Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in November 2018
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Slideshows  |  11/30/2018  | 
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
Commentary  |  11/30/2018  | 
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
Anti-Botnet Guide Aims to Tackle Automated Threats
News  |  11/29/2018  | 
The international guide is intended to help organizations defend their networks and systems from automated and distributed attacks.
Establishing True Trust in a Zero-Trust World
Commentary  |  11/29/2018  | 
Our goal should not be to merely accept zero trust but gain the visibility required to establish true trust.
Google, White Ops, Industry Players Dismantle 3ve Ad Fraud Operation
News  |  11/28/2018  | 
3ve, an ad fraud operation amassing 1.7M infected machines, was taken down in an operation driven by law enforcement, Google, White Ops, and several security companies.
Who's the Weakest Link in Your Supply Chain?
News  |  11/27/2018  | 
Nearly 60% of organizations have suffered data breaches resulting from a third party, as suppliers pose a growing risk to enterprise security.
Another Microsoft MFA Outage Affects Multiple Services
Quick Hits  |  11/27/2018  | 
Once again, multifactor authentication issues have caused login problems for users across Office 365 and Azure, among other services.
Buckle Up: A Closer Look at Airline Security Breaches
News  |  11/26/2018  | 
Cyberattacks on airports and airlines are often unrelated to passenger safety but that's no reason to dismiss them, experts say.
USPS Web Vuln Exposes Data of 60 Million
Quick Hits  |  11/26/2018  | 
The US Postal Service recently fixed a security bug that allowed any USPS.com account holder to view or change other users' data.
7 Real-Life Dangers That Threaten Cybersecurity
Slideshows  |  11/26/2018  | 
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
To Stockpile or Not to Stockpile Zero-Days?
Commentary  |  11/21/2018  | 
As the debate rages on, there is still no simple answer to the question of whether the government should stockpile or publicly disclose zero-day vulnerabilities.
Microsoft Enables Account Sign-In via Security Key
News  |  11/20/2018  | 
Account holders can use a FIDO2-compatible key or Windows Hello to authenticate sans username or password.
6,500 Dark Web Sites Offline After Hosting Service Attacked
Quick Hits  |  11/20/2018  | 
The actor behind the attack on Daniel's Hosting, and their initial point of entry, remain unknown.
7 Holiday Security Tips for Retailers
Slideshows  |  11/19/2018  | 
It's the most wonderful time of the year and hackers are ready to pounce. Here's how to prevent them from wreaking holiday havoc.
BlackBerry Doubles Down on Security in $1.4B Acquisition of Cylance
News  |  11/16/2018  | 
BlackBerry aims to bring Cylance artificial intelligence and security tools into its software portfolio.
26M Texts Exposed in Poorly Secured Vovox Database
Quick Hits  |  11/16/2018  | 
The server, which lacked password protection, contained tens of millions of SMS messages, two-factor codes, shipping alerts, and other user data.
AI Poised to Drive New Wave of Exploits
News  |  11/16/2018  | 
Criminals are ready to use AI to dramatically speed the process of finding zero-day vulnerabilities in systems.
Cloud, China, Generic Malware Top Security Concerns for 2019
News  |  11/15/2018  | 
FireEye researchers unveil an extensive list of security risks waiting in the new year's wings.
Black Hat: European Security Pros Wrestling With Potential Breaches, Privacy Issues
News  |  11/14/2018  | 
Black Hat Europe attendee survey shows European cybersecurity leaders are uncertain of their ability to protect end user data and are fearful of a near-term breach of critical infrastructure.
Google Traffic Temporarily Rerouted via Russia, China
News  |  11/13/2018  | 
The incident, which Google reports is now resolved, could be the result of either technical mistakes or malicious activity.
Netskope Announces Series F Funding Round
Quick Hits  |  11/13/2018  | 
The $168.7 million round will go toward R&D and global expansion, says cloud access security broker provider.
Sophisticated Campaign Targets Pakistan's Air Force
News  |  11/13/2018  | 
Espionage campaign uses a variety of new evasion techniques.
Finding Gold in the Threat Intelligence Rush
News  |  11/7/2018  | 
Researchers sift through millions of threat intel observations to determine where to best find valuable threat data.
Cisco Reports SIP Inspection Vulnerability
Quick Hits  |  11/2/2018  | 
Advisory addresses active exploitation of vuln in the wild, with no clear solution in sight.
New Bluetooth Vulnerabilities Exposed in Aruba, Cisco, Meraki Access Points
News  |  11/1/2018  | 
'BleedingBit' could give attackers control of the wireless network from a remote vantage point.
Microsoft, Amazon Top BEC's Favorite Brands
News  |  11/1/2018  | 
When attackers want to impersonate a brand via email, the majority turn to Microsoft and Amazon because of their ubiquity in enterprise environments.
Radisson Rewards Program Targeted in Data Breach
Quick Hits  |  11/1/2018  | 
It's the latest in a series of attacks targeting the travel industry, following incidents at British Airways and Cathay Pacific.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd