Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Perimeter
Page 1 / 2   >   >>
Cloud Security Startup Lightspin Emerges From Stealth
News  |  11/24/2020  | 
The startup, founded by former white-hat hackers, has secured a $4 million seed round to close security gaps in cloud environments.
New Proposed DNS Security Features Released
News  |  11/19/2020  | 
Verisign's R&D team has developed new ways to authenticate and optimize DNS traffic on the client side of the domain-name resolution process.
Out With the Old Perimeter, in With the New Perimeters
Commentary  |  11/18/2020  | 
A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly.
Breakdown of a Break-in: A Manufacturer's Ransomware Response
News  |  11/16/2020  | 
The analysis of an industrial ransomware attack reveals common tactics and proactive steps that businesses can take to avoid similar incidents.
Global Pandemic Fuels Cyber-Threat Workload for National Cyber Security Centre, Shows Annual Review
News  |  11/16/2020  | 
From securing the Nightingale hospitals to tackling threats to vaccine research and production, a large part of the National Cyber Security Centre's (NCSC) recent work in the UK has been related to the coronavirus pandemic, as Ron Alalouff discovered when reporting on its Annual Review.
A Call for Change in Physical Security
Commentary  |  11/16/2020  | 
We're at an inflection point. The threats we face are dynamic, emerging, and global. Are you ready?
The Sameness of Every Day: How to Change Up Audit Fatigue
Commentary  |  11/13/2020  | 
And with more data compliance laws on the way, audit fatigue could be a real challenge for infosec professionals.
7 Cool Cyberattack and Audit Tools to be Highlighted at Black Hat Europe
Slideshows  |  11/12/2020  | 
Platforms, open source tools, and other toolkits for penetration testers and other security practitioners will be showcased at the early December virtual event.
Security Hiring Plans Remain Constant Despite Pandemic
News  |  11/11/2020  | 
Although we saw workforce gains this year, 56% of businesses surveyed report staff shortages are putting their organization at risk.
3 Tips For Successfully Running Tech Outside the IT Department
Commentary  |  11/11/2020  | 
When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.
Barracuda to Acquire Fyde for Zero-Trust Capabilities
Quick Hits  |  11/11/2020  | 
Plans call for expanding the Barracuda CloudGen SASE platform.
Cloud Usage, Biometrics Surge As Remote Work Grows Permanent
News  |  11/10/2020  | 
A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.
Overlooked Security Risks of the M&A Rebound
Commentary  |  11/10/2020  | 
Successful technology integration, post-merger, is tricky in any market, and never more so than with today's remote work environments and distributed IT infrastructure.
Preventing and Mitigating DDoS Attacks: It's Elementary
Commentary  |  11/9/2020  | 
Following a spate of cyberattacks nationwide, school IT teams need to act now to ensure their security solution makes the grade.
CSA Moves to Redefine Cloud-Based Intelligence
Commentary  |  11/4/2020  | 
The new paradigm seeks to understand, integrate, and automate data workflows, and better yet, doesn't require significant investment or more personnel.
Neustar Agrees to Buy Verisign's Public DNS Service
Quick Hits  |  11/3/2020  | 
The address space for Verisign Public DNS will be incorporated into Neustar's UltraDNS Public service following the acquisition.
Oracle Issues Out-of-Band Update for Remote-Access Vulnerability
Quick Hits  |  11/3/2020  | 
The exploit could give an attacker complete control of vulnerable WebLogic servers.
Reworking the Taxonomy for Richer Risk Assessments
Commentary  |  11/3/2020  | 
By accommodating unique requirements and conditions at different sites, security pros can dig deeper get a clearer sense of organizational risk.
Fraud Prevention Strategies to Prepare for the Future
Commentary  |  11/2/2020  | 
While companies have largely adjusted to the new normal for security management, here are some tips for combatting fraud, post-COVID.
McAfee Launches XDR, Browser Isolation, Cloud App Security Tools
Quick Hits  |  10/29/2020  | 
New additions are built to help organizations better respond to threats and protect applications and data in the cloud.
Physical Security Has a Lot of Catching Up to Do
Commentary  |  10/28/2020  | 
The transformation we need: merging the network operations center with the physical security operations center.
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
News  |  10/27/2020  | 
Following the NSA's list of 25 security flaws often weaponized by Chinese attackers, researchers evaluated how they're used around the world.
The Story of McAfee: How the Security Giant Arrived at a Second IPO
News  |  10/26/2020  | 
Industry watchers explore the story of McAfee, from its founding in 1987, to its spinoff from Intel, to how it's keeping up with competitors.
Dealing With Insider Threats in the Age of COVID
Commentary  |  10/21/2020  | 
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
Farsight Labs Launched as Security Collaboration Platform
Quick Hits  |  10/20/2020  | 
Farsight Security's platform will offer no-cost access to certain tools and services.
Businesses Rethink Endpoint Security for 2021
News  |  10/20/2020  | 
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
A New Risk Vector: The Enterprise of Things
Commentary  |  10/19/2020  | 
Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.
The Ruthless Cyber Chaos of Business Recovery
Commentary  |  10/15/2020  | 
Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.
Cloud Misconfiguration Mishaps Businesses Must Watch
News  |  9/30/2020  | 
Cloud security experts explain which misconfigurations are most common and highlight other areas of the cloud likely to threaten businesses.
Vulnerability in Wireless Router Chipsets Prompts Advisory
Quick Hits  |  9/29/2020  | 
Synopsys issues an advisory for vulnerabilities affecting the chipsets of wireless routers from Qualcomm, Mediatek, and Realtek.
Ivanti Acquires Two Security Companies
Quick Hits  |  9/28/2020  | 
Purchase of MobileIron and Pulse Secure announced simultaneously.
9 Tips to Prepare for the Future of Cloud & Network Security
Slideshows  |  9/28/2020  | 
Cloud and network security analysts outline trends and priorities businesses should keep top of mind as they grow more reliant on cloud.
Since Remote Work Isn't Going Away, Security Should Be the Focus
Commentary  |  9/24/2020  | 
These three steps will help organizations reduce long-term work-from-home security risks.
Microsoft's Azure Defender for IoT Uses CyberX Tech
Quick Hits  |  9/23/2020  | 
Azure Defender for IoT is built to help IT and OT teams discover IoT and OT assets, identify critical flaws, and detect malicious behavior.
7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs
Commentary  |  9/23/2020  | 
It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.
Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data
News  |  9/17/2020  | 
Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.
Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals
News  |  9/16/2020  | 
Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Commentary  |  9/16/2020  | 
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption
Commentary  |  9/15/2020  | 
Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.
Security Through an Economics Lens: A Guide for CISOs
News  |  9/14/2020  | 
An expert in economics and cybersecurity applies opportunity cost and other concepts of the "dismal science" to infosec roles.
APT Groups Set Sights on Linux Targets: Inside the Trend
News  |  9/11/2020  | 
Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.
Secureworks to Buy Delve Laboratories for Vulnerability Management
Quick Hits  |  9/9/2020  | 
Delve's automated vulnerability platform provides insight on high-risk vulnerabilities across an organization's network, endpoints, and cloud.
VPNs: The Cyber Elephant in the Room
Commentary  |  9/8/2020  | 
While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise.
Don't Forget Cybersecurity on Your Back-to-School List
Commentary  |  9/2/2020  | 
School systems don't seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.
Anti-Phishing Startup Pixm Aims to Hook Browser-Based Threats
News  |  9/1/2020  | 
Pixm visually analyzes phishing websites from a human perspective to detect malicious pages people might otherwise miss.
Slack Patches Critical Desktop Vulnerability
News  |  8/31/2020  | 
The remote code execution flaw could allow a successful attacker to fully control the Slack desktop app on a target machine.
Fastly to Acquire Signal Sciences for $775M
Quick Hits  |  8/27/2020  | 
Signal Sciences' technology will be used to build a new web application and API security tool called [email protected]
Higher Education CISOs Share COVID-19 Response Stories
News  |  8/26/2020  | 
Security leaders from Stanford, Ohio State, and the University of Chicago share challenges and response tactics from the COVID-19 pandemic.
Russian National Arrested for Conspiracy to Hack Nevada Company
Quick Hits  |  8/26/2020  | 
The defendant allegedly planned to pay an employee $1 million to infect the company network with malware.
Attackers Use Unicode & HTML to Bypass Email Security Tools
News  |  8/24/2020  | 
Researchers spot cybercriminals using new techniques to help malicious phishing emails slip past detection tools.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
How to Identify Cobalt Strike on Your Network
Zohar Buber, Security Analyst,  11/18/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25159
PUBLISHED: 2020-11-24
499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.
CVE-2020-25654
PUBLISHED: 2020-11-24
An ACL bypass flaw was found in pacemaker before 1.1.24-rc1 and 2.0.5-rc2. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went throu...
CVE-2020-28329
PUBLISHED: 2020-11-24
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.
CVE-2020-29053
PUBLISHED: 2020-11-24
HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.
CVE-2020-25640
PUBLISHED: 2020-11-24
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.