Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in October 2007
Technology That Reaches Beyond the Grave
Quick Hits  |  10/31/2007  | 
For IT administrators, this might be the scariest thing in the cemetery
Industry Hears First 'Singing Spam'
News  |  10/30/2007  | 
Spammers hide messages in MP3 files to avoid detection
Researcher: Vonage Vulnerable
News  |  10/26/2007  | 
Popular VOIP service could be subject to spoofing, eavesdropping, and denial of service, Sipera warns
What Not to Do After a Security Breach
News  |  10/26/2007  | 
Expert familiar with TD Ameritrade, TJX cases discusses the mistakes enterprises often make following a breach
Sprint Adds Laptop Security to Mobile Broadband
News  |  10/25/2007  | 
Wireless carrier is first to distribute Alcatel-Lucent's Laptop Guardian connection card
Startup Unveils Reputation-Based Spam Fighter
Quick Hits  |  10/25/2007  | 
New software rates messages based on user's propensity to receive spam
Is NAC Dying?
News  |  10/24/2007  | 
Frustrated with complexity and cost, many enterprises are retrenching their NAC strategies
Research Shows Image-Based Threat on the Rise
News  |  10/18/2007  | 
New Purdue University research shows steganography, long considered a minor threat, may be on the rise
New Technology Encrypts Sensitive Parts of a Document
Quick Hits  |  10/18/2007  | 
Different readers may see different parts of the document, depending on their role
Small Business: Hackers' Low-Hanging Fruit
News  |  10/17/2007  | 
With few IT resources and even fewer security skills, mom-and-pop shops increasingly look like juicy targets for the bad guys
TSA Laptops With Hazmat Driver Info Stolen
News  |  10/16/2007  | 
Transportation Security Administration orders contractor to encrypt all hard drives from now on
eBay, PayPal Phishing Exploits Plummet
Quick Hits  |  10/16/2007  | 
Sophos says 21 percent of phishing emails target eBay and PayPal, down from 85 percent last year
IGN Locks Down Endpoints
News  |  10/12/2007  | 
IGN Entertainment uses technology from Bit9 to control what its end users can access - and what they can't
Drug Dealers' New Favorite Medium
Quick Hits  |  10/11/2007  | 
Encrypted VOIP service is becoming a popular mode of communication for bad guys
FTC Comes Down Hard on Spammers
News  |  10/10/2007  | 
In separate cases, agency slaps complaints on defendants for identity trafficking, bogus product claims
Security Spending on the Rise, CompTIA Says
News  |  10/9/2007  | 
Security now accounts for 20 percent of IT technology and training budget, according to new survey
An Extra Layer of Phishing Protection
News  |  10/8/2007  | 
Blue Coat adds real-time analysis of potential phishing sites
Top Five Threats for 2008
Quick Hits  |  10/5/2007  | 
Georgia Tech report highlights threats in Web 2.0, botnets, messaging, mobile, and RFID, as well as countermeasures
Insider Attacks Put IT Security on the Offensive
News  |  10/3/2007  | 
'Counterintelligence' efforts could help companies prevent internal breaches, rather than just detect them
How to Trace a DDOS Attack
News  |  10/3/2007  | 
ISPs, researchers outline steps to sleuth the sources of increasingly dangerous distributed denial-of-service attacks
Are Hackers Piggybacking on Your Wireless Modem?
Quick Hits  |  10/3/2007  | 
UK wireless service provider warns 250,000 customers of modem flaw
Web Hack Exposes Personal Data of 14,000 At Nature Conservancy
News  |  10/2/2007  | 
Attacker accessed data via malware attached to association Website
Identity Thieves Busted in Major Cases
News  |  10/1/2007  | 
Texas prepares to sentence thief who stole over 1,000 identities; FBI makes second arrest in Russian online crime ring


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.