Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in August 2011
Smartphones And Tablets Targets For Getting 'Juiced'
Commentary  |  8/29/2011  | 
Awareness campaign at DefCon shows how easy data can be stolen from smartphones using free charging kiosks
Salesforce To Announce Acquisition Of Crypto Provider
News  |  8/24/2011  | 
SaaS provider's purchase of Navajo Systems could help allay concerns of some cloud security skeptics, experts say
PCI QSA Status Revocation A Shot Across The Bow For QSAs?
Commentary  |  8/24/2011  | 
The PCI Security Council's move spells trouble for unscrupulous QSAs and shows that the Council means business in enforcing its quality standards
Fraud Detection And DAM
Commentary  |  8/23/2011  | 
DAM can be used for fraud detection, but you need to review your alerts
HP's Biggest Problem: Securing Its Message
Commentary  |  8/19/2011  | 
HP's stock has fallen more than 20 points this week largely because its change in direction was leaked and HP's message was lost
Tech Insight: Cutting-Edge Techniques For Data Exfiltration
News  |  8/19/2011  | 
It's 3 a.m. Do you know where your data is? Here's a look at how it might be getting out
Medical Device Security Under Fire At Black Hat, DefCon
Commentary  |  8/18/2011  | 
New research on medical device security is shining light on potentially deadly vulnerabilities
Lancope Announces StealthWatch 6.1
News  |  8/16/2011  | 
StealthWatch 6.1 integrates in-depth intelligence from the internal network with the behavioral analysis of flow data from perimeter devices
Database Auditing, Forensics Style
Commentary  |  8/15/2011  | 
Forensic auditing of databases is not new, but there's a growing need for breach analysis
Dark Reading Launches New Tech Center On Security And Compliance
Commentary  |  8/15/2011  | 
New Compliance Tech Center will cover relationship between security initiatives and compliance initiatives
WarVOX Gets An Overhaul; Wardialing Added To Metasploit
Commentary  |  8/12/2011  | 
Rewrite of WarVOX brings new features, better audio fingerprinting, and a Ruby VoIP stack that has been integrated into Metasploit
Judge Thyself
Commentary  |  8/11/2011  | 
The haters came out of the woodwork regarding Defcon Kids. What are they scared of? That kids may actually learn something useful?
New Free Tool Helps Gather Attackers' 'Footprints'
News  |  8/10/2011  | 
Researchers simplify the process of physical memory analysis in forensics investigations
Tween Hacker's Time-Travel Trick
Commentary  |  8/10/2011  | 
DefCon Kid discovers new class of vulns
Cloud Security Certification Not So Simple
Commentary  |  8/9/2011  | 
Current pass rate of CSA's CCSK test is only 53 percent
McAfee Finds A Shady RAT -- But I Smell Something Worse
Commentary  |  8/8/2011  | 
A serious problem in adequate disclosure could represent a bigger exposure than the massive ongoing attacks in the report
Power Hack Can Force Home, Office Blackouts
Quick Hits  |  8/5/2011  | 
New free tools can be used to remotely force open doors, unlock windows, trigger alarms -- and turn out the lights
WAFs And SQL Injection
Commentary  |  8/1/2011  | 
WAFs protect databases from SQL injection for only so long


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd