Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in December 2018
Page 1 / 2   >   >>
Start Preparing Now for the Post-Quantum Future
Commentary  |  12/28/2018  | 
Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.
IoT Bug Grants Access to Home Video Surveillance
Quick Hits  |  12/27/2018  | 
Due to a shared Amazon S3 credential, all users of a certain model of the Guardzilla All-In-One Video Security System can view each other's videos.
2018: The Year Machine Intelligence Arrived in Cybersecurity
News  |  12/27/2018  | 
Machine intelligence, in its many forms, began having a significant impact on cybersecurity this year setting the stage for growing intelligence in security automation for 2019.
Attackers Use Google Cloud to Target US, UK Banks
Quick Hits  |  12/26/2018  | 
Employees at financial services firms hit with an email attack campaign abusing a Google Cloud storage service.
Spending Spree: What's on Security Investors' Minds for 2019
News  |  12/26/2018  | 
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
6 Ways to Anger Attackers on Your Network
Slideshows  |  12/26/2018  | 
Because you can't hack back without breaking the law, these tactics will frustrate, deceive, and annoy intruders instead.
7 Business Metrics Security Pros Need to Know
Slideshows  |  12/21/2018  | 
These days, security has to speak the language of business. These KPIs will get you started.
Criminals Move Markets to Remain in the Shadows
News  |  12/21/2018  | 
While malware families and targets continue to evolve, the most important shift might be happening in the background.
Security 101: How Businesses and Schools Bridge the Talent Gap
News  |  12/20/2018  | 
Security experts share the skills companies are looking for, the skills students are learning, and how to best find talent you need.
US Indicts 2 APT10 Members for Years-Long Hacking Campaign
Quick Hits  |  12/20/2018  | 
In an indictment unsealed this morning, the US ties China's state security agency to a widespread campaign of personal and corporate information theft.
Hackers Bypass Gmail, Yahoo 2FA at Scale
Quick Hits  |  12/20/2018  | 
A new Amnesty International report explains how cyberattackers are phishing second-factor authentication codes sent via SMS.
US Names, Sanctions Russian GRU Officials for 2016 Election Hacks
Quick Hits  |  12/19/2018  | 
Treasury Department names and imposes economic sanctions on the alleged major players behind the Russian election-meddling operation, as well as the World Anti-Doping Agency breach.
How to Remotely Brick a Server
News  |  12/19/2018  | 
Researchers demonstrate the process of remotely bricking a server, which carries serious and irreversible consequences for businesses.
NASA Investigating Breach That Exposed PII on Employees, Ex-Workers
News  |  12/19/2018  | 
Incident is latest manifestation of continuing security challenges at agency, where over 3,000 security incidents have been reported in recent years.
Attack Campaign Targets Financial Firms Via Old But Reliable Tricks
News  |  12/19/2018  | 
Among other tried-and-true cyberattack methods, the attackers hosted malware on the Google Cloud Storage service domain storage.googleapis.com to mask their activity.
Privacy Futures: Fed-up Consumers Take Their Data Back
Commentary  |  12/19/2018  | 
In 2019, usable security will become the new buzzword and signal a rejection of the argument that there must be a trade-off between convenience and security and privacy.
Facebook Data Deals Extend to Microsoft, Amazon, Netflix
Quick Hits  |  12/19/2018  | 
An explosive new report sheds light on data-sharing deals that benefited 150 companies as Facebook handed over unknowing users' information.
When Cryptocurrency Falls, What Happens to Cryptominers?
News  |  12/18/2018  | 
The fall of cryptocurrency's value doesn't signify an end to cryptomining, but attackers may be more particular about when they use it.
Trend Micro Finds Major Flaws in HolaVPN
Quick Hits  |  12/18/2018  | 
A popular free VPN is found to have a very high cost for users.
Twitter Hack May Have State-Sponsored Ties
Quick Hits  |  12/18/2018  | 
A data leak was disclosed after attackers targeted a support form, which had "unusual activity."
8 Security Tips to Gift Your Loved Ones For the Holidays
Slideshows  |  12/18/2018  | 
Before the wrapping paper starts flying, here's some welcome cybersecurity advice to share with friends and family.
Cyber Readiness Institute Launches New Program for SMBs
News  |  12/17/2018  | 
Program seeks to raise employees' cyber awareness and give small and midsize business owners the tools to make a difference.
Lax Controls Leave Fortune 500 Overexposed On the Net
News  |  12/17/2018  | 
The largest companies in the world have an average of 500 servers and devices accessible from the Internet - and many leave thousands of systems open to attack.
Shhhhh! The Secret to Secrets Management
Commentary  |  12/17/2018  | 
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
Email Bomb Threats Follow Sextortion Playbook
News  |  12/14/2018  | 
Yesterday's wave of email bomb threats appear to be an evolution of tactics by the same groups that earlier tried "sextortion" and personal threats, Talos researchers say.
Iranian Hackers Target Nuclear Experts, US Officials
Quick Hits  |  12/14/2018  | 
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
Who Are You, Really? A Peek at the Future of Identity
News  |  12/14/2018  | 
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
Retailers: Avoid the Hackable Holidaze
Commentary  |  12/14/2018  | 
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
2019 Attacker Playbook
Slideshows  |  12/14/2018  | 
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
Cybercriminals Change Tactics to Outwit Machine-Learning Defense
Quick Hits  |  12/14/2018  | 
The rise in machine learning for security has forced criminals to rethink how to avoid detection.
Universities Get Schooled by Hackers
News  |  12/13/2018  | 
Colleges and universities are prime targets for criminals due to huge sets of personal information and security that is weaker than in many businesses.
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Commentary  |  12/13/2018  | 
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
Education Gets an 'F' for Cybersecurity
Quick Hits  |  12/13/2018  | 
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
Worst Password Blunders of 2018 Hit Organizations East and West
News  |  12/12/2018  | 
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
Bug Hunting Paves Path to Infosec Careers
News  |  12/12/2018  | 
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
U.S. Defense, Critical Infrastructure Companies Targeted in New Threat Campaign
News  |  12/12/2018  | 
McAfee finds malware associated with 'Operation Sharpshooter' on systems belonging to at least 87 organizations.
Deception: Honey vs. Real Environments
Commentary  |  12/12/2018  | 
A primer on choosing deception technology that will provide maximum efficacy without over-committing money, time and resources.
Mac Malware Cracks WatchGuards Top 10 List
News  |  12/12/2018  | 
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
Arctic Wolf Buys RootSecure
Quick Hits  |  12/12/2018  | 
The purchase adds risk assessment to Arctic Wolf's SOC-as-a-service.
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
Quick Hits  |  12/12/2018  | 
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
Equifax Breach Underscores Need for Accountability, Simpler Architectures
News  |  12/11/2018  | 
A new congressional report says the credit reporting firm's September 2017 breach was 'entirely preventable.'
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
News  |  12/11/2018  | 
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
49% of Cloud Databases Left Unencrypted
News  |  12/11/2018  | 
Businesses also leave information vulnerable in the cloud by failing to implement MFA and configure Kubernetes settings, new research reveals.
The Grinch Bot Before Christmas: A Security Story for the Holidays
Commentary  |  12/11/2018  | 
Once upon a time, buyers purchased products from certified sellers. Today, hoarders use botnets to amass goods at significant markup for a new gray-market economy.
NetSecOPEN Names Founding Members, Board of Directors
Quick Hits  |  12/11/2018  | 
The organization is charged with building open, transparent testing protocols for network security.
How Well Is Your Organization Investing Its Cybersecurity Dollars?
Commentary  |  12/11/2018  | 
The principles, methods, and tools for performing good risk measurement already exist and are being used successfully by organizations today. They take some effort -- and are totally worth it.
CrowdStrike: More Organizations Now Self-Detect Their Own Cyberattacks
News  |  12/11/2018  | 
But it still takes an average of 85 days to spot one, the security firm's incident response investigations found.
'Highly Active' Seedworm Group Hits IT Services, Governments
News  |  12/10/2018  | 
Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.
6 Cloud Security Predictions for 2019
Commentary  |  12/10/2018  | 
How the fast pace of cloud computing adoption in 2018 will dramatically change the security landscape next year.
6 CISO Resolutions for 2019
Slideshows  |  12/10/2018  | 
The ultimate to-do list for ambitious security leaders.
Page 1 / 2   >   >>


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd