Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in October 2018
Kraken Resurfaces From the Deep Web
News  |  10/30/2018  | 
Fallout Exploit Kit releases Kraken Cryptor ransomware, giving the simple threat a much larger target pool.
Windows Defender: First Full Antivirus Tool to Run in a Sandbox
News  |  10/29/2018  | 
Sandboxed version now available to Windows Insiders and anyone else who force-enables it in Windows 10 version 1703 and above.
Retail Fraud Spikes Ahead of the Holidays
News  |  10/25/2018  | 
Researchers note massive increases in retail goods for sale on the black market, retail phishing sites, and malicious applications and social media profiles.
Benefits of DNS Service Locality
Commentary  |  10/24/2018  | 
Operating one's own local DNS resolution servers is one of the simplest and lowest-cost things an IT administrator can do to monitor and protect applications, services, and users from potential risks.
Understanding SOCs' 4 Top Deficiencies
Commentary  |  10/22/2018  | 
In most cases, the areas that rankle SANS survey respondents the most about security operations centers can be addressed with the right mix of planning, policies, and procedures.
NC Water Utility Fights Post-Hurricane Ransomware
News  |  10/16/2018  | 
North Carolina's Onslow Water and Sewer Authority was hit with an advanced attack in the wake of Hurricane Florence.
Rapid7 Acquires tCell
Quick Hits  |  10/16/2018  | 
The purchase brings together a cloud security platform with a web application firewall.
6 Security Trends for 2018/2019
News  |  10/15/2018  | 
Speaking at the Gartner Symposium/ITxpo, analyst Peter Firstbrook's list of trends is likely to inform executive committee conversations for the next 12 months.
IBM Builds 'SOC on Wheels' to Drive Cybersecurity Training
News  |  10/15/2018  | 
A tractor trailer housing a Cyber Tactical Operation Center will travel throughout the US and Europe for incident response training, security support, and education.
Threat Hunters & Security Analysts: A Dynamic Duo
Commentary  |  10/12/2018  | 
Fighting spying with spying, threat hunters bring the proactive mindset of network reconnaissance and repair to the enterprise security team.
12 Free, Ready-to-Use Security Tools
Slideshows  |  10/12/2018  | 
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
Window Snyder Shares Her Plans for Intel Security
News  |  10/11/2018  | 
The security leader, known for her role in securing Microsoft, Apple, and Mozilla, discusses her new gig and what she's working on now.
Google Adds New Identity, Security Tools to Cloud Platform
News  |  10/11/2018  | 
A wave of cloud news includes new tools for identity and access management and policies for stronger controls on cloud resources.
One-Third of US Adults Hit with Identity Theft
Quick Hits  |  10/11/2018  | 
That's double the global average and more than three times the rate of French and German adults.
The Better Way: Threat Analysis & IIoT Security
Commentary  |  10/11/2018  | 
Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities.
Meet 5 Women Shaping Microsoft's Security Strategy
Slideshows  |  10/10/2018  | 
Profiles of some of the women currently leading Microsoft security operations - and their efforts to drive inclusivity.
Russian Hacking Groups Intersect in Recent Cyberattacks
News  |  10/10/2018  | 
Two different hacking teams best known as Turla and Fancy Bear employed the same stealthy attack method in an unusual overlap of hacking activity.
Imperva to Be Acquired by Thoma Bravo for $2.1 Billion
Quick Hits  |  10/10/2018  | 
But two law firms are investigating whether the security vendor breached its fiduciary duty to shareholders by not actively seeking buyers offering a higher price.
IIS Attacks Skyrocket, Hit 1.7M in Q2
Quick Hits  |  10/10/2018  | 
Drupal and Oracle WebLogic also were hit with more cyberattacks during same quarter.
Security Researchers Struggle with Bot Management Programs
Commentary  |  10/10/2018  | 
Bots are a known problem, but researchers will tell you that bot defenses create problems of their own when it comes to valuable data.
Constructing the Future of ICS Cybersecurity
News  |  10/9/2018  | 
As industrial control systems are connected to the cloud and the IoT, experts discuss security challenges.
Microsoft Fixes Privilege Escalation 0Day Under Active Attack
News  |  10/9/2018  | 
This month's Patch Tuesday includes 49 patches, two of which are ranked Critical, and two security advisories.
DoD Weapon Systems Contain Security Vulnerabilities
Quick Hits  |  10/9/2018  | 
GAO report outlines challenges for the US Department of Defense to handle security flaws in weapon systems.
Mandia: Tipping Point Now Here for Rules of Cyber Engagement
News  |  10/5/2018  | 
FireEye CEO and nation-state hacking expert Kevin Mandia says Russia began changing the game in 2015.
Most Home Routers Are Full of Vulnerabilities
Quick Hits  |  10/5/2018  | 
More than 80% of surveyed routers had, on average, 172 security vulnerabilities, new research shows.
Successful Scammers Call After Lunch
News  |  10/5/2018  | 
Analysis of 20,000 voice phishing, or vishing, calls reveals patterns in how social engineers operate and how targets respond.
7 Steps to Start Your Risk Assessment
Slideshows  |  10/4/2018  | 
Risk assessment can be complex, but it's vital for making good decisions about IT security. Here are steps to start you down the path toward a meaningful risk assessment process.
Report: In Huge Hack, Chinese Manufacturer Sneaks Backdoors Onto Motherboards
Quick Hits  |  10/4/2018  | 
If true, the attack using Supermicro motherboards could be the most comprehensive cyber breach in history.
Inside the North Korean Hacking Operation Behind SWIFT Bank Attacks
News  |  10/3/2018  | 
FireEye details how this money-stealing operation it now calls APT 38 has emerged in the past four years and how it operates.
When Facebook Gets Hacked, Everyone Gets Hacked
News  |  10/2/2018  | 
Facebook's attackers may have gained access to several third-party apps and websites via Facebook Login.
California Enacts First-in-Nation IoT Security Law
Quick Hits  |  10/1/2018  | 
The new law requires some form of authentication for most connected devices.
Exclusive: Cisco, Duo Execs Share Plans for the Future
News  |  10/1/2018  | 
Cisco's Gee Rittenhouse and Duo's Dug Song offer ideas and goals for the merged companies as Duo folds under the Cisco umbrella.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd