Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in September 2018
7 Most Prevalent Phishing Subject Lines
Slideshows  |  9/28/2018  | 
The most popular subject lines crafted to trick targets into opening malicious messages, gleaned from thousands of phishing emails.
Security Flaw Found in Apple Mobile Device Enrollment Program
News  |  9/27/2018  | 
Authentication weakness in Apple's DEP could open a window of opportunity for attackers.
Inside Microsoft Azure Sphere
News  |  9/26/2018  | 
Microsoft engineer details how the company's IoT security solution operates - at multiple layers starting with the microcontroller.
SEC Slams Firm with $1M Fine for Weak Security Policies
Quick Hits  |  9/26/2018  | 
This is the first SEC enforcement cracking down on violation of the Identity Theft Red Flags Rule, intended to protect confidential data.
The Cyber Kill Chain Gets a Makeover
News  |  9/25/2018  | 
A new report demonstrates how the cyber kill chain is consolidating as criminals find ways to accelerate the spread of their targeted cyberattacks.
Fault-Tolerant Method Used for Security Purposes in New Framework
News  |  9/24/2018  | 
A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.
Microsoft Deletes Passwords for Azure Active Directory Applications
News  |  9/24/2018  | 
At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.
Think Like An Attacker: How a Red Team Operates
News  |  9/20/2018  | 
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Commentary  |  9/20/2018  | 
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
The Top 5 Security Threats & Mitigations for Industrial Networks
Commentary  |  9/18/2018  | 
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
Modular Malware Brings Stealthy Attacks to Former Soviet States
News  |  9/12/2018  | 
A new malware technique is making phishing attacks harder to spot when they succeed.
8 Attack Vectors Puncturing Cloud Environments
Slideshows  |  9/7/2018  | 
These methods may not yet be on your security team's radar, but given their impact, they should be.
Take (Industrial) Control: A Look at the 2018 ICS Threat Landscape
News  |  9/6/2018  | 
New research sheds light on the biggest threats to strike ICS systems in the first half of 2018, and what's in store for the rest of this year.
7 Ways Blockchain is Being Used for Security
Slideshows  |  9/5/2018  | 
Blockchain is being used as a security tool. If you haven't thought about adopting it, you might want to reconsider your take.
NIST Releases Draft on BGP Security
Quick Hits  |  9/5/2018  | 
Paper describes a technique to protect the Internet from Border Gateway Protocol route hijacking attacks.
Authentication Grows Up
News  |  9/4/2018  | 
Which forms of multi-factor authentication (MFA) are working, which are not, and where industry watchers think the market is headed.


Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23901
PUBLISHED: 2021-01-25
An XML external entity (XXE) injection vulnerability was discovered in the Nutch DmozParser and is known to affect Nutch versions < 1.18. XML external entity injection (also known as XXE) is a web security vulnerability that allows an attacker to interfere with an application's processing of XML ...
CVE-2020-17532
PUBLISHED: 2021-01-25
When handler-router component is enabled in servicecomb-java-chassis, authenticated user may inject some data and cause arbitrary code execution. The problem happens in versions between 2.0.0 ~ 2.1.3 and fixed in Apache ServiceComb-Java-Chassis 2.1.5
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd