Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in April 2020
Microsoft's Records Management Tool Aims to Simplify Data Governance
News  |  4/30/2020  | 
Records Management is intended to help businesses manage security and data governance as more struggle to handle increased amounts of data and regulatory requirements.
Ed-Tech Company Chegg Suffers Third Breach Since 2018
Quick Hits  |  4/30/2020  | 
The latest incident compromised names, Social Security numbers, and other data belonging to 700 current and former Chegg employees.
86% of Companies Report Network Disruption Amid Remote Work Shift
News  |  4/29/2020  | 
Nearly two-thirds say disruptions were at least moderate in severity, and more have seen VPN connectivity issues as employees work from home.
7 Fraud Predictions in the Wake of the Coronavirus
Commentary  |  4/29/2020  | 
It's theme and variations in the fraud world, and fraudsters love -- and thrive -- during chaos and confusion
Security Pros Reassigned to IT Tasks in Coronavirus Pandemic
Quick Hits  |  4/28/2020  | 
Most security practitioners surveyed say their job functions have changed during the pandemic, and 90% are now working remotely full time.
Microsoft Advisory Warns of Vulnerabilities Affecting Office
Quick Hits  |  4/27/2020  | 
The flaws exist in Autodesk's FBX Software Development Kit, which is supported in Microsoft Office 2019 and Office 365 ProPlus.
8 Steps to Enhance Government Agencies' Security Posture
Commentary  |  4/22/2020  | 
Given the heterogeneous architectures of critical state and local systems, it's imperative we learn from the security exposures of other critical infrastructure and pledge to be better
Stimulus Payments Are Popular Leverage for Cyberattacks
News  |  4/20/2020  | 
More than 4,300 domains related to stimulus and relief packages, many of them malicious, have been registered since January.
Researchers Explore Details of Critical VMware Vulnerability
Quick Hits  |  4/17/2020  | 
The vCenter vulnerability, patched on April 9, could give an intruder access to administrative credentials in three steps.
10 Standout Security M&A Deals from Q1 2020
Slideshows  |  4/17/2020  | 
The first quarter of 2020 brought investments in enterprise IoT and endpoint security, as well as billion-dollar investments from private equity firms.
Neglected Infrastructure, Invasive Tech to Plague Infosec in 2022
News  |  4/16/2020  | 
Researchers outline cybersecurity threats they predict businesses will face in two years as technology evolves.
5 Things Ransomware Taught Me About Responding in a Crisis
Commentary  |  4/16/2020  | 
What happened in Atlanta is worth studying because it was one of the earliest cases of a major city ransomware attacks and because it came out the other side stronger and more resilient.
New York State Confirms Breach of Government Network
Quick Hits  |  4/15/2020  | 
The January incident led state officials to hire an external forensics firm and change thousands of employee passwords.
Microsoft Patches 113 Bugs, 3 Under Active Attack
News  |  4/14/2020  | 
Microsoft has seen a 44% jump in the number of CVEs fixed between January and April 2020 compared with the same period in 2019.
How Company Cultures Dictated Work-from-Home Readiness
Commentary  |  4/14/2020  | 
Companies large and small are discovering just how prepared they were for all employees to work remotely
Apple Is Top Pick for Brand Phishing Attempts
Quick Hits  |  4/14/2020  | 
Ten percent of all brand phishing attempts in the first quarter of 2020 tried to deceive victims by imitating the Apple brand.
7 Ways COVID-19 Has Changed Our Online Lives
Slideshows  |  4/14/2020  | 
The pandemic has driven more of our personal and work lives online and for the bad guys, business is booming. Here's how you can protect yourself.
Network Data Shows Spikes, Vulnerability of Work-at-Home Shift
News  |  4/13/2020  | 
Traffic on the public Internet has grown by half this year, and videoconferencing bandwidth has grown by a factor of five, all driven by remote-work edicts.
Dell Releases Security Tool to Defend PCs from BIOS Attacks
News  |  4/13/2020  | 
The SafeBIOS Events & Indicators of Attack tool gives admins visibility into BIOS configuration changes and alerts them to potential threats.
Dutch Police Shut Down 15 DDoS-for-Hire Services
Quick Hits  |  4/13/2020  | 
Officials arrested a man suspected of launching a DDoS attack against two websites that send government updates to citizens.
After Adopting COVID-19 Lures, Sophisticated Groups Target Remote Workers
News  |  4/8/2020  | 
While coronavirus-themed emails and files have been used as a lure for weeks, attackers now are searching for ways to actively target VPNs and remote workers to take advantage of weaker security.
Researchers Fool Biometric Scanners with 3D-Printed Fingerprints
News  |  4/8/2020  | 
Tests on the fingerprint scanners of Apple, Microsoft, and Samsung devices reveal it's possible to bypass authentication with a cheap 3D printer.
Accenture Buys Revolutionary Security in Third Acquisition of 2020
Quick Hits  |  4/8/2020  | 
The deal is intended to strengthen Accenture's critical infrastructure protection capabilities and address more complex IT and OT challenges.
Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates
News  |  4/7/2020  | 
More than half of the top 1 million websites use HTTPS, researchers report, but not all encrypted traffic is safe.
71% of Security Pros See Threats Jump Since COVID-19 Outbreak
Quick Hits  |  4/7/2020  | 
Phishing is the top threat, followed by websites offering false information about the pandemic, malware, and ransomware attacks.
9 Security Podcasts Worth Tuning In To
Slideshows  |  4/7/2020  | 
Recommendations for podcasts discussing news, trends, guidance, and stories across the cybersecurity industry.
Microsoft: Emotet Attack Shut Down an Entire Business Network
News  |  4/6/2020  | 
The infection started with a phishing email and spread throughout the organization, overheating all machines and flooding its Internet connection.
FBI Warns Education & Remote Work Platforms About Cyberattacks
Quick Hits  |  4/3/2020  | 
The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic.
A Day in The Life of a Pen Tester
News  |  4/2/2020  | 
Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
5 Ways Enterprises Inadvertently Compromise Their Network Security
Quick Hits  |  4/2/2020  | 
Is your organization carelessly leaving its networks vulnerable to invasion? Check out these five common oversights to see if your resources are at risk.
Microsoft Alerts Healthcare to Human-Operated Ransomware
News  |  4/1/2020  | 
Microsoft has notified dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure, which could put them at risk.
Major Cloud, CDN Providers Join Secure Routing Initiative
News  |  4/1/2020  | 
Akamai, AWS, Azion, Cloudflare, Facebook, and Netflix are now members of the Mutually Agreed Norms for Routing Security (MANRS) effort.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd