Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in June 2018
Redefining Security with Blockchain
Commentary  |  6/28/2018  | 
Blockchain offers a proactive approach to secure a new generation of digital platforms and services for both enterprises and individuals.
10 Tips for More Secure Mobile Devices
Slideshows  |  6/27/2018  | 
Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.
Fairhair Alliance Building IoT Security Architecture
Quick Hits  |  6/26/2018  | 
A group of companies in the building automation and IoT space is working for a coherent security architecture that incorporates multiple standards.
Artificial Intelligence & the Security Market
News  |  6/21/2018  | 
A glimpse into how two new products for intrusion detection and entity resolution are using AI to help humans do their jobs.
7 Places Where Privacy and Security Collide
Slideshows  |  6/21/2018  | 
Privacy and security can experience tension at a number of points in the enterprise. Here are seven plus some possibilities for easing the strain.
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
News  |  6/20/2018  | 
Hackers are using the infrastructure, meant to transmit data between applications, for command and control.
The Best and Worst Tasks for Security Automation
Slideshows  |  6/20/2018  | 
As with all new tech, there are good times and and bad times to use it. Security experts share which tasks to prioritize for automation.
CrowdStrike Secures $200M Funding Round
Quick Hits  |  6/19/2018  | 
The new funding round brings the company's valuation to more than $3 billion.
Email, Social Media Still Security Nightmares
Quick Hits  |  6/15/2018  | 
Phishing and banking trojans continue to be major threats brought into the enterprise.
Meet 'Bro': The Best-Kept Secret of Network Security
Commentary  |  6/14/2018  | 
This often overlooked open source tool uses deep packet inspection to transform network traffic into exceptionally useful, real-time data for security operations.
SAP CSO: Security Requires Context
News  |  6/11/2018  | 
Security depends on the apps and networks it protects. SAP CSO Justin Somaini discusses three scenarios.
FireEye Finds New Clues in TRITON/TRISIS Attack
News  |  6/8/2018  | 
Attackers behind the epic industrial-plant hack reverse-engineered the safety-monitoring system's proprietary protocol, researchers found.
In Pursuit of Cryptography's Holy Grail
Commentary  |  6/7/2018  | 
Homomorphic encryption eliminates the need for data exposure at any point something that certainly would be welcome these days.
Survey Shows Florida at the Bottom for Consumer Cybersecurity
News  |  6/6/2018  | 
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
Web Application Firewalls Adjust to Secure the Cloud
News  |  6/4/2018  | 
Cloud-based WAFs protect applications without the costs and complexity of on-prem hardware. Here's what to keep in mind as you browse the growing market.
Fortinet Completes Bradford Networks Purchase
Quick Hits  |  6/4/2018  | 
NAC and security firm added to Fortinet's portfolio.
Building a Safe, Efficient, Cost-Effective Security Infrastructure
Commentary  |  6/4/2018  | 
The Industrial Internet of Things allows organizations to address both physical and digital security concerns.
5 Tips for Protecting SOHO Routers Against the VPNFilter Malware
Slideshows  |  6/2/2018  | 
Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.