Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

News & Commentary
Microsoft's Azure Defender for IoT Uses CyberX Tech
Dark Reading Staff, Quick Hits
Azure Defender for IoT is built to help IT and OT teams discover IoT and OT assets, identify critical flaws, and detect malicious behavior.
By Dark Reading Staff , 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
7 Non-Technical Skills Threat Analysts Should Master to Keep Their Jobs
Dov Lerner, Security Research Lead, SixgillCommentary
It's not just technical expertise and certifications that enable analysts to build long-term careers in cybersecurity.
By Dov Lerner Security Research Lead, Sixgill, 9/23/2020
Comment0 comments  |  Read  |  Post a Comment
Iranian Hackers Indicted for Stealing Aerospace & Satellite Tracking Data
Kelly Sheridan, Staff Editor, Dark ReadingNews
Also, the US Treasury sanctioned Iranian attack group APT39 following a years-long malware campaign.
By Kelly Sheridan Staff Editor, Dark Reading, 9/17/2020
Comment0 comments  |  Read  |  Post a Comment
Likely Links Emerge Between Lazarus Group and Russian-Speaking Cybercriminals
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers examine security incidents over the past several years that seemingly connect North Korea's Lazarus Group with Russian-speaking attackers.
By Kelly Sheridan Staff Editor, Dark Reading, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Juan Pablo Perez-Etchegoyen, CTO, OnapsisCommentary
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
By Juan Pablo Perez-Etchegoyen CTO, Onapsis, 9/16/2020
Comment0 comments  |  Read  |  Post a Comment
Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption
Eric Parizo, Senior Analyst, OmdiaCommentary
Finding threats in encrypted inbound network traffic is complex and expensive for enterprises, but a fascinating new approach could eliminate the need for decryption.
By Eric Parizo Senior Analyst, Omdia, 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Security Through an Economics Lens: A Guide for CISOs
Kelly Sheridan, Staff Editor, Dark ReadingNews
An expert in economics and cybersecurity applies opportunity cost and other concepts of the "dismal science" to infosec roles.
By Kelly Sheridan Staff Editor, Dark Reading, 9/14/2020
Comment0 comments  |  Read  |  Post a Comment
APT Groups Set Sights on Linux Targets: Inside the Trend
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.
By Kelly Sheridan Staff Editor, Dark Reading, 9/11/2020
Comment2 comments  |  Read  |  Post a Comment
Secureworks to Buy Delve Laboratories for Vulnerability Management
Dark Reading Staff, Quick Hits
Delve's automated vulnerability platform provides insight on high-risk vulnerabilities across an organization's network, endpoints, and cloud.
By Dark Reading Staff , 9/9/2020
Comment0 comments  |  Read  |  Post a Comment
VPNs: The Cyber Elephant in the Room
Brigadier General (Ret) Gregory J. Touhill, President, AppGate Federal DivisionCommentary
While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise.
By Brigadier General (Ret) Gregory J. Touhill President, AppGate Federal Division, 9/8/2020
Comment2 comments  |  Read  |  Post a Comment
Don't Forget Cybersecurity on Your Back-to-School List
Jeff Wilbur, Senior Director, Online Trust, the Internet SocietyCommentary
School systems don't seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.
By Jeff Wilbur Senior Director, Online Trust, the Internet Society, 9/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Anti-Phishing Startup Pixm Aims to Hook Browser-Based Threats
Kelly Sheridan, Staff Editor, Dark ReadingNews
Pixm visually analyzes phishing websites from a human perspective to detect malicious pages people might otherwise miss.
By Kelly Sheridan Staff Editor, Dark Reading, 9/1/2020
Comment0 comments  |  Read  |  Post a Comment
Slack Patches Critical Desktop Vulnerability
Kelly Sheridan, Staff Editor, Dark ReadingNews
The remote code execution flaw could allow a successful attacker to fully control the Slack desktop app on a target machine.
By Kelly Sheridan Staff Editor, Dark Reading, 8/31/2020
Comment1 Comment  |  Read  |  Post a Comment
Fastly to Acquire Signal Sciences for $775M
Dark Reading Staff, Quick Hits
Signal Sciences' technology will be used to build a new web application and API security tool called [email protected]
By Dark Reading Staff , 8/27/2020
Comment0 comments  |  Read  |  Post a Comment
Higher Education CISOs Share COVID-19 Response Stories
Kelly Sheridan, Staff Editor, Dark ReadingNews
Security leaders from Stanford, Ohio State, and the University of Chicago share challenges and response tactics from the COVID-19 pandemic.
By Kelly Sheridan Staff Editor, Dark Reading, 8/26/2020
Comment0 comments  |  Read  |  Post a Comment
Russian National Arrested for Conspiracy to Hack Nevada Company
Dark Reading Staff, Quick Hits
The defendant allegedly planned to pay an employee $1 million to infect the company network with malware.
By Dark Reading Staff , 8/26/2020
Comment0 comments  |  Read  |  Post a Comment
Attackers Use Unicode & HTML to Bypass Email Security Tools
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers spot cybercriminals using new techniques to help malicious phishing emails slip past detection tools.
By Kelly Sheridan Staff Editor, Dark Reading, 8/24/2020
Comment0 comments  |  Read  |  Post a Comment
DeathStalker APT Targets SMBs with Cyber Espionage
Dark Reading Staff, Quick Hits
The hacker-for-hire group, operating since at least 2012, primarily targets financial firms.
By Dark Reading Staff , 8/24/2020
Comment0 comments  |  Read  |  Post a Comment
Stolen Data: The Gift That Keeps on Giving
Christian Lees, CTO and CIO, VigilanteCommentary
Users regularly reuse logins and passwords, and data thieves are leveraging that reality to breach multiple accounts.
By Christian Lees CTO and CIO, Vigilante, 8/19/2020
Comment0 comments  |  Read  |  Post a Comment
New Campaign Combines Extortion, DDoS
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
Latest attacks bank on the reputation of two prominent APT groups to increase the threat credibility.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/18/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by TiaGilbert
Current Conversations Good article!
In reply to: Article
Post Your Own Reply
Posted by digitalindia
Current Conversations Hello nice post 
In reply to: Full-Form List
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4719
PUBLISHED: 2020-09-24
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
CVE-2020-15604
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-24560
PUBLISHED: 2020-09-24
An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CW...
CVE-2020-25596
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. T...
CVE-2020-25597
PUBLISHED: 2020-09-23
An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. Howeve...