Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in April 2011
Kind Of A Mess
Commentary  |  4/27/2011  | 
Internet needs an infrastructure that enables back ends and users to communicate with each other using better authentication--and allows any number of authentication technologies to sign into it
A Not-So Targeted Targeted Attack
Commentary  |  4/25/2011  | 
RSA was likely among several targets associated with a broader campaign that was designed to seek out industrial secrets
What's Good About iPhone's Location Tracking
Commentary  |  4/22/2011  | 
The iPhone tracking disclosure this week showcases an unfortunate tendency for device manufacturers to focus excessively on their needs and forget those of their users
Verizon Data Breach Report: Bad Guys Target Low-Hanging Fruit
News  |  4/19/2011  | 
Cybercriminals steering away from big caches of data, using simpler tactics to crack smaller enterprises
Dark Reading Launches Cloud Security Tech Center
Commentary  |  4/18/2011  | 
New subsite will focus on news and analysis of security issues in public and private cloud environments
Product Watch: Sourcefire Expands IPS Line
News  |  4/17/2011  | 
Snort creator adds low-end device, new modular hardware platform, and upgrade to its next-generation IPS software
Android Unsafe At Any Price
Commentary  |  4/15/2011  | 
Google's approach of offering little support to vendors that deploy the OS is worrisome, among other things
Locking Down Database Files In The Cloud
Commentary  |  4/11/2011  | 
Database encryption in the cloud is not ready for prime time.
Securing Databases In The Cloud: Part 4
Commentary  |  4/7/2011  | 
What kind of data do you have, and how do you want to protect it?
RSA Breach Disclosure: It's Not About You
Commentary  |  4/7/2011  | 
Unless you're an RSA customer, you don't need to know more details about the hack
IT GRC, ESIM Vendors Dig In For War
Commentary  |  4/5/2011  | 
With no sign of the two technologies combining into one, where does that leave the buyer?
The Public Key Infrastructure Under Siege
Commentary  |  4/4/2011  | 
The abuse of certificates in the Stuxnet and Comodo attacks should come as no surprise given the flawed trust model


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd