Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Perimeter posted in September 2019
218M Words with Friends Players Compromised in Data Breach
Quick Hits  |  9/30/2019  | 
The same attacker was reportedly behind the Collection #1 and Collection #2 data dumps earlier this year.
Cloud Vulnerability Could Let One Server Compromise Thousands
News  |  9/27/2019  | 
A flaw in the OnApp cloud management platform could let an attacker compromise a private cloud with access to a single server.
DoorDash Breach Affects 4.9M Merchants, Customers, Workers
Quick Hits  |  9/27/2019  | 
The May 4 incident exposed data belonging to users on the platform on or before April 5, 2018.
Cloud-Native Applications: Shift to Serverless is Underway
News  |  9/26/2019  | 
A new report explores changes in cloud-native applications and complexities involved with securing them.
Airbus Cyberattack Landed on Suppliers' Networks
Quick Hits  |  9/26/2019  | 
Four separate incidents over the past year have targeted Airbus suppliers for the manufacturer's sensitive commercial data.
When Compliance Isn't Enough: A Case for Integrated Risk Management
News  |  9/25/2019  | 
Why governance, risk, and compliance solutions lull companies into a false sense of security, and how to form a more effective approach.
Microsoft's Azure Sentinel SIEM Now Generally Available
Quick Hits  |  9/25/2019  | 
The cloud-native SIEM is designed to search data from users, applications, servers, and devices running on-prem and in the cloud.
Rethinking Risk Management
News  |  9/23/2019  | 
Where most organizations fall short in risk management tools, technologies, and talent, and how they can improve.
YouTube Creators Hit in Account Hijacking Campaign
Quick Hits  |  9/23/2019  | 
The victims, who post car reviews and other videos about the auto industry, were targeted in a seemingly coordinated campaign to steal account access.
7 Ways VPNs Can Turn from Ally to Threat
Slideshows  |  9/21/2019  | 
VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.
Ransomware Strikes 49 School Districts & Colleges in 2019
News  |  9/20/2019  | 
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
WeWork's Wi-Fi Exposed Files, Credentials, Emails
Quick Hits  |  9/20/2019  | 
For years, sensitive documents and corporate data have been easily viewable on the coworking space's open network.
A Safer IoT Future Must Be a Joint Effort
Commentary  |  9/20/2019  | 
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
BSIMM10 Emphasizes DevOps' Role in Software Security
News  |  9/19/2019  | 
The latest model, with insights from 122 firms, shows DevOps adoption is far enough along to influence how companies approach software security.
Ping Identity Prices IPO at $15 per Share
Quick Hits  |  9/19/2019  | 
The identity management company plans to sell 12.5 million shares, raising $187.5 million in its initial public offering.
How Cybercriminals Exploit Simple Human Mistakes
News  |  9/18/2019  | 
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
One Arrested in Ecuador's Mega Data Leak
Quick Hits  |  9/18/2019  | 
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
24.3M Unsecured Health Records Expose Patient Data, Images
Quick Hits  |  9/18/2019  | 
Several hundred servers storing medical data are connected to the Internet without any protection for sensitive information and images.
MITRE Releases 2019 List of Top 25 Software Weaknesses
News  |  9/17/2019  | 
The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.
15K Private Webcams Could Let Attackers View Homes, Businesses
Quick Hits  |  9/17/2019  | 
Webcams could be potentially accessed and manipulated by anyone with an Internet connection, researchers say.
Oracle Expands Cloud Security Services at OpenWorld 2019
News  |  9/16/2019  | 
The company broadens its portfolio with new services developed to centralize and automate cloud security.
Malware Linked to Ryuk Targets Financial & Military Data
News  |  9/13/2019  | 
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
Instagram Bug Put User Account Details, Phone Numbers at Risk
News  |  9/12/2019  | 
The vulnerability, now patched, is the latest in a series of bad news for Facebook.
North Korea Seen Using ELECTRICFISH, BADCALL Malware Variants
Quick Hits  |  9/12/2019  | 
The FBI and CISA issued an alert the same week researchers disclosed a new campaign launched by actors with North Korean ties.
Security Leaders Share Tips for Boardroom Chats
Slideshows  |  9/12/2019  | 
Cisco, Oracle, and LinkedIn security leaders share their challenges in communicating with business teams and advice for how CISOs can navigate the relationship.
281 Arrested in International BEC Takedown
News  |  9/11/2019  | 
Conspirators stole more than 250,000 identities and filed more than 10,000 fraudulent tax returns, the Department of Justice reports.
Two Zero-Days Fixed in Microsoft Patch Rollout
News  |  9/10/2019  | 
September's Patch Tuesday addressed 80 vulnerabilities, two of which have already been exploited in the wild.
US Power Grid Cyberattack Due to Unpatched Firewall: NERC
Quick Hits  |  9/10/2019  | 
A firewall vulnerability enabled attackers to repeatedly reboot the victim entity's firewalls, causing unexpected outages.
More Than 99% of Cyberattacks Need Victims' Help
News  |  9/9/2019  | 
Research highlights how most criminals exploit human curiosity and trust to click, download, install, open, and send money or information.
Crimeware: How Criminals Built a Business to Target Businesses
News  |  9/5/2019  | 
A new report investigates the evolution of crimeware, how businesses underestimate the threat, and why they should be concerned.
Phishing Campaign Uses SharePoint to Slip Past Defenses
News  |  9/4/2019  | 
Cybercriminals targeting financial institutions in the UK bypassed Symantec email gateway and other perimeter technologies.
Back to School? 'Not So Fast,' Cybercriminals Say
Quick Hits  |  9/4/2019  | 
A New York State school district was forced to delay the start of its school year when ransomware struck.
An Inside Look at How CISOs Prioritize Budgets & Evaluate Vendors
Commentary  |  9/4/2019  | 
In-depth interviews with four market-leading CISOs reveal how they prioritize budgets, measure ROI on security investments, and evaluate new vendors.
A Tale of Two Buzzwords: 'Automated' and 'Autonomous' Solutions Aren't the Same Thing
Commentary  |  9/4/2019  | 
Enterprises must learn the difference between the two and the appropriate use cases for each.
Cybercriminals Impersonate Chief Exec's Voice with AI Software
Quick Hits  |  9/3/2019  | 
Scammers leveraged artificial intelligence software to mimic the voice of a chief executive and successfully request $243,000.
Multicloud Businesses Face Higher Breach Risk
News  |  9/3/2019  | 
A new report finds 52% of multicloud environments have suffered a breach within the past year, compared with 24% of hybrid cloud users.


NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21238
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. All users of pysaml2 that need to validate signed SAML documents are impacted. The vulnerability is a variant of XML Signature wrapping bec...
CVE-2021-21239
PUBLISHED: 2021-01-21
PySAML2 is a pure python implementation of SAML Version 2 Standard. PySAML2 before 6.5.0 has an improper verification of cryptographic signature vulnerability. Users of pysaml2 that use the default CryptoBackendXmlSec1 backend and need to verify signed SAML documents are impacted. PySAML2 does not ...
CVE-2021-21253
PUBLISHED: 2021-01-21
OnlineVotingSystem is an open source project hosted on GitHub. OnlineVotingSystem before version 1.1.2 hashes user passwords without a salt, which is vulnerable to dictionary attacks. Therefore there is a threat of security breach in the voting system. Without a salt, it is much easier for attacker...
CVE-2020-4966
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the...
CVE-2020-4968
PUBLISHED: 2021-01-21
IBM Security Identity Governance and Intelligence 5.2.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192427.