Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Perimeter
Page 1 / 2   >   >>
Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data
News  |  9/17/2020  | 
Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.
Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals
News  |  9/16/2020  | 
Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Commentary  |  9/16/2020  | 
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption
Commentary  |  9/15/2020  | 
Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.
Security Through an Economics Lens: A Guide for CISOs
News  |  9/14/2020  | 
An expert in economics and cybersecurity applies opportunity cost and other concepts of the "dismal science" to infosec roles.
APT Groups Set Sights on Linux Targets: Inside the Trend
News  |  9/11/2020  | 
Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.
Secureworks to Buy Delve Laboratories for Vulnerability Management
Quick Hits  |  9/9/2020  | 
Delve's automated vulnerability platform provides insight on high-risk vulnerabilities across an organization's network, endpoints, and cloud.
VPNs: The Cyber Elephant in the Room
Commentary  |  9/8/2020  | 
While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise.
Don't Forget Cybersecurity on Your Back-to-School List
Commentary  |  9/2/2020  | 
School systems don't seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.
Anti-Phishing Startup Pixm Aims to Hook Browser-Based Threats
News  |  9/1/2020  | 
Pixm visually analyzes phishing websites from a human perspective to detect malicious pages people might otherwise miss.
Slack Patches Critical Desktop Vulnerability
News  |  8/31/2020  | 
The remote code execution flaw could allow a successful attacker to fully control the Slack desktop app on a target machine.
Fastly to Acquire Signal Sciences for $775M
Quick Hits  |  8/27/2020  | 
Signal Sciences' technology will be used to build a new web application and API security tool called [email protected]
Higher Education CISOs Share COVID-19 Response Stories
News  |  8/26/2020  | 
Security leaders from Stanford, Ohio State, and the University of Chicago share challenges and response tactics from the COVID-19 pandemic.
Russian National Arrested for Conspiracy to Hack Nevada Company
Quick Hits  |  8/26/2020  | 
The defendant allegedly planned to pay an employee $1 million to infect the company network with malware.
Attackers Use Unicode & HTML to Bypass Email Security Tools
News  |  8/24/2020  | 
Researchers spot cybercriminals using new techniques to help malicious phishing emails slip past detection tools.
DeathStalker APT Targets SMBs with Cyber Espionage
Quick Hits  |  8/24/2020  | 
The hacker-for-hire group, operating since at least 2012, primarily targets financial firms.
Stolen Data: The Gift That Keeps on Giving
Commentary  |  8/19/2020  | 
Users regularly reuse logins and passwords, and data thieves are leveraging that reality to breach multiple accounts.
New Campaign Combines Extortion, DDoS
Quick Hits  |  8/18/2020  | 
Latest attacks bank on the reputation of two prominent APT groups to increase the threat credibility.
New 'Duri' Campaign Uses HTML Smuggling to Deliver Malware
News  |  8/18/2020  | 
Researchers who detected the attack explain what businesses should know about the HTML smuggling technique.
Cybersecurity Companies Among Smaller Firms Hit with Brand Spoofing
News  |  8/17/2020  | 
Researchers find smaller organizations, including some in the cybersecurity space, increasingly targeted with these impersonation attacks.
DHS CISA Warns of Phishing Emails Rigged with KONNI Malware
Quick Hits  |  8/14/2020  | 
Konni is a remote administration tool cyberattackers use to steal files, capture keystrokes, take screenshots, and execute malicious code.
7 Ways to Keep Your Remote Workforce Safe
Slideshows  |  8/14/2020  | 
These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.
RedCurl APT Group Hacks Global Companies for Corporate Espionage
News  |  8/13/2020  | 
Researchers analyze a presumably Russian-speaking APT group that has been stealing corporate data since 2018.
Emotet Return Brings New Tactics & Evasion Techniques
News  |  8/13/2020  | 
Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools.
SANS Security Training Firm Hit with Data Breach
Quick Hits  |  8/12/2020  | 
A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports.
Microsoft Patches 120 Vulnerabilities, Two Zero-Days
News  |  8/11/2020  | 
The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities.
Where Dark Reading Goes Next
News  |  8/6/2020  | 
Dark Reading Editor-in-Chief gives a complete rundown of all the Dark Reading projects you might not even know about, his insight into the future of the security industry, and how we plan to cover it.
Using IoT Botnets to Manipulate the Energy Market
News  |  8/6/2020  | 
Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall.
Pen Testers Share the Inside Story of Their Arrest and Exoneration
News  |  8/5/2020  | 
Coalfire'sGary De Mercurio and Justin Wynnshare the inside story of their infamous arrest last year while conducting a contractedred-team engagement in an Iowa courthouse -- and what it took to clear their names.
Microsoft Teams Vulnerable to Patch Workaround, Researchers Report
News  |  8/5/2020  | 
Attackers could work around an earlier patch and use Microsoft Teams Updater to download binaries and payloads.
Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020
Quick Hits  |  8/5/2020  | 
The 2019-2020 program year awarded 327 security researchers through 15 bounty programs, with a largest reward of $200,000.
Twitter: Employees Compromised in Phone Spear-Phishing Attack
Quick Hits  |  7/31/2020  | 
The attack earlier this month started with a spear-phishing attack targeting Twitter employees, the company says in a new update.
3 Ways Social Distancing Can Strengthen Your Network
Commentary  |  7/31/2020  | 
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
Using the Attack Cycle to Up Your Security Game
Commentary  |  7/30/2020  | 
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
DDoS Botnets Are Entrenched in Asia & Amplification Attacks Set Records
News  |  7/21/2020  | 
China, Vietnam, and Taiwan are top sources of DDoS botnet activity, but the top data floods use a variety of amplification attacks, a report finds.
Microsoft 365 Updated with New Security, Risk, Compliance Tools
News  |  7/21/2020  | 
Updates built for remote employees include an endpoint data loss prevention platform, insider risk management, and double key encryption.
G Suite Security Updates Bring New Features to Gmail, Meet & Chat
Quick Hits  |  7/21/2020  | 
New security features include support for a new standard in Gmail, phishing protection in Chat, and additional admin controls.
Cybercriminals Targeted Streaming Services to Provide Pandemic Entertainment
News  |  7/17/2020  | 
Prior to 2020, about 1 in 5 credential attacks targeted video services, but that's nothing compared to the first quarter of 2020, according to newly published data.
Major Flaws Open the Edge to Attack
News  |  7/16/2020  | 
Attackers are using critical exploits for flaws in VPN appliances, app-delivery services, and other network-edge hardware and software to punch through corporate perimeters. What can companies do?
Microsoft Patches Wormable RCE Flaw in Windows DNS Servers
News  |  7/14/2020  | 
Patch Tuesday security updates address a critical vulnerability in Windows DNS Servers, which researchers believe is likely to be exploited.
Google Cloud Unveils 'Confidential VMs' to Protect Data in Use
News  |  7/14/2020  | 
Confidential Virtual Machines, now in beta, will let Google Cloud customers keep data encrypted while it's in use.
Zero-Trust Efforts Rise with the Tide of Remote Working
News  |  7/13/2020  | 
With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace.
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Commentary  |  7/10/2020  | 
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
Huge DDoS Attack Launched Against Cloudflare in Late June
Quick Hits  |  7/9/2020  | 
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.
Pen Testing ROI: How to Communicate the Value of Security Testing
Commentary  |  7/9/2020  | 
There are many reasons to pen test, but the financial reasons tend to get ignored.
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
News  |  7/7/2020  | 
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.
Attackers Scan for Vulnerable BIG-IP Devices After Flaw Disclosure
News  |  7/6/2020  | 
The US Cybersecurity and Infrastructure Security Agency encourages organizations to patch a critical flaw in the BIG-IP family of application delivery controllers, as firms find evidence that attackers are scanning for the critical vulnerability.
BIG-IP Vulnerabilities Could be Big Trouble for Customers
Quick Hits  |  7/2/2020  | 
Left unpatched, pair of vulnerabilities could give attackers wide access to a victim's application delivery network.
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Commentary  |  7/2/2020  | 
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
Businesses Invest in Cloud Security Tools Despite Concerns
News  |  7/1/2020  | 
A majority of organizations say the acceleration was driven by a need to support more remote employees.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7734
PUBLISHED: 2020-09-22
All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.
CVE-2020-6564
PUBLISHED: 2020-09-21
Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.
CVE-2020-6565
PUBLISHED: 2020-09-21
Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2020-6566
PUBLISHED: 2020-09-21
Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2020-6567
PUBLISHED: 2020-09-21
Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.