Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in June 2020
Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn
News  |  6/30/2020  | 
After Palo Alto Networks alerted users to a simple-to-exploit vulnerability in its network security gear, security agencies quickly warn that attackers won't wait to jump on it.
CISA Issues Advisory on Home Routers
Quick Hits  |  6/30/2020  | 
The increase in work-from-home employees raises the importance of home router security.
7 Tips for Effective Deception
Slideshows  |  6/25/2020  | 
The right decoys can frustrate attackers and help detect threats more quickly.
Apple Buys Fleetsmith
Quick Hits  |  6/24/2020  | 
The fleet management company becomes part of Apple in a deal announced today.
Back to Basics with Cloud Permissions Management
Commentary  |  6/23/2020  | 
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
Pandemic Accelerates Priceline's 'Coffee Shop' Remote-Access Strategy
News  |  6/22/2020  | 
The travel-booking giant had been slowly starting to transition away from VPN dependence. Then COVID-19 happened, and suddenly 700 third-party call-center workers were working from home.
Firmware Flaw Allows Attackers to Evade Security on Some Home Routers
News  |  6/22/2020  | 
Networking devices sold under at least one major brand have a firmware vulnerability that allows hackers to take control of the device, a cybersecurity firm claims.
Healthcare CISOs Share COVID-19 Response Stories
News  |  6/18/2020  | 
Cybersecurity leaders discussed the threats and challenges that arose during the pandemic, and how they responded, during a virtual roundtable.
3 Things Wilderness Survival Can Teach Us About Email Security
Commentary  |  6/17/2020  | 
It's a short hop from shows like 'Naked and Afraid' and 'Alone' to your email server and how you secure it
'Ripple20' Bugs Plague Enterprise, Industrial & Medical IoT Devices
News  |  6/16/2020  | 
Researchers discover 19 vulnerabilities in a TCP/IP software library manufacturers have used in connected devices for 20 years.
Hosting Provider Hit With Largest-Ever DDoS Attack
News  |  6/16/2020  | 
Likely looking to make a statement, attackers targeted specific websites hosted by a single provider with a 1.44 terabit-per-second distributed denial-of-service attack, according to Akamai.
83% of Forbes 2000 Companies' Web Domains Are Poorly Protected
News  |  6/16/2020  | 
Only a handful have controls against domain-name hijacking, DNS modifications, and other threats, a new CSC study finds.
Cisco Brings SecureX into Full Security Lineup to Cut Complexity
News  |  6/16/2020  | 
This step is intended to address growing enterprise concerns around security and complexity, both top of mind among CISOs and CIOs.
Knoxville Pulls IT Systems Offline Following Ransomware Attack
Quick Hits  |  6/12/2020  | 
Knoxville's government took its network offline and turned off infected servers and workstations after a ransomware attack this week.
7 Must-Haves for a Rockin' Red Team
Slideshows  |  6/12/2020  | 
Follow these tips for running red-team exercises that will deliver added insight into your operations.
The Future Will Be Both Agile and Hardened
Commentary  |  6/12/2020  | 
What COVID-19 has taught us about the digital revolution.
'Highly Active' APT Group Targeting Microsoft Office, Outlook
Quick Hits  |  6/11/2020  | 
The Gamaredon group has ramped up activity in recent months and makes no effort to stay under the radar, researchers report.
Attack Surface Area Larger Than Most Businesses Believe
News  |  6/11/2020  | 
Workers are not the only outside-the-perimeter security risk. Companies have a variety of vulnerable Internet-facing resources exposing their business to risk, study finds.
Honda Pauses Production Due to Cyberattack
Quick Hits  |  6/9/2020  | 
The attack reportedly infected internal servers and forced Honda to halt production at plants around the world on Monday.
Chinese and Iranian APT Groups Targeted US Presidential Campaigns
News  |  6/8/2020  | 
Google analysts report advanced persistent threat groups linked to China and Iran launched phishing attacks against the Biden and Trump campaigns.
New 'Tycoon' Ransomware Strain Targets Windows, Linux
News  |  6/4/2020  | 
Researchers say Tycoon ransomware, which has targeted software and educational institutions, has a few traits they haven't seen before.
Chasing RobbinHood: Up Close with an Evolving Threat
News  |  6/3/2020  | 
A security researcher details how RobbinHood has changed and why it remains a threat for businesses to watch.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.
CVE-2020-4969
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniq...
CVE-2020-26285
PUBLISHED: 2021-01-21
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to import/export data and to create widget instances was able to inject an exe...
CVE-2020-26295
PUBLISHED: 2021-01-21
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.5, an administrator with permission to import/export data and to edit cms pages was able to inject an executable file on the server via layout xml. The latest OpenMage Versions up from 19.4.9 and ...