Perimeter

News & Commentary
The Cyber Kill Chain Gets A Makeover
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report demonstrates how the cyber kill chain is consolidating as criminals find ways to accelerate the spread of their targeted cyberattacks.
By Kelly Sheridan Staff Editor, Dark Reading, 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
Fault-Tolerant Method Used for Security Purposes in New Framework
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A young company has a new patent for using fault tolerance techniques to protect against malware infection in applications.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft Deletes Passwords for Azure Active Directory Applications
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Ignite 2018, security took center stage as Microsoft rolled out new security services and promised an end to passwords for online apps.
By Kelly Sheridan Staff Editor, Dark Reading, 9/24/2018
Comment0 comments  |  Read  |  Post a Comment
Think Like An Attacker: How a Red Team Operates
Kelly Sheridan, Staff Editor, Dark ReadingNews
Seasoned red teamers explain the value-add of a red team, how it operates, and how to maximize its effectiveness.
By Kelly Sheridan Staff Editor, Dark Reading, 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin SystemsCommentary
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
By Mukul Kumar & Anupam Sahai CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018
Comment4 comments  |  Read  |  Post a Comment
The Top 5 Security Threats & Mitigations for Industrial Networks
Barak Perelman, CEO, IndegyCommentary
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
By Barak Perelman CEO, Indegy, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Modular Malware Brings Stealthy Attacks to Former Soviet States
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new malware technique is making phishing attacks harder to spot when they succeed.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
8 Attack Vectors Puncturing Cloud Environments
Kelly Sheridan, Staff Editor, Dark Reading
These methods may not yet be on your security team's radar, but given their impact, they should be.
By Kelly Sheridan Staff Editor, Dark Reading, 9/7/2018
Comment0 comments  |  Read  |  Post a Comment
Take (Industrial) Control: A Look at the 2018 ICS Threat Landscape
Kelly Sheridan, Staff Editor, Dark ReadingNews
New research sheds light on the biggest threats to strike ICS systems in the first half of 2018, and what's in store for the rest of this year.
By Kelly Sheridan Staff Editor, Dark Reading, 9/6/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Ways Blockchain is Being Used for Security
Curtis Franklin Jr., Senior Editor at Dark Reading
Blockchain is being used as a security tool. If you haven't thought about adopting it, you might want to reconsider your take.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 9/5/2018
Comment0 comments  |  Read  |  Post a Comment
NIST Releases Draft on BGP Security
Dark Reading Staff, Quick Hits
Paper describes a technique to protect the Internet from Border Gateway Protocol route hijacking attacks.
By Dark Reading Staff , 9/5/2018
Comment0 comments  |  Read  |  Post a Comment
Authentication Grows Up
Kelly Sheridan, Staff Editor, Dark ReadingNews
Which forms of multi-factor authentication (MFA) are working, which are not, and where industry watchers think the market is headed.
By Kelly Sheridan Staff Editor, Dark Reading, 9/4/2018
Comment0 comments  |  Read  |  Post a Comment
Machine Identities Need Protection, Too
Dark Reading Staff, Quick Hits
A new study shows that device identities need a level of protection that they're not getting from most organizations.
By Dark Reading Staff , 8/31/2018
Comment0 comments  |  Read  |  Post a Comment
Who's At Greatest Risk for BEC Attacks? Not the CEO
Kelly Sheridan, Staff Editor, Dark ReadingNews
CEOs only make up 2.2% of business email compromise targets, a sign most victims are further down the corporate ladder.
By Kelly Sheridan Staff Editor, Dark Reading, 8/30/2018
Comment0 comments  |  Read  |  Post a Comment
'Security Fatigue' Could Put Business at Risk
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The relentless march of security breaches may cause some individuals to drop their guard, but there's more to the story than that.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/29/2018
Comment0 comments  |  Read  |  Post a Comment
IT Professionals Think They're Better Than Their Security
Dark Reading Staff, Quick Hits
More than half of professionals think they have a good shot at a successful insider attack.
By Dark Reading Staff , 8/29/2018
Comment2 comments  |  Read  |  Post a Comment
How Can We Improve the Conversation Among Blue Teams?
Tim Wilson, Editor in Chief, Dark Reading, Commentary
Dark Reading seeks new ways to bring defenders together to share information and best practices
By Tim Wilson, Editor in Chief, Dark Reading , 8/27/2018
Comment5 comments  |  Read  |  Post a Comment
New Mirai Variants Leverage Open Source Project
Dark Reading Staff, Quick Hits
Aboriginal Linux gives Mirai new cross-platform capabilities - including Android.
By Dark Reading Staff , 8/23/2018
Comment0 comments  |  Read  |  Post a Comment
How Threats Increase in Internet Time
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Cybercrime incidents and costs increase with each passing minute on the Internet.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
7 Serious IoT Vulnerabilities
Curtis Franklin Jr., Senior Editor at Dark Reading
A growing number of employees have various IoT devices in their homes where they're also connecting to an enterprise network to do their work. And that means significant threats loom.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/21/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11763
PUBLISHED: 2018-09-25
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
CVE-2018-14634
PUBLISHED: 2018-09-25
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...
CVE-2018-1664
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
CVE-2018-1539
PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.