Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

News & Commentary
Secure Laptops & the Enterprise of the Future
Arun Subbarao, Vice President of Engineering, Lynx Software TechnologiesCommentary
The enterprise of the future will depend upon organizations' ability to extend the company firewall to everywhere people are working.
By Arun Subbarao Vice President of Engineering, Lynx Software Technologies, 3/4/2021
Comment0 comments  |  Read  |  Post a Comment
Thycotic and Centrify to Merge In $1.4B Deal
Dark Reading Staff, Quick Hits
TPG Capital will combine privileged access management providers into one company.
By Dark Reading Staff , 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
NSA Releases Guidance on Zero-Trust Architecture
Dark Reading Staff, Quick Hits
A new document provides guidance for businesses planning to implement a zero-trust system management strategy.
By Dark Reading Staff , 2/26/2021
Comment0 comments  |  Read  |  Post a Comment
5 Key Steps Schools Can Take to Defend Against Cyber Threats
Chris Abbey, Manager, Incident Handling, at Red CanaryCommentary
Educational institutions have become prime targets, but there are things they can do to stay safer.
By Chris Abbey Manager, Incident Handling, at Red Canary, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
The Realities of Extended Detection and Response (XDR) Technology
Jon Oltsik, Senior Principal Analyst & Fellow, Enterprise Strategy GroupCommentary
While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.
By Jon Oltsik Senior Principal Analyst & Fellow, Enterprise Strategy Group, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
8 Ways Ransomware Operators Target Your Network
Kelly Sheridan, Staff Editor, Dark Reading
Security researchers explore how criminals are expanding their arsenals with new, more subtle, and more effective ransomware attack techniques.
By Kelly Sheridan Staff Editor, Dark Reading, 2/22/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Azure Front Door Gets a Security Upgrade
Kelly Sheridan, Staff Editor, Dark ReadingNews
New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.
By Kelly Sheridan Staff Editor, Dark Reading, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Pieter Danhieux, CEO, Chairman, & Co-Founder, Secure Code WarriorCommentary
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
By Pieter Danhieux CEO, Chairman, & Co-Founder, Secure Code Warrior, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Enterprise Windows Threats Drop as Mac Attacks Rise: Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.
By Kelly Sheridan Staff Editor, Dark Reading, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Strata Identity Raises $11M in Series A Round
Dark Reading Staff, Quick Hits
The series A round of funding, led by Menlo Ventures, will help Strata scale its distributed identity technology.
By Dark Reading Staff , 2/16/2021
Comment0 comments  |  Read  |  Post a Comment
How to Submit a Column to Dark Reading
Dark Reading Staff, Commentary
Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here's how to submit your Commentary pieces to Dark Reading.
By Dark Reading Staff , 2/15/2021
Comment0 comments  |  Read  |  Post a Comment
SASE Surge: Why the Market Is Poised to Grow
Kelly Sheridan, Staff Editor, Dark ReadingNews
Analysts who anticipate the SASE market will expand by more than a factor of five before 2025 explain reasons behind the surge.
By Kelly Sheridan Staff Editor, Dark Reading, 2/10/2021
Comment0 comments  |  Read  |  Post a Comment
SentinelOne Buys Data Analytics Company Scalyr
Dark Reading Staff, Quick Hits
Cloud-based big data platform boosts extended detection and response (XDR) offering.
By Dark Reading Staff , 2/9/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Insider Threat
John Klossner, CartoonistCommentary
And the winner of Dark Reading's January cartoon caption contest is ...
By John Klossner Cartoonist, 2/8/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attackers Spent Months in Corporate Email System: Report
Dark Reading Staff, Quick Hits
SolarWinds' CEO says evidence indicates attackers lurked in the company's Office 365 email system for months ahead of the attack.
By Dark Reading Staff , 2/3/2021
Comment0 comments  |  Read  |  Post a Comment
Agent Tesla Upgrades with New Delivery & Evasion Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new version of the remote access Trojan targets Microsoft Anti-Malware Software Interface to bypass endpoint detection.
By Kelly Sheridan Staff Editor, Dark Reading, 2/2/2021
Comment0 comments  |  Read  |  Post a Comment
Average Ransom Payments Declined Last Quarter
Jai Vijayan, Contributing WriterNews
More victims appear to be realizing that paying a ransom doesn't guarantee stolen data will be purged.
By Jai Vijayan Contributing Writer, 2/2/2021
Comment0 comments  |  Read  |  Post a Comment
Strengthening Zero-Trust Architecture
Carolyn Crandall, Chief Security Advocate and CMO at Attivo NetworksCommentary
Organizations that want to stay ahead of cybercriminals will find that going beyond user trust and device trust is critical for outwitting their adversaries.
By Carolyn Crandall Chief Security Advocate and CMO at Attivo Networks, 2/1/2021
Comment0 comments  |  Read  |  Post a Comment
Digital Identity Is the New Security Control Plane
Charlie Winckless, Senior Director, Cybersecurity Solutions, at PresidioCommentary
Simplifying the management of security systems helps provide consistent protection for the new normal.
By Charlie Winckless Senior Director, Cybersecurity Solutions, at Presidio, 1/28/2021
Comment1 Comment  |  Read  |  Post a Comment
Security's Inevitable Shift to the Edge
Patrick Sullivan, Akamai CTO, Security StrategyCommentary
As the edge becomes the place for DDoS mitigation, Web app security, and other controls, SASE is the management platform to handle them all.
By Patrick Sullivan Akamai CTO, Security Strategy, 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Sure you have fire, but he has an i7!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28636
PUBLISHED: 2021-03-04
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability.
CVE-2020-35628
PUBLISHED: 2021-03-04
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability.
CVE-2020-35636
PUBLISHED: 2021-03-04
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability.
CVE-2020-8298
PUBLISHED: 2021-03-04
fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.
CVE-2020-28601
PUBLISHED: 2021-03-04
A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability.