Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in January 2020
What It's Like to Be a CISO: Check Point Security Leader Weighs In
News  |  1/31/2020  | 
Jony Fischbein shares the concerns and practices that are top-of-mind in his daily work leading security at Check Point Software.
How to Secure Your IoT Ecosystem in the Age of 5G
Commentary  |  1/30/2020  | 
For businesses planning to adopt 5G, the sheer number of IoT devices creates a much larger attack surface.
United Nations Data Breach Started with Microsoft SharePoint Bug
Quick Hits  |  1/30/2020  | 
A remote code execution flaw enabled a breach of UN offices in Geneva and Vienna, as well as the Office of the High Commissioner for Human Rights.
Election Security 2020: How We Should Allocate $425M in Funding
Commentary  |  1/30/2020  | 
Too many states and municipalities still rely on aging systems; it's time they upped their game and treated election technology like they would any other security project.
Inside the Check Point Research Team's Investigation Process
News  |  1/29/2020  | 
The team sheds light on how their organization works and what they're watching in the threat landscape.
Securing Containers with Zero Trust
Commentary  |  1/29/2020  | 
A software identity-based approach should become a standard security measure for protecting workloads in all enterprise networks.
CCPA: Cut From the Same Cloth as PCI DSS
Commentary  |  1/28/2020  | 
Finally, some good news about CCPA: If you've built your security infrastructure to PCI DSS standards, you may be already covered by California's new data protection rules
NSA Offers Guidance on Mitigating Cloud Flaws
Quick Hits  |  1/23/2020  | 
A new document separates cloud vulnerabilities into four classes and offers mitigations to help businesses protect cloud resources.
Severe Vulnerabilities Discovered in GE Medical Devices
News  |  1/23/2020  | 
CISA has released an advisory for six high-severity CVEs for GE Carescape patient monitors, Apex Pro, and Clinical Information Center systems.
For Mismanaged SOCs, The Price Is Not Right
News  |  1/22/2020  | 
New research finds security operations centers suffer high turnover and yield mediocre results for the investment they require.
Startup Privafy Raises $22M with New Approach to Network Security
Quick Hits  |  1/22/2020  | 
The company today disclosed an approach to data security designed to protect against modern threats at a lower cost than complex network tools.
New Ransomware Tactic Shows How Windows EFS Can Aid Attackers
News  |  1/21/2020  | 
Researchers have discovered how ransomware can take advantage of the Windows Encrypting File System, prompting security vendors to release patches.
Nearly 75% of SD-WAN Owners Lack Confidence Post-Digital Transformation
Quick Hits  |  1/21/2020  | 
More businesses think SD-WAN will reduce WAN costs, but only 37% think SD-WANs will help defend against malware and other threats.
7 Tips for Infosec Pros Considering a Lateral Career Move
Slideshows  |  1/21/2020  | 
Looking to switch things up but not sure how to do it? Security experts share their advice for switching career paths in the industry.
Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat
Commentary  |  1/16/2020  | 
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.
NY Fed Reveals Implications of Cyberattack on US Financial System
Quick Hits  |  1/16/2020  | 
A "pre-mortem analysis" sheds light on the potential destruction of a cyberattack against major US banks.
Google Lets iPhone Users Turn Device into Security Key
News  |  1/15/2020  | 
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
Why Firewalls Aren't Going Anywhere
Commentary  |  1/15/2020  | 
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.
How SD-WAN Helps Achieve Data Security and Threat Protection
Commentary  |  1/15/2020  | 
Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility.
Microsoft Patches Windows Vuln Discovered by the NSA
News  |  1/14/2020  | 
The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.
Consumer Reports Calls for IoT Manufacturers to Raise Security Standards
Quick Hits  |  1/14/2020  | 
A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards.
Insight Partners Acquires Armis at $1.1B Valuation
Quick Hits  |  1/7/2020  | 
This deal marks the largest-ever acquisition of a private Israeli cybersecurity company, Armis' co-founders report.
Malicious Google Play Apps Linked to SideWinder APT
News  |  1/6/2020  | 
The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.
Mimecast Acquires Segasec to Boost Phishing Defense
Quick Hits  |  1/6/2020  | 
Segasec's technology will be integrated into Mimecast's email and Web security services to identify malicious domains.
Ransomware Victim Southwire Sues Maze Operators
News  |  1/3/2020  | 
Attackers demanded $6 million from the wire and cable manufacturer when they launched a December ransomware campaign.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.