Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in August 2019
Google Uncovers Massive iPhone Attack Campaign
News  |  8/30/2019  | 
A group of hacked websites has been silently compromising fully patched iPhones for at least two years, Project Zero reports.
To Navigate a Sea of Cybersecurity Solutions, Learn How to Fish
Commentary  |  8/30/2019  | 
Three steps for relieving the pressure of picking the right tools.
Google Cloud Releases Beta of Managed Service to Microsoft AD
Quick Hits  |  8/29/2019  | 
Managed Service for Microsoft Active Directory was built to help admins handle cloud-based workloads.
Malware Found in Android App with 100M Users
Quick Hits  |  8/28/2019  | 
CamScanner, a legitimate app used to scan and manage documents, was found executing payloads on Android devices.
New 'Lyceum' Threat Group Eyes Critical Infrastructure
Quick Hits  |  8/27/2019  | 
Researchers report Lyceum, otherwise known as Hexane, has targeted organizations in South Africa and the Middle East.
Unsecured IoT: 8 Ways Hackers Exploit Firmware Vulnerabilities
Commentary  |  8/27/2019  | 
As new Internet of Things products enter the market, speed shouldn't trump concerns about security.
More Than Half of Social Media Login Attempts Are Fraud
News  |  8/26/2019  | 
Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states.
Cryptography & the Hype Over Quantum Computing
Commentary  |  8/26/2019  | 
It's not time to move to post-quantum cryptography yet -- too many things are still up in the air. But you can start to become prepared by making sure your infrastructure is agile.
Threat Intelligence Gateways: A Useful Adjunct to Overworked Perimeter Security
Commentary  |  8/22/2019  | 
Comparative research shows the relative strengths and weaknesses of five TIG vendors and which kinds of security organization will reap the most benefit.
'Box Shield' Brings New Security Controls
News  |  8/21/2019  | 
New controls and threat detection capabilities built into Box aim to prevent accidental data leakage and misuse.
7 Big Factors Putting Small Businesses At Risk
Slideshows  |  8/21/2019  | 
Small organizations still face a long list of security threats. These threats and vulnerabilities should be top of mind.
68% of Companies Say Red Teaming Beats Blue Teaming
Quick Hits  |  8/15/2019  | 
The majority of organizations surveyed find red team exercises more effective than blue team testing, research shows.
Stronger Defenses Force Cybercriminals to Rethink Strategy
News  |  8/14/2019  | 
Researchers see the rise of new relationships and attack techniques as criminals put companies' resilience to the test.
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
News  |  8/13/2019  | 
Similar to the now-patched 'BlueKeep' vulnerability, two flaws fixed today could let malware spread across vulnerable computers.
2019 Pwnie Award Winners (And Those Who Wish They Weren't)
Slideshows  |  8/13/2019  | 
This year's round-up includes awards into two new categories: most under-hyped research and epic achievement.
Rethinking Website Spoofing Mitigation
Commentary  |  8/7/2019  | 
Deception technology is evolving rapidly, making it easier for organizations to turn the tables on their attackers. Here's how.
Russian Attack Group Uses Phones & Printers to Breach Corporate Networks
Quick Hits  |  8/6/2019  | 
Microsoft spotted Strontium, also known as APT28 or Fancy Bear, using IoT devices to breach businesses and seek high-value data.
Destructive Malware Attacks Up 200% in 2019
News  |  8/5/2019  | 
Organizations hit with destructive malware can lose more than 12,000 machines and face $200 million or more in costs, IBM X-Force reports.
Capital One: What We Should Learn This Time
News  |  8/2/2019  | 
Where Capital One went wrong, what the bank did right, and more key takeaways from the latest mega-breach.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.