Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in November 2019
Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud
News  |  11/27/2019  | 
More than 3,100 Jira instances are still vulnerable to a server-side request forgery vulnerability patched in August.
They See You When You're Shopping: Holiday Cybercrime Starts Early
Quick Hits  |  11/25/2019  | 
Researchers notice year-end phishing attacks starting in July and ramping up in September.
3 Fundamentals for Better Security and IT Management
Commentary  |  11/21/2019  | 
Nail these security fundamentals, and your organization will be well-positioned to succeed next year and in the years to come.
Google Cloud Update Gives Users Greater Data Control
Quick Hits  |  11/20/2019  | 
External Key Manager and Key Access Justification are intended to give organizations greater visibility into requests for data access.
Former White House CIO Shares Enduring Security Strategies
News  |  11/20/2019  | 
Theresa Payton explains the strategies organizations should consider as they integrate layers of new technology.
Attacker Mistake Botches Cyborg Ransomware Campaign
News  |  11/19/2019  | 
Cybercriminals attempted to install Cyborg ransomware on target machines by deceiving victims with a fraudulent Windows update.
Magecart Hits Macy's: Retailer Discloses Data Breach
Quick Hits  |  11/19/2019  | 
The retail giant discovered malicious code designed to capture customer data planted on its payment page.
Windows Hello for Business Opens Door to New Attack Vectors
News  |  11/18/2019  | 
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
5 Cybersecurity CISO Priorities for the Future
Commentary  |  11/14/2019  | 
Seven chief information security officers share their pain points and two-year spending plans.
US-CERT Warns of Remotely Exploitable Bugs in Medical Devices
Quick Hits  |  11/14/2019  | 
Vulnerabilities in key surgical equipment could be remotely exploited by a low-skill attacker.
The Ripple Effect of Data Breaches: How Damage Spreads
News  |  11/13/2019  | 
The financial loss from so-called 'ripple events' is thirteen times greater than the cost of single-party security incidents.
Microsoft Patches IE Zero-Day Among 74 Vulnerabilities
News  |  11/12/2019  | 
The November Patch Tuesday update fixed 13 critical flaws, including a zero-day bug in Internet Explorer.
Researchers Find New Approach to Attacking Cloud Infrastructure
News  |  11/11/2019  | 
Cloud APIs' accessibility over the Internet opens a new window for adversaries to gain highly privileged access to cloud assets.
Joker's Stash Puts $130M Price Tag on Credit Card Database
Quick Hits  |  11/11/2019  | 
A new analysis advises security teams on what they should know about the underground payment card seller.
TA542 Brings Back Emotet with Late September Spike
News  |  11/7/2019  | 
Overall volumes of banking Trojans and RATs increased during the third quarter, when Emotet was suspiciously absent until mid-September.
PayPal Upsets Microsoft as Phishers' Favorite Brand
Quick Hits  |  11/7/2019  | 
Several factors edged the world's most popular payment service into the top spot.
CrowdStrike Adds New Products & Web Store Apps
Quick Hits  |  11/5/2019  | 
Company introduces Falcon for AWS, Falcon Firewall Management, and third-party applications.
Google Launches OpenTitan Project to Open Source Chip Security
News  |  11/5/2019  | 
OpenTitan is an open source collaboration among Google and technology companies to strengthen root-of-trust chip design.
Proofpoint Acquires ObserveIT to Bolster DLP Capabilities
Quick Hits  |  11/5/2019  | 
The $225 million acquisition will help Proofpoint expand its data loss prevention capabilities with email, CASB, and data at rest.
Microsoft Tools Focus on Insider Risk, Data Protection at Ignite 2019
News  |  11/4/2019  | 
New tools and updates aimed at addressing ongoing challenges with insider threats and sensitive data classification.
Sumo Logic Buys JASK Labs to Tackle SOC Challenges
Quick Hits  |  11/4/2019  | 
Sumo Logic plans to integrate JASK's autonomous security operations center software into a new intelligence tool.
Details of Attack on Electric Utility Emerge
Quick Hits  |  11/1/2019  | 
The March 5 DDoS attack interrupted communications between generating facilities and the electrical grid in three western states.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd