Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in August 2020
Slack Patches Critical Desktop Vulnerability
News  |  8/31/2020  | 
The remote code execution flaw could allow a successful attacker to fully control the Slack desktop app on a target machine.
Fastly to Acquire Signal Sciences for $775M
Quick Hits  |  8/27/2020  | 
Signal Sciences' technology will be used to build a new web application and API security tool called [email protected]
Higher Education CISOs Share COVID-19 Response Stories
News  |  8/26/2020  | 
Security leaders from Stanford, Ohio State, and the University of Chicago share challenges and response tactics from the COVID-19 pandemic.
Russian National Arrested for Conspiracy to Hack Nevada Company
Quick Hits  |  8/26/2020  | 
The defendant allegedly planned to pay an employee $1 million to infect the company network with malware.
Attackers Use Unicode & HTML to Bypass Email Security Tools
News  |  8/24/2020  | 
Researchers spot cybercriminals using new techniques to help malicious phishing emails slip past detection tools.
DeathStalker APT Targets SMBs with Cyber Espionage
Quick Hits  |  8/24/2020  | 
The hacker-for-hire group, operating since at least 2012, primarily targets financial firms.
Stolen Data: The Gift That Keeps on Giving
Commentary  |  8/19/2020  | 
Users regularly reuse logins and passwords, and data thieves are leveraging that reality to breach multiple accounts.
New Campaign Combines Extortion, DDoS
Quick Hits  |  8/18/2020  | 
Latest attacks bank on the reputation of two prominent APT groups to increase the threat credibility.
New 'Duri' Campaign Uses HTML Smuggling to Deliver Malware
News  |  8/18/2020  | 
Researchers who detected the attack explain what businesses should know about the HTML smuggling technique.
Cybersecurity Companies Among Smaller Firms Hit with Brand Spoofing
News  |  8/17/2020  | 
Researchers find smaller organizations, including some in the cybersecurity space, increasingly targeted with these impersonation attacks.
DHS CISA Warns of Phishing Emails Rigged with KONNI Malware
Quick Hits  |  8/14/2020  | 
Konni is a remote administration tool cyberattackers use to steal files, capture keystrokes, take screenshots, and execute malicious code.
7 Ways to Keep Your Remote Workforce Safe
Slideshows  |  8/14/2020  | 
These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.
RedCurl APT Group Hacks Global Companies for Corporate Espionage
News  |  8/13/2020  | 
Researchers analyze a presumably Russian-speaking APT group that has been stealing corporate data since 2018.
Emotet Return Brings New Tactics & Evasion Techniques
News  |  8/13/2020  | 
Security researchers tracking Emotet report its reemergence brings new tricks, including new evasion techniques to bypass security tools.
SANS Security Training Firm Hit with Data Breach
Quick Hits  |  8/12/2020  | 
A phishing email allowed an attacker to compromise a SANS employee's email environment, the organization reports.
Microsoft Patches 120 Vulnerabilities, Two Zero-Days
News  |  8/11/2020  | 
The August 2020 Patch Tuesday marks the sixth month in a row Microsoft released patches for more than 110 vulnerabilities.
Where Dark Reading Goes Next
News  |  8/6/2020  | 
Dark Reading Editor-in-Chief gives a complete rundown of all the Dark Reading projects you might not even know about, his insight into the future of the security industry, and how we plan to cover it.
Using IoT Botnets to Manipulate the Energy Market
News  |  8/6/2020  | 
Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall.
Pen Testers Share the Inside Story of Their Arrest and Exoneration
News  |  8/5/2020  | 
Coalfire'sGary De Mercurio and Justin Wynnshare the inside story of their infamous arrest last year while conducting a contractedred-team engagement in an Iowa courthouse -- and what it took to clear their names.
Microsoft Teams Vulnerable to Patch Workaround, Researchers Report
News  |  8/5/2020  | 
Attackers could work around an earlier patch and use Microsoft Teams Updater to download binaries and payloads.
Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020
Quick Hits  |  8/5/2020  | 
The 2019-2020 program year awarded 327 security researchers through 15 bounty programs, with a largest reward of $200,000.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21272
PUBLISHED: 2021-01-25
ORAS is open source software which enables a way to push OCI Artifacts to OCI Conformant registries. ORAS is both a CLI for initial testing and a Go Module. In ORAS from version 0.4.0 and before version 0.9.0, there is a "zip-slip" vulnerability. The directory support feature allows the ...
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.