Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

News & Commentary
Where Dark Reading Goes Next
Dark Reading Staff, News
Dark Reading Editor-in-Chief gives a complete rundown of all the Dark Reading projects you might not even know about, his insight into the future of the security industry, and how we plan to cover it.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Using IoT Botnets to Manipulate the Energy Market
Dark Reading Staff, News
Tohid Shekari, phD candidate at Georgia Tech, talks about the session that he and Georgia Tech professor Raheem Beyah gave about a stealthy and adaptable way to use IoT botnets for financial gain or market downfall.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Pen Testers Share the Inside Story of Their Arrest and Exoneration
Dark Reading Staff, News
Coalfire'sGary De Mercurio and Justin Wynnshare the inside story of their infamous arrest last year while conducting a contractedred-team engagement in an Iowa courthouse -- and what it took to clear their names.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Teams Vulnerable to Patch Workaround, Researchers Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers could work around an earlier patch and use Microsoft Teams Updater to download binaries and payloads.
By Kelly Sheridan Staff Editor, Dark Reading, 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Paid $13.7M in Bug Bounty Rewards in 2019-2020
Dark Reading Staff, Quick Hits
The 2019-2020 program year awarded 327 security researchers through 15 bounty programs, with a largest reward of $200,000.
By Dark Reading Staff , 8/5/2020
Comment0 comments  |  Read  |  Post a Comment
Twitter: Employees Compromised in Phone Spear-Phishing Attack
Dark Reading Staff, Quick Hits
The attack earlier this month started with a spear-phishing attack targeting Twitter employees, the company says in a new update.
By Dark Reading Staff , 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
3 Ways Social Distancing Can Strengthen Your Network
Dr. Mike Lloyd, CTO of RedSealCommentary
Security teams can learn a lot from the current pandemic to make modern hybrid business networks stronger and more resilient. Here's how.
By Dr. Mike Lloyd CTO of RedSeal, 7/31/2020
Comment0 comments  |  Read  |  Post a Comment
Using the Attack Cycle to Up Your Security Game
Todd Graham, Vice President, VenrockCommentary
Like the universe, the attack surface is always expanding. Here's how to keep up and even get ahead.
By Todd Graham Vice President, Venrock, 7/30/2020
Comment0 comments  |  Read  |  Post a Comment
DDoS Botnets Are Entrenched in Asia & Amplification Attacks Set Records
Robert Lemos, Contributing WriterNews
China, Vietnam, and Taiwan are top sources of DDoS botnet activity, but the top data floods use a variety of amplification attacks, a report finds.
By Robert Lemos Contributing Writer, 7/21/2020
Comment1 Comment  |  Read  |  Post a Comment
Microsoft 365 Updated with New Security, Risk, Compliance Tools
Kelly Sheridan, Staff Editor, Dark ReadingNews
Updates built for remote employees include an endpoint data loss prevention platform, insider risk management, and double key encryption.
By Kelly Sheridan Staff Editor, Dark Reading, 7/21/2020
Comment3 comments  |  Read  |  Post a Comment
G Suite Security Updates Bring New Features to Gmail, Meet & Chat
Dark Reading Staff, Quick Hits
New security features include support for a new standard in Gmail, phishing protection in Chat, and additional admin controls.
By Dark Reading Staff , 7/21/2020
Comment0 comments  |  Read  |  Post a Comment
Cybercriminals Targeted Streaming Services to Provide Pandemic Entertainment
Robert Lemos, Contributing WriterNews
Prior to 2020, about 1 in 5 credential attacks targeted video services, but that's nothing compared to the first quarter of 2020, according to newly published data.
By Robert Lemos Contributing Writer, 7/17/2020
Comment1 Comment  |  Read  |  Post a Comment
Major Flaws Open the Edge to Attack
Robert Lemos, Contributing WriterNews
Attackers are using critical exploits for flaws in VPN appliances, app-delivery services, and other network-edge hardware and software to punch through corporate perimeters. What can companies do?
By Robert Lemos Contributing Writer, 7/16/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Wormable RCE Flaw in Windows DNS Servers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Patch Tuesday security updates address a critical vulnerability in Windows DNS Servers, which researchers believe is likely to be exploited.
By Kelly Sheridan Staff Editor, Dark Reading, 7/14/2020
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Unveils 'Confidential VMs' to Protect Data in Use
Kelly Sheridan, Staff Editor, Dark ReadingNews
Confidential Virtual Machines, now in beta, will let Google Cloud customers keep data encrypted while it's in use.
By Kelly Sheridan Staff Editor, Dark Reading, 7/14/2020
Comment0 comments  |  Read  |  Post a Comment
Zero-Trust Efforts Rise with the Tide of Remote Working
Robert Lemos, Contributing WriterNews
With employees likely to continue to spend much, if not all, of their time working from home, companies are focusing more on technologies to boost the security of their now-distributed workplace.
By Robert Lemos Contributing Writer, 7/13/2020
Comment0 comments  |  Read  |  Post a Comment
As Offices Reopen, Hardware from Home Threatens Security
Joan Goodchild, Contributing Writer
Devices out of sight for the past several months could spell trouble when employees bring them back to work.
By Joan Goodchild Contributing Writer, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
4 Security Tips as the July 15 Tax-Day Extension Draws Near
Shane Buckley, President & Chief Operating Officer, GigamonCommentary
We're continuing to see cybercriminals take advantage of COVID-19, and the extension of Tax Day will be the next technique used in their sophisticated method of attacks.
By Shane Buckley President & Chief Operating Officer, Gigamon, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
Huge DDoS Attack Launched Against Cloudflare in Late June
Dark Reading Staff, Quick Hits
The 754 million packets-per-second peak was part of a four-day attack involving more than 316,000 sending addresses.
By Dark Reading Staff , 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
Pen Testing ROI: How to Communicate the Value of Security Testing
Nabil Hannan, Managing Director at NetSPICommentary
There are many reasons to pen test, but the financial reasons tend to get ignored.
By Nabil Hannan Managing Director at NetSPI, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Exploiting Google Cloud Platform With Ease
Dark Reading Staff 8/6/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15138
PUBLISHED: 2020-08-07
Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin...
CVE-2020-9490
PUBLISHED: 2020-08-07
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerab...
CVE-2020-11852
PUBLISHED: 2020-08-07
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syste...
CVE-2020-11984
PUBLISHED: 2020-08-07
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
CVE-2020-11985
PUBLISHED: 2020-08-07
IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively...