Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Perimeter
Page 1 / 2   >   >>
Introducing Zero-Trust Access
Commentary  |  3/26/2020  | 
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.
Missing Patches, Misconfiguration Top Technical Breach Causes
News  |  3/25/2020  | 
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
News  |  3/24/2020  | 
Researchers warn Microsoft 365 account holders to pay attention to unknown applications that request permissions.
How to Secure Your Kubernetes Deployments
Commentary  |  3/24/2020  | 
As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.
Microsoft Publishes Advisory for Windows Zero-Day
News  |  3/23/2020  | 
There is no available patch for the vulnerabilities, which Microsoft says exist in all supported versions of Windows.
8 Infosec Page-Turners for Days Spent Indoors
Slideshows  |  3/23/2020  | 
Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry.
DDoS Attack Targets German Food Delivery Service
Quick Hits  |  3/19/2020  | 
Liefrando delivers food from more than 15,000 restaurants in Germany, where people under COVID-19 restrictions depend on the service.
Process Injection Tops Attacker Techniques for 2019
News  |  3/18/2020  | 
Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.
What the Battle of Britain Can Teach Us About Cybersecurity's Human Element
Commentary  |  3/18/2020  | 
During WWII, the British leveraged both technology and human intelligence to help win the war. Security leaders must learn the lessons of history and consider how the human element can make their machine-based systems more effective.
Remote Workforce Jumps 15% in Two Weeks
Quick Hits  |  3/17/2020  | 
Netskope reports the total number of remote employees is the highest it has ever observed.
Needed: A Cybersecurity Good Samaritan Law
Commentary  |  3/17/2020  | 
Legislation should protect the good hackers who are helping to keep us safe, not just go after the bad.
Texas Chose to Fight Ransomware and Not Pay. What About the Rest of Us?
Commentary  |  3/13/2020  | 
Law-abiding folks like us applauded Texas for its bravery but would we have the steel will to stand on the side of justice if it happened to us? Probably not.
Cyberspace Solarium Commission Slams US Cybersecurity Readiness
Quick Hits  |  3/11/2020  | 
The federal commission outlined more than 60 recommendations to remedy major security problems.
COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?
News  |  3/11/2020  | 
A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks.
Why CSP Isn't Enough to Stop Magecart-Like Attacks
Commentary  |  3/11/2020  | 
As Magecart and formjacking attacks become more sophisticated, it's essential to address not only what services may interact with users, but what that interaction looks like and how to control it.
Paradise Ransomware Variant Hides in Office IQY Files
Quick Hits  |  3/10/2020  | 
The uncommon Internet Query file format lets attacks slip past defenses to effectively break into target networks.
How Network Metadata Can Transform Compromise Assessment
Commentary  |  3/10/2020  | 
Listen more closely and your network's metadata will surrender insights the bad guys counted on keeping secret
Cyber Resiliency, Cloud & the Evolving Role of the Firewall
Commentary  |  3/9/2020  | 
Today's defenses must be creative in both isolating threats and segmenting environments to prevent attacks. Here's why.
WatchGuard Buys Panda Security for Endpoint Security Tech
Quick Hits  |  3/9/2020  | 
In the long term, Panda Security's technologies will be integrated into the WatchGuard platform.
7 Cloud Attack Techniques You Should Worry About
Slideshows  |  3/6/2020  | 
Security pros detail the common and concerning ways attackers target enterprise cloud environments.
Siemens Shares Incident Response Playbook for Energy Infrastructure
Quick Hits  |  3/6/2020  | 
The playbook simulates a cyberattack on the energy industry to educate regulators, utilities, and IT and OT security experts.
How Security Leaders at Starbucks and Microsoft Prepare for Breaches
News  |  3/2/2020  | 
Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.
New Trickbot Delivery Method Focuses on Windows 10
Quick Hits  |  2/28/2020  | 
Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10.
6 Truths About Disinformation Campaigns
Slideshows  |  2/28/2020  | 
Disinformation goes far beyond just influencing election outcomes. Here's what security pros need to know.
Educating Educators: Microsoft's Tips for Security Awareness Training
News  |  2/28/2020  | 
Microsoft's director of security education and awareness shares his approach to helping train employees in defensive practices.
Commonsense Security: Leveraging Dialogue & Collaboration for Better Decisions
Commentary  |  2/26/2020  | 
Sometimes, good old-fashioned tools can help an enterprise create a cost-effective risk management strategy.
Emotet Resurfaces to Drive 145% of Threats in Q4 2019
News  |  2/26/2020  | 
Analysis of 92 billion rejected emails reveals a range of simple and complex attack techniques for the last quarter of 2019.
McAfee Acquires Light Point for Browser Isolation Tech
Quick Hits  |  2/25/2020  | 
Company plans to integrate Light Point Security's technology into the McAfee Secure Web Gateway and its Mvision UCE platform.
Security, Networking Collaboration Cuts Breach Cost
News  |  2/24/2020  | 
CISOs report increases in alert fatigue and the number of records breached, as well as the struggle to secure mobile devices in a new Cisco study.
Enterprise Cloud Use Continues to Outpace Security
News  |  2/24/2020  | 
Nearly 60% of IT and security pros say deployment of business services in the cloud has rushed past their ability to secure them.
7 Tips to Improve Your Employees' Mobile Security
Slideshows  |  2/24/2020  | 
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
All About SASE: What It Is, Why It's Here, How to Use It
News  |  2/22/2020  | 
Secure Access Service Edge is a new name for a known and growing architecture designed to strengthen security in cloud environments.
Security Now Merges With Dark Reading
News  |  2/21/2020  | 
Readers of Security Now will join the Dark Reading community, gaining access to a wide range of cybersecurity content.
Microsoft Announces General Availability of Threat Protection, Insider Risk Management
News  |  2/20/2020  | 
Microsoft made several security announcements ahead of RSA Conference, including its decision to bring Microsoft Defender to iOS and Android.
44% of Security Threats Start in the Cloud
Quick Hits  |  2/19/2020  | 
Amazon Web Services is a top source of cyberattacks, responsible for 94% of all Web attacks originating in the public cloud.
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Commentary  |  2/18/2020  | 
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
Palm Beach Elections Office Hit with Ransomware Pre-2016 Election
Quick Hits  |  2/14/2020  | 
Palm Beach County's elections supervisor does not believe the attack is linked to Russian hacking attempts targeting Florida.
DDoS Attacks Nearly Double Between Q4 2018 and Q4 2019
News  |  2/13/2020  | 
Peer-to-peer botnets, TCP reflection attacks, and increased activity on Sundays are three DDoS attack trends from last quarter.
Huawei Charged with RICO Violations in Federal Court
Quick Hits  |  2/13/2020  | 
A new set of indictments adds conspiracy to violate RICO statutes to a list of existing charges against the Chinese telecommunications giant.
Apps Remain Favorite Mobile Attack Vector
Quick Hits  |  2/13/2020  | 
Mobile apps are used in nearly 80% of attacks targeting mobile devices, followed by network and operating system attacks.
FBI: Business Email Compromise Cost Businesses $1.7B in 2019
News  |  2/12/2020  | 
BEC attacks comprised nearly half of cybercrime losses last year, which totaled $3.5 billion overall as Internet-enabled crimes ramped up.
Stop Defending Everything
Commentary  |  2/12/2020  | 
Instead, try prioritizing with the aid of a thorough asset inventory.
Microsoft Patches Exploited Internet Explorer Flaw
News  |  2/11/2020  | 
This month's Patch Tuesday brings fixes for 99 CVEs, including one IE flaw seen exploited in the wild.
Cybercriminals Swap Phishing for Credential Abuse, Vuln Exploits
News  |  2/11/2020  | 
Infection vectors were evenly divided among phishing, vulnerability exploitation, and unauthorized credential use in 2019.
RobbinHood Kills Security Processes Before Dropping Ransomware
News  |  2/7/2020  | 
Attackers deploy a legitimate, digitally signed hardware driver to delete security software from machines before encrypting files.
Forescout Acquired by Private Equity Team
Quick Hits  |  2/6/2020  | 
The deal, valued at $1.9 billion, is expected to close next quarter.
RSAC Sets Finalists for Innovation Sandbox
Slideshows  |  2/6/2020  | 
The 10 finalists will each have three minutes to make their case for being the most innovative, promising young security company of the year.
IoT Malware Campaign Infects Global Manufacturing Sites
News  |  2/5/2020  | 
The infection uses Lemon_Duck PowerShell malware variant to exploit vulnerabilities in embedded devices at manufacturing sites.
Companies Pursue Zero Trust, but Implementers Are Hesitant
News  |  2/4/2020  | 
Almost three-quarters of enterprises plan to have a zero-trust access model by the end of the year, but nearly half of cybersecurity professionals lack the knowledge to implement the right technologies, experts say.
SharePoint Bug Proves Popular Weapon for Nation-State Attacks
News  |  2/4/2020  | 
Thousands of servers could be exposed to SharePoint vulnerability CVE-2019-0604, recently used in cyberattacks against Middle East government targets.
Page 1 / 2   >   >>


How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.