Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Perimeter
Page 1 / 2   >   >>
3 Fundamentals for Better Security and IT Management
Commentary  |  11/21/2019  | 
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.
Google Cloud Update Gives Users Greater Data Control
Quick Hits  |  11/20/2019  | 
External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access.
Former White House CIO Shares Enduring Security Strategies
News  |  11/20/2019  | 
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
Attacker Mistake Botches Cyborg Ransomware Campaign
News  |  11/19/2019  | 
Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.
Magecart Hits Macy's: Retailer Discloses Data Breach
Quick Hits  |  11/19/2019  | 
The retail giant discovered malicious code designed to capture customer data planted on its payment page.
Windows Hello for Business Opens Door to New Attack Vectors
News  |  11/18/2019  | 
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
5 Cybersecurity CISO Priorities for the Future
Commentary  |  11/14/2019  | 
Seven chief information security officers share their pain points and two-year spending plans.
US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
Quick Hits  |  11/14/2019  | 
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.
The Ripple Effect of Data Breaches: How Damage Spreads
News  |  11/13/2019  | 
The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.
Microsoft Patches IE Zero-Day Among 74 Vulnerabilities
News  |  11/12/2019  | 
The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer.
Researchers Find New Approach to Attacking Cloud Infrastructure
News  |  11/11/2019  | 
Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.
Joker's Stash Puts $130M Price Tag on Credit Card Database
Quick Hits  |  11/11/2019  | 
A new analysis advises security teams on what they should know about the underground payment card seller.
TA542 Brings Back Emotet with Late September Spike
News  |  11/7/2019  | 
Overall volumes of banking Trojans and RATs increased during the third quarter, when Emotet was suspiciously absent until mid-September.
PayPal Upsets Microsoft as Phishers' Favorite Brand
Quick Hits  |  11/7/2019  | 
Several factors edged the world's most popular payment service into the top spot.
CrowdStrike Adds New Products & Web Store Apps
Quick Hits  |  11/5/2019  | 
Company introduces Falcon for AWS, Falcon Firewall Management, and third-party applications.
Google Launches OpenTitan Project to Open Source Chip Security
News  |  11/5/2019  | 
OpenTitan is an open source collaboration among Google and technology companies to strengthen root-of-trust chip design.
Proofpoint Acquires ObserveIT to Bolster DLP Capabilities
Quick Hits  |  11/5/2019  | 
The $225 million acquisition will help Proofpoint expand its data loss prevention capabilities with email, CASB, and data at rest.
Microsoft Tools Focus on Insider Risk, Data Protection at Ignite 2019
News  |  11/4/2019  | 
New tools and updates aimed at addressing ongoing challenges with insider threats and sensitive data classification.
Sumo Logic Buys JASK Labs to Tackle SOC Challenges
Quick Hits  |  11/4/2019  | 
Sumo Logic plans to integrate JASK's autonomous security operations center software into a new intelligence tool.
Details of Attack on Electric Utility Emerge
Quick Hits  |  11/1/2019  | 
The March 5 DDoS attack interrupted communications between generating facilities and the electrical grid in three western states.
32,000+ WiFi Routers Potentially Exposed to New Gafgyt Variant
News  |  10/31/2019  | 
Researchers detect an updated Gafgyt variant that targets flaws in small office and home wireless routers from Zyxel, Huawei, and Realtek.
New Office 365 Phishing Scam Leaves A Voicemail
Quick Hits  |  10/31/2019  | 
A fake voice message lures victims to a fake Microsoft 365 login page that prompts them to enter credentials.
As Phishing Kits Evolve, Their Lifespans Shorten
News  |  10/30/2019  | 
Most phishing kits last less than 20 days, a sign defenders are keeping up in the race against cybercrime.
Security Pros Fear Insider Attacks Stem from Cloud Apps
Quick Hits  |  10/30/2019  | 
More than half of security practitioners surveyed say insider attack detection has grown more difficult since migrating to cloud.
Old RAT, New Moves: Adwind Hides in Java Commands to Target Windows
News  |  10/29/2019  | 
The Adwind remote access Trojan conceals malicious activity in Java commands to slip past threat intelligence tools and steal user data.
Google Cloud Adds New Security Management Tools to G Suite
Quick Hits  |  10/29/2019  | 
Desktop devices that log into G Suite will have device management enabled by default, streamlining processes for IT admins.
Pwn2Own Adds Industrial Control Systems to Hacking Contest
News  |  10/28/2019  | 
The Zero Day Initiative will bring its first ICS Pwn2Own competition to the S4x20 conference in January.
5 Things the Hoodie & the Hard Hat Need to Know About Each Other
Commentary  |  10/28/2019  | 
Traditionally, the worlds of IT (the hoodie) and OT (the hard hat) have been separate. That must change.
Microsoft Office Bug Remains Top Malware Delivery Vector
News  |  10/25/2019  | 
CVE-2017-11882 has been attackers' favorite malware delivery mechanism throughout the second and third quarters of 2019.
Second Ransomware Attack Strikes Johannesburg
Quick Hits  |  10/25/2019  | 
Attackers who broke into the city's network demand four Bitcoins in ransom or threaten to share stolen personal and financial data.
40% of Security Pros Job Hunting as Satisfaction Drops
News  |  10/24/2019  | 
Symptoms of job dissatisfaction creep into an industry already plagued with gaps in diversity and work-life balance.
10% of Small Businesses Breached Shut Down in 2019
Quick Hits  |  10/23/2019  | 
As a result of cybercrime, 69% of small organizations were forced offline for a limited time and 37% experienced financial loss.
FIDO-Based Authentication Arrives for Smartwatches
News  |  10/22/2019  | 
The Nok Nok App SDK for Smart Watch is designed to let businesses implement FIDO-based authentication on smartwatches.
How Much Security Is Enough? Practitioners Weigh In
News  |  10/22/2019  | 
Most IT and security pros surveyed say they could afford some, but not all, of the minimum security needed to protect themselves.
Microsoft Aims to Block Firmware Attacks with New Secured-Core PCs
News  |  10/21/2019  | 
Partnerships with Intel, Qualcomm, and AMD will bring a new layer of device security that alters the boot process to detect firmware compromise.
Trend Micro Buys Cloud Conformity to Fight Cloud Competition
Quick Hits  |  10/21/2019  | 
The cloud security posture management startup was acquired for a reported $70 million.
In a Crowded Endpoint Security Market, Consolidation Is Underway
News  |  10/18/2019  | 
Experts examine the drivers pushing today's endpoint security market to consolidate as its many players compete to meet organizations' changing demands and transition to the cloud.
Federal CIOs Zero In on Zero Trust
Commentary  |  10/16/2019  | 
Here's how federal CIOs can begin utilizing the security concept and avoid predictable obstacles.
Symantec Adds Endpoint Security Tool to Revamp Portfolio
Quick Hits  |  10/15/2019  | 
Symantec Endpoint Security aims to deliver protection, detection, threat hunting, and response in a single tool.
Sophos for Sale: Thoma Bravo Offers $3.9B
News  |  10/14/2019  | 
Sophos' board of directors plans to unanimously recommend the offer to the company's shareholders.
Tamper Protection Arrives for Microsoft Defender ATP
Quick Hits  |  10/14/2019  | 
The feature, designed to block unauthorized changes to security features, is now generally available.
Akamai Snaps Up ChameleonX to Tackle Magecart
Quick Hits  |  10/10/2019  | 
The Israel-based ChameleonX aims to protect websites from cyberattacks targeting payment data.
Magecart Attack on Volusion Highlights Supply Chain Dangers
News  |  10/10/2019  | 
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
How the Software-Defined Perimeter Is Redefining Access Control
Commentary  |  10/9/2019  | 
In a world where traditional network boundaries no longer exist, VPNs are showing their age.
Microsoft Issues 9 Critical Security Patches
News  |  10/8/2019  | 
None of the total 59 patches were for previously known vulnerabilities nor are any under active attack, Microsoft reports.
Business Email Compromise Attacks Spike 269%
Quick Hits  |  10/8/2019  | 
A new Mimecast report finds a significant uptick in BEC attacks, malware attachments, and spam landing in target inboxes.
8 Ways Businesses Unknowingly Help Hackers
Slideshows  |  10/4/2019  | 
From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.
Researchers Link Magecart Group 4 to Cobalt Group
News  |  10/3/2019  | 
Their findings demonstrate how Group 4 is likely conducting server-side skimming in addition to client-side activity.
New Silent Starling Attack Group Puts Spin on BEC
News  |  10/2/2019  | 
The West African cybergang has successfully infiltrated more than 500 companies using a tactic dubbed 'vendor email compromise.'
218M Words with Friends Players Compromised in Data Breach
Quick Hits  |  9/30/2019  | 
The same attacker was reportedly behind the Collection #1 and Collection #2 data dumps earlier this year.
Page 1 / 2   >   >>


I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps,  11/19/2019
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2079
PUBLISHED: 2019-11-22
A cross-site request forgery (CSRF) vulnerability in the Activity module 6.x-1.x for Drupal.
CVE-2019-11325
PUBLISHED: 2019-11-21
An issue was discovered in Symfony before 4.2.12 and 4.3.x before 4.3.8. The VarExport component incorrectly escapes strings, allowing some specially crafted ones to escalate to execution of arbitrary PHP code. This is related to symfony/var-exporter.
CVE-2019-18887
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel.
CVE-2019-18888
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. If an application passes unvalidated user input as the file for which MIME type validation should occur, then arbitrary arguments are passed to the underlying file command. T...
CVE-2019-18889
PUBLISHED: 2019-11-21
An issue was discovered in Symfony 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. Serializing certain cache adapter interfaces could result in remote code injection. This is related to symfony/cache.