Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in July 2020
Twitter: Employees Compromised in Phone Spear-Phishing Attack
Quick Hits  |  7/31/2020  | 
The attack earlier this month started with a spear-phishing attack targeting Twitter employees, the company says in a new update.
3 Ways Social Distancing Can Strengthen Your Network
Commentary  |  7/31/2020  | 
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
Using the Attack Cycle to Up Your Security Game
Commentary  |  7/30/2020  | 
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
DDoS Botnets Are Entrenched in Asia & Amplification Attacks Set Records
News  |  7/21/2020  | 
China, Vietnam, and Taiwan are top sources of DDoS botnet activity, but the top data floods use a variety of amplification attacks, a report finds.
Microsoft 365 Updated with New Security, Risk, Compliance Tools
News  |  7/21/2020  | 
Updates built for remote employees include an endpoint data loss prevention platform, insider risk management, and double key encryption.
G Suite Security Updates Bring New Features to Gmail, Meet & Chat
Quick Hits  |  7/21/2020  | 
New security features include support for a new standard in Gmail, phishing protection in Chat, and additional admin controls.
Cybercriminals Targeted Streaming Services to Provide Pandemic Entertainment
News  |  7/17/2020  | 
Prior to 2020, about 1 in 5 credential attacks targeted video services, but that's nothing compared to the first quarter of 2020, according to newly published data.
Major Flaws Open the Edge to Attack
News  |  7/16/2020  | 
Attackers are using critical exploits for flaws in VPN appliances, app-delivery services, and other network-edge hardware and software to punch through corporate perimeters. What can companies do?
Microsoft Patches Wormable RCE Flaw in Windows DNS Servers
News  |  7/14/2020  | 
Patch Tuesday security updates address a critical vulnerability in Windows DNS Servers, which researchers believe is likely to be exploited.
Google Cloud Unveils 'Confidential VMs' to Protect Data in Use
News  |  7/14/2020  | 
Confidential Virtual Machines, now in beta, will let Google Cloud customers keep data encrypted while it's in use.
Zero-Trust Efforts Rise with the Tide of Remote Working
News  |  7/13/2020  | 
With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace.
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Commentary  |  7/10/2020  | 
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
Huge DDoS Attack Launched Against Cloudflare in Late June
Quick Hits  |  7/9/2020  | 
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.
Pen Testing ROI: How to Communicate the Value of Security Testing
Commentary  |  7/9/2020  | 
There are many reasons to pen test, but the financial reasons tend to get ignored.
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
News  |  7/7/2020  | 
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.
Attackers Scan for Vulnerable BIG-IP Devices After Flaw Disclosure
News  |  7/6/2020  | 
The US Cybersecurity and Infrastructure Security Agency encourages organizations to patch a critical flaw in the BIG-IP family of application delivery controllers, as firms find evidence that attackers are scanning for the critical vulnerability.
BIG-IP Vulnerabilities Could be Big Trouble for Customers
Quick Hits  |  7/2/2020  | 
Left unpatched, pair of vulnerabilities could give attackers wide access to a victim's application delivery network.
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Commentary  |  7/2/2020  | 
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
Businesses Invest in Cloud Security Tools Despite Concerns
News  |  7/1/2020  | 
A majority of organizations say the acceleration was driven by a need to support more remote employees.
4 Steps to a More Mature Identity Program
Commentary  |  7/1/2020  | 
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd