Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in November 2016
Windows Malware Infections Spiked 106% From Black Friday To Cyber Monday
News  |  11/30/2016  | 
The number of infected PCs jumped some 106% during the holiday season's first shopping weekend and 118% above normal on Cyber Monday.
The Rise Of SecBizOps & Why It Matters
Commentary  |  11/30/2016  | 
By aligning security dollars and technology with core business requirements, infosec can become a business enabler, not a business impediment.
European Commission Hit By DDoS Attack
Quick Hits  |  11/29/2016  | 
The cyberattack lasted for several hours and affected output but no loss of data was reported.
German Telco Probes Possible Hack Of 900,000 Customers
Quick Hits  |  11/29/2016  | 
Network outages bring down services of many Deutsche Telekom customers raising suspicion that external parties may be involved.
Learning To Trust Cloud Security
Commentary  |  11/14/2016  | 
Cloud-centric computing is inevitable, so you need to face your concerns and be realistic about risks.
The Big Lesson We Must Learn From The Dyn DDoS Attack
Commentary  |  11/9/2016  | 
The vulnerabilities that make IoT devices susceptible to being used in a botnet also make them the perfect avenue into our data centers and clouds.
Stay Vigilant To The Evolving Threat Of Social Engineering
Commentary  |  11/8/2016  | 
Even the most cyber-savvy individuals can easily get tripped up by a social engineering attack. But users can trip-up a threat simply by paying attention.
The 7 Types Of Security Jobs, According To NIST
Slideshows  |  11/8/2016  | 
NISTs Cybersecurity Workforce Framework gives the security industry a way to classify specific specialty areas and work roles and identify a path for career growth.
Synopsys Expands Software Security With Cigital, Codiscope Acquisitions
Quick Hits  |  11/8/2016  | 
Deal is expected to close by December 2016 and will be funded with combination of US cash and debt.
China Passes Controversial Cybersecurity Law
Quick Hits  |  11/8/2016  | 
Global business and rights groups raise concern about the censorship that could impact foreign business interests.
New Free Mirai Scanner Tools Spot Infected, Vulnerable IoT Devices
News  |  11/8/2016  | 
Imperva and Rapid7 have built scanners to discover IoT devices vulnerable or infected with Mirai malware.
Changing IoT Passwords Won't Stop Attacks. Here's What Will.
Commentary  |  11/7/2016  | 
The solution will take an industry-wide effort, it won't happen overnight, and the problem is not the users' fault!
Election 2016 & WikiLeaks: Bad, But Not Your Worst Nightmare
Commentary  |  11/4/2016  | 
John Podesta may be the poster child for poor user security practices but the real problem is rigid regulatory compliance frameworks that perpetuate ineffective perimeter defenses.
Managing Multi-Cloud Security Whether You Want to or Not
Commentary  |  11/3/2016  | 
Yes, it is possible to orchestrate security across multiple clouds without creating performance hurdles. Heres how.
Catching Online Scammers, Dealers & Drug Dealers With DNS
News  |  11/2/2016  | 
Researchers at Black Hat Europe this week will demonstrate a streamlined technique for spotting and identifying illicit narcotics, counterfeiters, and other scammer websites and operations.
Business Security Confidence Contradicts High Success Rate Of Attacks
News  |  11/2/2016  | 
Research indicates one in three cyberattacks results in a security breach, but most organizations are confident in their defense tactics.
7 Reasons Consumers Dont Take Action on Cybersecurity
Slideshows  |  11/1/2016  | 
Security awareness is high but its hard to turn personal knowledge into effective practices.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.