Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in December 2017
21st Century Oncology Faces $2.3M HIPAA Settlement Cost after Breach
Quick Hits  |  12/29/2017  | 
Company to pay US Department of Health and Human Services over potential HIPAA violations after patient medical data was stolen by cyberthieves.
China Shuts Down 13,000 Websites for Breaking Internet Laws
Quick Hits  |  12/29/2017  | 
The government says its rules are to protect security and stability, but some say they are repressive.
Avoiding Micro-Segmentation Pitfalls: A Phased Approach to Implementation
Commentary  |  12/29/2017  | 
Micro-segmentation is very achievable. While it can feel daunting, you can succeed by proactively being aware of and avoiding these roadblocks.
Jailed Hacker Claims Proof He Breached DNC on Russia's Orders
Quick Hits  |  12/28/2017  | 
A Russian national in jail for hacking the Democratic National Committee says a data signature proves he acted on the Kremlin's orders.
Nissan Canada Finance Alerts 1.13 Million Customers of Data Breach
Quick Hits  |  12/27/2017  | 
Attackers gain access to personal information of Nissan Canada Finance and Infiniti Financial Services Canada customers.
Hacker Targeted Huawei Router 0-Day in Attempt to Create New Mirai Botnet
Quick Hits  |  12/27/2017  | 
Thousands of attempts have been made to exploit a zero-day vulnerability in the Huawei home router HG532.
The Financial Impact of Cyber Threats
Commentary  |  12/27/2017  | 
Determining the financial impact of specific IT vulnerabilities is a good way to prioritize remediation and prevent attacks.
2017 Security Predictions through the Rear Window
Commentary  |  12/26/2017  | 
If you're going to forecast the future, go big.
Exposed File From Ancestry's RootsWeb.com Contains Data on 300,000 Users
Quick Hits  |  12/26/2017  | 
A file containing hundreds of thousands of RootsWeb users' email, login information, and passwords was found externally exposed, genealogy site says.
Network Printer & Scanner Spoofing Campaign Targets Millions
Quick Hits  |  12/22/2017  | 
Cybercriminals distribute malicious email attachments purportedly coming from three common brands of network printer-scanner devices.
Fileless Malware Attacks Hit Milestone in 2017
News  |  12/21/2017  | 
Non-malware attacks account for the majority of all attacks this year, and ransomware grows to a $5 billion industry, new data shows.
Why Network Visibility Is Critical to Removing Security Blind Spots
Commentary  |  12/21/2017  | 
You can't secure what you can't see. Here are four ways to shine a light on the dark spaces of your corporate infrastructure.
Small,Targeted Ransomware Attacks Emerge
News  |  12/21/2017  | 
Cybercriminals narrow their focus on specific industries, geographies, or size for a better return on investment, security experts say.
Security Worries? Let Policies Automate the Right Thing
Commentary  |  12/20/2017  | 
By programming 'good' cybersecurity practices, organizations can override bad behavior, reduce risk, and improve the bottom line.
Trump Adviser: North Korea Waged WannaCry Attack
News  |  12/19/2017  | 
White House declares the North Korean government as perpetrators of the epic ransomware attack that spread around the globe in early May.
Top 8 Cybersecurity Skills IT Pros Need in 2018
Slideshows  |  12/18/2017  | 
Cloud security architecture skills to customer-service savvy are among the key IT security skills needed next year as CIOs ramp up hiring.
Malware Decompiler Tool Goes Open Source
News  |  12/13/2017  | 
Avast's RetDec machine-code decompiler now available for free on Github.
Nearly 2/3 of Industrial Companies Lack Security Monitoring
Quick Hits  |  12/6/2017  | 
New Honeywell survey shows more than half of industrial sector organizations have suffered cyberattacks.
FBI, Europol, Microsoft, ESET Team Up, Dismantle One of World's Largest Malware Operations
News  |  12/4/2017  | 
Avalanche, aka Gamarue, aka Wauchos, malware enterprise spanned hundreds of botnets and 88 different malware families.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.