Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in January 2008
Startup Aims for Meatier Signatures
News  |  1/31/2008  | 
New technology promises more visibility into threats, fewer false positives
11 Truths We Hate to Admit
News  |  1/30/2008  | 
To get better, we need to admit we have a few problems
Real Men Don't Fear the Web
Quick Hits  |  1/30/2008  | 
Study reveals 'macho factor' in online security as many males express overconfidence in their system integrity
Researchers Expose 'Stupid Phisher Tricks'
News  |  1/29/2008  | 
Researchers discover that phishers aren't so good at covering their tracks and protecting their 'booty'
Researchers, Vendors Gear Up for Whaling Attacks
News  |  1/29/2008  | 
Increasingly sophisticated phishing exploits target top executives, wealthy end-users
One-Fourth of iPhones Hacked to Bypass AT&T
Quick Hits  |  1/29/2008  | 
Analyst estimates that 1 million iPhones have been 'unlocked'
Enterprises Rolling on Logs
Quick Hits  |  1/28/2008  | 
Once seen as a necessary evil, security logs are now becoming an everyday data source, survey says
Hackers Attack Scientology
Quick Hits  |  1/25/2008  | 
"Anonymous" group launches denial of service attacks on church sites in retribution for YouTube's withdrawal of Cruise video clip
New VOIP 'Call-Jacking' Hack Unleashed
News  |  1/22/2008  | 
Researchers release proof-of-concept for advanced phishing and stealing VOIP calls
Tech Insight: Incident Response
News  |  1/18/2008  | 
IR tools speed up response time to a security breach and help minimize the damage
Attackers Use New 'Call-Home' Method to Infiltrate Home Networks
News  |  1/17/2008  | 
Honeynet Project researchers witness stealthy new method of botnet communication
IRS Still Hasn't Fixed Security Problems
News  |  1/14/2008  | 
Agency has corrected only 29 of the 98 weaknesses cited in its review last year, GAO says
Teenage Hacker Takes Over Polish Tram System
Quick Hits  |  1/11/2008  | 
Boy operates public trams 'like a giant train set,' causing four derailments
Chinese Hackers Invade Pennsylvania
Quick Hits  |  1/7/2008  | 
State government forced to shut down several primary Websites
Tech Insight: Database Activity Monitoring
News  |  1/4/2008  | 
If you weren't concerned about unauthorized database access before, maybe now you should give a DAM
Urban WiFi Routers at Risk
News  |  1/3/2008  | 
Indiana University researchers say densely populated wireless routers could be the next method for spreading pharming, script injection, and bot infections
Breaches Plague Government Agencies
News  |  1/2/2008  | 
Lost laptops in Tennessee's Davidson County and at the US Air Force add to concerns about government's privacy practices


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.