Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in June 2019
Page 1 / 2   >   >>
Cloud Provider PCM Suffers Data Breach
Quick Hits  |  6/28/2019  | 
Attackers were reportedly able to compromise email and file-sharing systems for some of PCM's customers.
Former Equifax CIO Sentenced to Prison for Insider Trading
Quick Hits  |  6/27/2019  | 
Jun Ying is the second Equifax employee found guilty of insider trading related to the massive 2017 data breach.
7 Ways to Mitigate Supply Chain Attacks
Slideshows  |  6/27/2019  | 
Breaches caused by external vendors and service providers have become a major and escalating problem for organizations.
Inside MLS, the New Protocol for Secure Enterprise Messaging
News  |  6/27/2019  | 
As personal messaging platforms see the rise of end-to-end encryption, businesses struggle to provide strong levels of security.
Understanding & Defending Against Polymorphic Attacks
Commentary  |  6/27/2019  | 
Polymorphic malware is far from a new thing. But today, what is good for attackers is also good for defenders. Here's why.
Office 365 Multifactor Authentication Done Right
Commentary  |  6/27/2019  | 
Why the ubiquitous nature of Office 365 poses unique challenges for MFA-based security and how organizations can protect themselves.
Developers and Security Teams Under Pressure to Collaborate
News  |  6/26/2019  | 
The challenges and benefits to getting two traditionally adversarial groups on the same page.
Breaking the Endless Cycle of 'Perfect' Cybercrimes
Commentary  |  6/26/2019  | 
A two-step strategy for creating an attack environment that is more complex, less profitable, and more likely to expose the attacker.
Global Cyberattack Campaign Hit Mobile Carrier Networks
News  |  6/25/2019  | 
A nation-state group possibly out of China has attacked cell carrier networks in search of data on high-value individuals.
AWS CISO Talks Risk Reduction, Development, Recruitment
News  |  6/25/2019  | 
Steve Schmidt says limiting access to data has dramatically changed the security posture across Amazon Web Services.
AWS Makes Control Tower & Security Hub Generally Available
Quick Hits  |  6/25/2019  | 
Security Hub aims to manage security across an AWS environment; Control Tower handles security and compliance for multi-account environments.
The Rise of Silence and the Fall of Coinhive
Commentary  |  6/25/2019  | 
Cryptomining will exist as long as it remains profitable. One of the most effective ways to disrupt that activity is to make it too expensive to run cryptomining malware in your network.
DDoS-for-Hire Services Doubled in Q1
News  |  6/24/2019  | 
Impact of FBI's takedown of 15 'booter' domains last December appears to have been temporary.
A Socio-Technical Approach to Cybersecurity's Problems
News  |  6/24/2019  | 
Researchers explore how modern security problems can be solved with an examination of society, technology, and security.
Never Trust, Always Verify: Demystifying Zero Trust to Secure Your Networks
Commentary  |  6/24/2019  | 
The point of Zero Trust is not to make networks, clouds, or endpoints more trusted; it's to eliminate the concept of trust from digital systems altogether.
Cyber-Risks Hiding Inside Mobile App Stores
News  |  6/21/2019  | 
As the number of blacklisted apps on Google Play continues to drop, attackers find new ways to compromise smartphones.
Startup Raises $13.7M to Stop Breaches with Behavioral Analytics
Quick Hits  |  6/21/2019  | 
TrueFort plans to use the funding to expand sales, marketing, R&D, customer support, and go-to-market initiatives.
Patrolling the New Cybersecurity Perimeter
Commentary  |  6/21/2019  | 
Remote work and other developments demand a shift to managing people rather than devices.
'Democratizing' Machine Learning for Fraud Prevention & Payments Intelligence
Commentary  |  6/20/2019  | 
How fraud experts can fight cybercrime by 'downloading' their knowledge and experience into computer models.
Small Businesses May Not Be Security's Weak Link
Quick Hits  |  6/20/2019  | 
Organizations with 250 or fewer employees often employ a higher percentage of security pros than their larger counterparts.
7 2019 Security Venture Fund Deals You Should Know
Slideshows  |  6/20/2019  | 
2019 has, so far, been a busy year for venture capitalists in the security industry. Here are 7 funding rounds important because of the technologies or market trends they represent.
With GDPR's 'Right of Access,' Who Really Has Access?
News  |  6/19/2019  | 
How a security researcher learned organizations willingly hand over sensitive data with little to no identity verification.
Cost per Cyberattack Jumps to $4.6M in 2019
Quick Hits  |  6/19/2019  | 
From 2018 to 2019, the percentage of cyberattacks costing $10 million or more nearly doubled, hitting 13%.
How Hackers Emptied Church Coffers with a Simple Phishing Scam
Commentary  |  6/19/2019  | 
Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.
Insecure Home IoT Devices a Clear and Present Danger to Corporate Security
News  |  6/19/2019  | 
Avast-sponsored study shows wide prevalence of IoT devices, many with weak credentials and other security vulnerabilities.
As Cloud Adoption Grows, DLP Remains Key Challenge
News  |  6/18/2019  | 
As businesses use the cloud to fuel growth, many fail to enforce data loss prevention or control how people share data.
The Evolution of Identity
Commentary  |  6/18/2019  | 
How data and technology can help businesses make the right fraud decisions, protect people's identities, and create an improved customer experience.
Google Targets Deceptive Sites with New Chrome Tools
Quick Hits  |  6/18/2019  | 
A new extension and browser alert aim to help users report deceptive sites and prevent them from encountering fraud.
How Fraudulent Domains 'Hide in Plain Sight'
News  |  6/18/2019  | 
Cybercriminals use new types of top-level domains, topical keywords, and targeted emails to trick victims into clicking malicious links.
New Decryptor Unlocks Latest Versions of Gandcrab
Quick Hits  |  6/17/2019  | 
The decryptor neutralizes GandCrab versions 5.0 through 5.2 and lets victims unlock their files for free.
10 Notable Security Acquisitions of 2019 (So Far)
Slideshows  |  6/15/2019  | 
In a year when security companies have been snapped up left and right, these deals stand out from the chaos.
Triton Attackers Seen Scanning US Power Grid Networks
News  |  6/14/2019  | 
The development follows speculation and concern among security experts that the attack group would expand its scope to the power grid.
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
News  |  6/13/2019  | 
New analysis shows widespread DNS protection could save organizations as much as $200 billion in losses every year.
Congress Gives 'Hack Back' Legislation Another Try
Quick Hits  |  6/13/2019  | 
Officials reintroduce a bill that would let businesses monitor attacker behavior and target intruders on corporate networks.
7 Truths About BEC Scams
Slideshows  |  6/13/2019  | 
Business email compromise attacks are growing in prevalence and creativity. Here's a look at how they work, the latest stats, and some recent horror stories.
The Rise of 'Purple Teaming'
Commentary  |  6/13/2019  | 
The next generation of penetration testing represents a more collaborative approach to old fashioned Red Team vs. Blue Team.
DNS Observatory Offers Researchers New Insight into Global DNS Activity
News  |  6/12/2019  | 
Among its early findings, 60% of the DNS transactions captured were handled by just 1,000 name servers.
CrowdStrike Prices IPO Above Range at $34
News  |  6/12/2019  | 
The endpoint security firm raised $612 million ahead of today's public debut.
Microsoft Issues Fixes for 88 Vulnerabilities
News  |  6/11/2019  | 
Four of the flaws are publicly known but none have been listed as under active attack.
What 3 Powerful GoT Women Teach Us about Cybersecurity
Commentary  |  6/11/2019  | 
Imagine Game of Thrones' Daenerys Targaryen, Arya Stark, and Cersei Lannister on the front lines in the real-world battleground of enterprise security.
Getting Up to Speed on Magecart
Commentary  |  6/11/2019  | 
Greater awareness of how Magecart works will give your company a leg up on the growing threat from this online credit card skimmer. Here are four places to start.
Cognitive Bias Can Hamper Security Decisions
News  |  6/10/2019  | 
A new report sheds light on how human cognitive biases affect cybersecurity decisions and business outcomes.
GoldBrute Botnet Brute-Forcing 1.5M RDP Servers
Quick Hits  |  6/10/2019  | 
Botnets are scanning the Internet for servers exposing RDP and using weak, reused passwords to obtain access.
Unmixed Messages: Bringing Security & Privacy Awareness Together
Commentary  |  6/10/2019  | 
Security and privacy share the same basic goals, so it just makes sense to combine efforts in those two areas. But that can be easier said than done.
The Minefield of Corporate Email
News  |  6/7/2019  | 
Email security challenges CISOs as cybercriminals target corporate inboxes with malware, phishing attempts, and various forms of fraud.
Cisco Buys Sentryo
News  |  6/6/2019  | 
Cisco is adding the French company's network visibility products to its IoT network lineup.
ADT Teams Up with SonicWall for SMB Security Services
News  |  6/6/2019  | 
More than half of all SMBs plan to rely on third party providers for their security tools and services, according to IDC.
SentinelOne Raises $120M in Series D Funding
Quick Hits  |  6/5/2019  | 
The endpoint security company already has specific plans for the new funds.
NSA Issues Advisory for 'BlueKeep' Vulnerability
Quick Hits  |  6/5/2019  | 
The National Security Agency joins Microsoft in urging Windows admins to patch 'wormable' bug CVE-2019-0708.
CISOs & CIOs: Better Together
Commentary  |  6/5/2019  | 
An overview of three common organizational structures illustrates how NOT to pit chief security and IT execs against each other.
Page 1 / 2   >   >>


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd