Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Perimeter
Page 1 / 2   >   >>
Vulnerable Protocols Leave Firms Open to Further Compromises
News  |  5/12/2021  | 
Companies may no longer have Internet-facing file servers or weakly secured Web servers, but attackers that get by the perimeter have a wide-open landscape of vulnerability.
Why You Should Be Prepared to Pay a Ransom
Commentary  |  5/12/2021  | 
Companies that claim they'll never pay up in a ransomware attack are more likely to get caught flat-footed.
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
News  |  5/11/2021  | 
Trinity Cyber takes a new spin on some traditional network-security techniques, but can its approach catch on widely?
Cartoon Caption Winner: Greetings, Earthlings
Commentary  |  5/11/2021  | 
And the winner of Dark Reading's April cartoon caption contest is ...
Colonial Pipeline Cyberattack: What Security Pros Need to Know
News  |  5/10/2021  | 
As the massive US pipeline operator works to restore operations after a DarkSide ransomware attack late last week, experts say it's a cautionary tale for critical infrastructure providers.
Tulsa Deals With Aftermath of Ransomware Attack
Quick Hits  |  5/10/2021  | 
Weekend attack shuts down several city sites and service.
How North Korean APT Kimsuky Is Evolving Its Tactics
News  |  5/7/2021  | 
Researchers find differences in Kimsuky's operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.
Most Organizations Feel More Vulnerable to Breaches Amid Pandemic
Quick Hits  |  5/7/2021  | 
More than half of business see the need for significant long-term changes to IT due to COVID-19, research finds.
CISA Publishes Analysis on New 'FiveHands' Ransomware
Quick Hits  |  5/6/2021  | 
Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.
Researchers Explore Active Directory Attack Vectors
News  |  5/3/2021  | 
Incident responders who investigate attacks targeting Active Directory discuss methods used to gain entry, elevate privileges, and control target systems.
Dark Reading Celebrates 15th Anniversary
Commentary  |  5/3/2021  | 
Cybersecurity news site begins 16th year with plans to improve site, deliver more content on cyber threats and best practices.
Survey Finds Broad Concern Over Third-Party App Providers Post-SolarWinds
Quick Hits  |  4/30/2021  | 
Most IT and cybersecurity professionals think security is important enough to delay deployment of applications, survey data shows.
7 Modern-Day Cybersecurity Realities
Slideshows  |  4/30/2021  | 
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
How to Secure Employees' Home Wi-Fi Networks
Commentary  |  4/28/2021  | 
Businesses must ensure their remote workers' Wi-Fi networks don't risk exposing business data or secrets due to fixable vulnerabilities.
Ransomware Recovery Costs Near $2M
Quick Hits  |  4/27/2021  | 
The cost of recovering from a ransomware attack has more than doubled in one year, Sophos researchers report.
4 Ways CISOs Can Strengthen Their Security Resilience
Commentary  |  4/27/2021  | 
Security pros must remember bad actors will target their infrastructure, using counter-incident response technology in the process.
Proofpoint to Be Acquired by Thoma Bravo for $12.3B
Quick Hits  |  4/26/2021  | 
The cybersecurity company will go private following the all-cash transaction.
Prometei Botnet Adds New Twist to Exchange Server Attacks
Quick Hits  |  4/22/2021  | 
Attackers are using the well-known Microsoft Exchange Server flaw to add machines to a cryptocurrency botnet, researchers say.
Name That Toon: Greetings, Earthlings
Commentary  |  4/22/2021  | 
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
Justice Dept. Creates Task Force to Stop Ransomware Spread
Quick Hits  |  4/21/2021  | 
One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.
Zero-Day Flaws in SonicWall Email Security Tool Under Attack
News  |  4/21/2021  | 
Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.
How to Attack Yourself Better in 2021
Commentary  |  4/21/2021  | 
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
Attackers Heavily Targeting VPN Vulnerabilities
News  |  4/21/2021  | 
Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.
Pulse Secure VPN Flaws Exploited to Target US Defense Sector
News  |  4/20/2021  | 
China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.
Dept. of Energy Launches Plan to Protect Electric Grid from Cyberattack
Quick Hits  |  4/20/2021  | 
Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems.
Attackers Test Weak Passwords in Purple Fox Malware Attacks
Quick Hits  |  4/19/2021  | 
Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.
Pandemic Drives Greater Need for Endpoint Security
Quick Hits  |  4/16/2021  | 
Endpoint security has changed. Can your security plan keep up?
Security Gaps in IoT Access Control Threaten Devices and Users
News  |  4/16/2021  | 
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
Malicious PowerShell Use, Attacks on Office 365 Accounts Surged in Q4
News  |  4/15/2021  | 
There was also a sharp increase in overall malware volumes in the fourth quarter of 2020, COVID-19 related attack activity, and mobile malware, new data shows.
Thycotic & Centrify Merge to Form Cloud Identity Security Firm
Quick Hits  |  4/14/2021  | 
The combined entity will expand on both companies' privileged access management tools and expects to debut a new brand this year.
CISA Urges Caution for Security Researchers Targeted in Attack Campaign
Quick Hits  |  4/14/2021  | 
The agency urges researchers to take precautions amid an ongoing targeted threat campaign.
Dark Reading to Upgrade Site Design, Performance
Commentary  |  4/13/2021  | 
Improvements will make site content easier to navigate, faster, and more functional.
CISA Launches New Threat Detection Dashboard
Quick Hits  |  4/9/2021  | 
Aviary is a new dashboard that works with CISA's Sparrow threat detection tool.
Fraudsters Use HTML Legos to Evade Detection in Phishing Attack
Quick Hits  |  4/8/2021  | 
Criminals stitch pieces of HTML together and hide them in JavaScript files, researchers report.
Cring Ransomware Used in Attacks on European Industrial Firms
Quick Hits  |  4/7/2021  | 
Attackers exploited a vulnerability in Fortigate VPN servers to gain access to target networks, researchers report.
Cartoon Caption Winner: Something Seems Afoul
Commentary  |  4/7/2021  | 
And the winner of Dark Readings's March cartoon caption contest is ...
Microsoft Teams, Exchange Server, Windows 10 Hacked in Pwn2Own 2021
Quick Hits  |  4/6/2021  | 
The 2021 Pwn2Own is among the largest in its history, with 23 separate entries targeting 10 products.
Kaspersky Uncovers New APAC Cyberespionage Campaign
Quick Hits  |  4/5/2021  | 
A group related to Chinese-speaking threat group Cycldek is targeting government and military organizations in Vietnam.
7 Security Strategies as Employees Return to the Office
Slideshows  |  4/1/2021  | 
More sooner than later, employees will be making their way back to the office. Here's how security pros can plan for the next new normal.
Security on a Shoestring? More Budget Means More Detection
News  |  3/30/2021  | 
Companies that spend the smallest share of their IT budget on security see fewer threats, but that's not good news.
Exec Order Could Force Software Vendors to Disclose Breaches to Federal Gov't Customers
Quick Hits  |  3/25/2021  | 
A decision on the order, which contains several recommendations, is still forthcoming.
California State Controller's Office Suffers Data Breach
Quick Hits  |  3/24/2021  | 
Employee unwittingly gave hacker access to email account for more than a day.
Disgruntled IT Contractor Sentenced in Retaliatory Office 365 Attack
Quick Hits  |  3/23/2021  | 
Former contractor deleted 1,200 user accounts in revenge.
On the Road to Good Cloud Security: Are We There Yet?
Commentary  |  3/22/2021  | 
Misconfigured infrastructure is IT pros' top cloud security concern, but they're conflicted on how to address it in practice.
Russian Man Pleads Guilty in Thwarted Tesla Hack
Quick Hits  |  3/19/2021  | 
Egor Kriuchkov will be sentenced in May on conspiracy charge
CISA Issues Advisory on TrickBot Campaigns
Quick Hits  |  3/17/2021  | 
US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warn security teams to guard against the advanced Trojan malware.
IronNet Cybersecurity to Go Public in Merger
Quick Hits  |  3/16/2021  | 
Company intends for the deal to drive adoption of its Collective Defense Platform.
Software Development Security Firm Argon Announces Launch
Quick Hits  |  3/16/2021  | 
Check Point founder Shlomo Kramer is one of the firm's investors.
Metasploit Creator HD Moore's New Startup Raises $5M
News  |  3/16/2021  | 
Startup Rumble enters major new phase with venture capital investment led by Cisco-backed fund as well as big-name security entrepreneurs.
Lookout Acquires SASE Cloud Provider CipherCloud
Quick Hits  |  3/15/2021  | 
Deal signals a focus on the cloud for mobile security firm.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-20092
PUBLISHED: 2021-05-13
File Upload vulnerability exists in ArticleCMS 1.0 via the image upload feature at /admin by changing the Content-Type to image/jpeg and placing PHP code after the JPEG data, which could let a remote malicious user execute arbitrary PHP code.
CVE-2020-21342
PUBLISHED: 2021-05-13
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php.
CVE-2020-25713
PUBLISHED: 2021-05-13
A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common.
CVE-2020-27823
PUBLISHED: 2021-05-13
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVE-2020-27830
PUBLISHED: 2021-05-13
A vulnerability was found in Linux Kernel where in the spk_ttyio_receive_buf2() function, it would dereference spk_ttyio_synth without checking whether it is NULL or not, and may lead to a NULL-ptr deref crash.