 vulnerabilities in a TCP/IP software library manufacturers have used in connected devices for 20 years.
Hosting Provider Hit With Largest-Ever DDoS Attack
News  |  6/16/2020  | 
Likely looking to make a statement, attackers targeted specific websites hosted by a single provider with a 1.44 terabit-per-second distributed denial-of-service attack, according to Akamai.
83% of Forbes 2000 Companies' Web Domains Are Poorly Protected
News  |  6/16/2020  | 
Only a handful have controls against domain-name hijacking, DNS modifications, and other threats, a new CSC study finds.
Cisco Brings SecureX into Full Security Lineup to Cut Complexity
News  |  6/16/2020  | 
This step is intended to address growing enterprise concerns around security and complexity, both top of mind among CISOs and CIOs.
Knoxville Pulls IT Systems Offline Following Ransomware Attack
Quick Hits  |  6/12/2020  | 
Knoxville's government took its network offline and turned off infected servers and workstations after a ransomware attack this week.
7 Must-Haves for a Rockin' Red Team
Slideshows  |  6/12/2020  | 
Follow these tips for running red-team exercises that will deliver added insight into your operations.
The Future Will Be Both Agile and Hardened
Commentary  |  6/12/2020  | 
What COVID-19 has taught us about the digital revolution.
'Highly Active' APT Group Targeting Microsoft Office, Outlook
Quick Hits  |  6/11/2020  | 
The Gamaredon group has ramped up activity in recent months and makes no effort to stay under the radar, researchers report.
Attack Surface Area Larger Than Most Businesses Believe
News  |  6/11/2020  | 
Workers are not the only outside-the-perimeter security risk. Companies have a variety of vulnerable Internet-facing resources exposing their business to risk, study finds.
Honda Pauses Production Due to Cyberattack
Quick Hits  |  6/9/2020  | 
The attack reportedly infected internal servers and forced Honda to halt production at plants around the world on Monday.
Chinese and Iranian APT Groups Targeted US Presidential Campaigns
News  |  6/8/2020  | 
Google analysts report advanced persistent threat groups linked to China and Iran launched phishing attacks against the Biden and Trump campaigns.
New 'Tycoon' Ransomware Strain Targets Windows, Linux
News  |  6/4/2020  | 
Researchers say Tycoon ransomware, which has targeted software and educational institutions, has a few traits they haven't seen before.
Chasing RobbinHood: Up Close with an Evolving Threat
News  |  6/3/2020  | 
A security researcher details how RobbinHood has changed and why it remains a threat for businesses to watch.
10 Tips for Maintaining Information Security During Layoffs
Slideshows  |  6/2/2020  | 
Insider cyberthreats are always an issue during layoffs -- but with record numbers of home-office workers heading for the unemployment line, it has never been harder to maintain cybersecurity during offboarding.
Digital Distancing with Microsegmentation
Commentary  |  5/29/2020  | 
Physical distancing has blunted a virus's impact; the same idea can be applied to computers and networks to minimize breaches, attacks, and infections.
Zscaler Buys Edge Networks
Quick Hits  |  5/29/2020  | 
The acquisition is Zscaler's second major buy this quarter.
NSA Warns Russia's 'Sandworm' Group Is Targeting Email Servers
Quick Hits  |  5/28/2020  | 
The Russian military group has been exploiting a flaw in the Exim mail transfer agent since last August, the NSA reports.
Microsoft Shares PonyFinal Threat Data, Warns of Delivery Tactics
News  |  5/27/2020  | 
PonyFinal is deployed in human-operated ransomware attacks, in which adversaries tailor their techniques based on knowledge of a target system.
World Leaders Urge Action Against Healthcare Cyberattacks
Quick Hits  |  5/26/2020  | 
The global call to end cybercrime targeting healthcare facilities has been signed by government leaders and Nobel laureates.
60% of Insider Threats Involve Employees Planning to Leave
News  |  5/20/2020  | 
Researchers shows most "flight-risk" employees planning to leave an organization tend to start stealing data two to eight weeks before they go.
Offers to Sell Enterprise Network Access Surge on Dark Web
Quick Hits  |  5/20/2020  | 
In contrast, Q1 2019 saw more interest in selling and buying access to individual servers.
Microsoft Warns of Vulnerability Affecting Windows DNS Server
Quick Hits  |  5/20/2020  | 
A new security advisory addresses a vulnerability that could be exploited to cause a denial-of-service attack.
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Commentary  |  5/20/2020  | 
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.
The 3 Top Cybersecurity Myths & What You Should Know
Commentary  |  5/18/2020  | 
With millions of employees now attempting to work from home, it's vital to challenge misconceptions about cybersecurity.
Ensuring Business Continuity in Times of Crisis
Commentary  |  5/14/2020  | 
Three basic but comprehensive steps can help you and your organization get through adversity
New Cyber-Espionage Framework Dubbed Ramsay
News  |  5/13/2020  | 
The framework is designed to collect and exfiltrate sensitive documents from air-gapped networks.
CyberArk Acquires Idaptive for Identity-as-a-Service Tech
Quick Hits  |  5/13/2020  | 
The $70 million deal is intended to help CyberArk strengthen its portfolio with secure and SaaS-based identity management.
More Tips for Staying Safe While Working from Home
Commentary  |  5/13/2020  | 
While some users are up to speed with the WFH protocol, it's worth adding a few more items to your security checklist.
Microsoft Fixes 111 Vulnerabilities for Patch Tuesday
News  |  5/12/2020  | 
This marks the third month in a row that Microsoft patched more than 100 bugs, of which 16 are classified as critical.
A-List Celebrity Law Firm Confirms Cyberattack
Quick Hits  |  5/12/2020  | 
Attackers claim to steal 756GB of data from Grubman Shire Meiselas & Sacks, which includes Madonna and Lady Gaga among its clients.
Coronavirus, Data Privacy & the New Online Social Contract
Commentary  |  5/12/2020  | 
How governments can protect personal privacy in contact tracing while saving peoples' lives
As Remote Work Becomes the Norm, Security Fight Moves to Cloud, Endpoints
News  |  5/8/2020  | 
A majority of firms expect to keep more employees working remotely post-pandemic, forcing businesses to undertake more comprehensive digital and cloud transformations.
Microsoft Identity VP Shares How and Why to Ditch Passwords
News  |  5/7/2020  | 
Passwords are on their way out, says Joy Chik, who offers guidance for businesses hoping to shift away from them.
Maze Ransomware Operators Step Up Their Game
News  |  5/6/2020  | 
Investigations show Maze ransomware operators leave "nothing to chance" when putting pressure on victims to pay.
Microsoft Reportedly in Talks to Acquire CyberX
Quick Hits  |  5/6/2020  | 
CyberX was founded in 2013 and has raised $48 million to build its cybersecurity platform for IoT and industrial control systems.
Microsoft Challenges Security Researchers to Hack Azure Sphere
News  |  5/5/2020  | 
Participants can earn up to $100,000 for finding severe flaws in Microsoft's Linux-based Azure Sphere IoT operating system.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.