Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in February 2019
Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service
News  |  2/28/2019  | 
New services, which are both available in preview, arrive at a time when two major trends are converging on security.
6 Tips for Getting the Most from Your VPN
Slideshows  |  2/22/2019  | 
VPNs are critical for information security. But simply having these cozy security tunnels in the toolkit isn't enough to keep an organization's data safe.
To Mitigate Advanced Threats, Put People Ahead of Tech
Commentary  |  2/22/2019  | 
Preventative technologies are only part of the picture and often come at the expense of the humans behind them.
Human Negligence to Blame for the Majority of Insider Threats
News  |  2/21/2019  | 
In 98% of the assessments conducted for its research, Dtex found employees exposed proprietary company information on the Web a 20% jump from 2018.
Cyber Extortionists Can Earn $360,000 a Year
News  |  2/21/2019  | 
Extortion scams capitalize on compromised credentials, sensitive data, and technical vulnerabilities on Internet-facing applications to pressure victims to pay up.
As Businesses Move Critical Data to Cloud, Security Risks Abound
News  |  2/20/2019  | 
Companies think their data is safer in the public cloud than in on-prem data centers, but the transition is driving security issues.
Mastercard, GCA Create Small Business Cybersecurity Toolkit
News  |  2/20/2019  | 
A new toolkit developed by the Global Cybersecurity Alliance aims to give small businesses a cookbook for better cybersecurity.
Microsoft Expands AccountGuard to Help Europe Prep for Cyberattacks
Quick Hits  |  2/20/2019  | 
A recent wave of cybercrime has targeted organizations with employees in Belgium, France, Germany, Poland, Romania, and Serbia.
'Formjacking' Compromises 4,800 Sites Per Month. Could Yours Be One?
News  |  2/20/2019  | 
Cybercriminals see formjacking as a simple opportunity to take advantage of online retailers and all they need is a small piece of JavaScript.
Valentine's Emails Laced with Gandcrab Ransomware
News  |  2/14/2019  | 
In the weeks leading up to Valentine's Day 2019, researchers notice a new form of Gandcrab appearing in romance-themed emails.
Security Spills: 9 Problems Causing the Most Stress
Slideshows  |  2/14/2019  | 
Security practitioners reveal what's causing them the most frustration in their roles.
'Picnic' Passes Test for Protecting IoT From Quantum Hacks
Quick Hits  |  2/12/2019  | 
Researchers from DigiCert, Utimaco, and Microsoft Research gives thumbs-up to a new algorithm for implementing quantum hacking-proof digital certificates.
6 Reasons to Be Wary of Encryption in Your Enterprise
Slideshows  |  2/8/2019  | 
Encryption can be critical to data security, but it's not a universal panacea.
Malware Campaign Hides Ransomware in Super Mario Wrapper
Quick Hits  |  2/8/2019  | 
A newly discovered malware campaign uses steganography to hide GandCrab in a seemingly innocent Mario image.
Carbonite Announces Webroot Purchase
Quick Hits  |  2/7/2019  | 
The purchase will add WebRoot's cloud-based security to the cloud-based data backup and recovery platform of Carbonite.
Security Bugs in Video Chat Tools Enable Remote Attackers
News  |  2/7/2019  | 
Lifesize is issuing a hotfix to address vulnerabilities in its enterprise collaboration devices, which could give hackers a gateway into target organizations.
When 911 Goes Down: Why Voice Network Security Must Be a Priority
Commentary  |  2/7/2019  | 
When there's a DDoS attack against your voice network, are you ready to fight against it?
DDoS Mitigation Pioneer Launches Network Security Startup
Quick Hits  |  2/7/2019  | 
Barrett Lyon is co-founder of Netography, which emerged today with $2.6M in seed funding from Andreessen Horowitz.
HelpSystems Buys Core Security Assets to Grow Infosec Portfolio
Quick Hits  |  2/6/2019  | 
Acquisition will enable it to provide threat detection, pen testing, and other security tools to customers.
Shellbot Crimeware Re-Emerges in Monero Mining Campaign
News  |  2/5/2019  | 
New attack uses a repurposed version of the Trojan that spreads using Internet Relay Chat.
Taming the Wild, West World of Security Product Testing
Commentary  |  2/5/2019  | 
The industry has long needed an open, industry-standard testing framework. NetSecOPEN is working to make that happen.
Exposed Consumer Data Skyrocketed 126% in 2018
News  |  2/4/2019  | 
The number of data breaches dropped overall, but the amount of sensitive records exposed jumped to 446.5 million last year, according to the ITRC.
6 Security Tips Before You Put a Digital Assistant to Work
Slideshows  |  2/4/2019  | 
If you absolutely have to have Amazon Alexa or Google Assistant in your home, heed the following advice.
How Hackers Could Hit Super Bowl LIII
News  |  2/1/2019  | 
Security threats and concerns abound for the year's biggest football game. What officials and fans can do about it.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.