Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in May 2018
New Federal Report Gives Guidance on Beating Botnets
News  |  5/31/2018  | 
A report from the Departments of Commerce and Homeland Security provides five goals for protecting infrastructure from botnets and other automated threats.
Thoma Bravo Acquires Majority Stake in LogRhythm
Quick Hits  |  5/31/2018  | 
The SIEM vendor sells stake to private equity firm.
FireEye Offers Free Tool to Detect Malicious Remote Logins
News  |  5/30/2018  | 
Open source GeoLogonalyzer helps to weed out hackers exploiting stolen credentials to log into their targets.
FBI Warns Users to Reboot All SOHO Routers
Quick Hits  |  5/29/2018  | 
Everyone with a home router should reboot their systems as a precaution in the wake of the recently discovered VPNFilter attack infrastructure.
Malwarebytes Buys Binisoft for Firewall Management
Quick Hits  |  5/24/2018  | 
Vendor plans to integrate Binisoft's Windows Firewall Control into the Malwarebytes endpoint protection platform.
Cybercriminals Battle Against Banks' Incident Response
News  |  5/22/2018  | 
'Filess' attacks account for more than half of successful breaches of bank networks, new data shows.
Tanium's Valuation Reaches $5 Billion With New Investment
Quick Hits  |  5/17/2018  | 
Tanium has received a $175 million investment from TPG Growth.
7 Tools for Stronger IoT Security, Visibility
Slideshows  |  5/16/2018  | 
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
IT Pros Worried About IoT But Not Prepared to Secure It
News  |  5/16/2018  | 
Few organizations have a security policy in place for Internet of Things devices, new survey shows.
Hide and Seek Brings Persistence to IoT Botnets
News  |  5/11/2018  | 
The rapidly evolving Hide and Seek botnet is now persistent on a wide range of infected IoT devices.
Script Kiddies, Criminals Hacking Video Streams for Fun & Profit
Quick Hits  |  5/9/2018  | 
Video streams are getting hijacked for 'prestige,' DDoS, and financial gain, a new report found.
10 Lessons From an IoT Demo Lab
Slideshows  |  5/7/2018  | 
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
LoJack Attack Finds False C2 Servers
News  |  5/1/2018  | 
A new attack uses compromised LoJack endpoint software to take root on enterprise networks.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.