Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in April 2019
Database Leaks, Network Traffic Top Data Exfiltration Methods
News  |  4/30/2019  | 
Intellectual property and personally identifiable information tie for the type of data IT practitioners are worried about losing.
How to Build a Cloud Security Model
Slideshows  |  4/26/2019  | 
Security experts point to seven crucial steps companies should be taking as they move data and processes to cloud environments.
Go Medieval to Keep OT Safe
Commentary  |  4/26/2019  | 
When it comes to operational technology and industrial control systems, make sure you're the lord of all you survey.
UVA Wins Second Consecutive National Collegiate Cyber Defense Championship
Quick Hits  |  4/25/2019  | 
The Wahoos came out on top among 235 colleges and universities that took part in the 15-year-old competition.
How a Nigerian ISP Accidentally Hijacked the Internet
Commentary  |  4/25/2019  | 
For 74 minutes, traffic destined for Google and Cloudflare services was routed through Russia and into the largest system of censorship in the world, China's Great Firewall.
Enterprise Trojan Detections Spike 200% in Q1 2019
News  |  4/25/2019  | 
Cybercriminals see greater ROI targeting businesses, which have been slammed with ransomware attacks and Trojans.
Survey Shows a Security Conundrum
Quick Hits  |  4/24/2019  | 
A new report examines and quantifies the conflicts and challenges faced by business security leaders.
Demonstration Showcase Brings DevOps to Interop19
News  |  4/23/2019  | 
Attendees will learn how orchestration and automation can be a part of network operations and security, even at smaller companies.
7 Ways to Get the Most from Your IDS/IPS
Slideshows  |  4/23/2019  | 
Intrusion detection and prevention is at the foundation of successful security in-depth. Securing the perimeter requires a solid understanding of these two critical components.
Researchers Find Clues for Dramatically Reducing IDS Traffic Volume
Quick Hits  |  4/19/2019  | 
Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.
Free Princeton Application Provides IoT Traffic Insight
Quick Hits  |  4/19/2019  | 
The application developed by a research group allows users to spot possible IoT security problems.
Cisco Issues 31 Mid-April Security Alerts
News  |  4/18/2019  | 
Among them, two are critical and six are of high importance.
Cloud Security Spend Set to Reach $12.6B by 2023
News  |  4/18/2019  | 
Growth corresponds with a greater reliance on public cloud services.
VPN Vulnerabilities Point Out Need for Comprehensive Remote Security
News  |  4/17/2019  | 
VPNs are the primary tool for securing remote access, but recently disclosed vulnerabilities point out the weakness of relying on them as the only tool.
Meet Scranos: New Rootkit-Based Malware Gains Confidence
News  |  4/16/2019  | 
The cross-platform operation, first tested on victims in China, has begun to spread around the world.
CERT, CISA Warn of Vuln in at Least 4 Major VPNs
Quick Hits  |  4/12/2019  | 
VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.
This Week in Security Funding: Where the Money Went
News  |  4/12/2019  | 
Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.
'Dragonblood' Vulnerabilities Seep Into WPA3 Secure Wifi Handshake
News  |  4/11/2019  | 
A new set of vulnerabilities may put some early adopters of strong Wifi security at greater security risk.
Meet Baldr: The Inside Scoop on a New Stealer
News  |  4/9/2019  | 
Baldr first appeared in January and has since evolved to version 2.2 as attackers aim to build a long-lasting threat.
Craigslist Founder Funds Security Toolkit for Journalists, Elections
News  |  4/9/2019  | 
The free tools will be developed by the Global Cyber Alliance to monitor election infrastructure and processes in the runup to the 2020 Presidential election.
8 Steps to More Effective Small Business Security
Slideshows  |  4/8/2019  | 
Small business face the same security challenges as large enterprises but with much smaller security teams. Here are 8 things to do to get the most from yours.
Ongoing DNS Hijack Attack Hits Consumer Modems and Routers
Quick Hits  |  4/5/2019  | 
The attack campaigns have re-routed DNS requests through illicit servers in Canada and Russia.
How iOS App Permissions Open Holes for Hackers
News  |  4/4/2019  | 
The permissions iOS apps request from users can turn the devices into spy tools and provide a toehold into the enterprise network, according to new research.
Chinese National Carries Malware Into Mar-a-Lago
Quick Hits  |  4/3/2019  | 
A Chinese woman arrested for entering the grounds of Mar-a-Lago under false pretenses was carrying electronic equipment holding malware.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.