Perimeter

News & Commentary
Tanium's Valuation Reaches $5 Billion With New Investment
Dark Reading Staff, Quick Hits
Tanium has received a $175 million investment from TPG Growth.
By Dark Reading Staff , 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
7 Tools for Stronger IoT Security, Visibility
Curtis Franklin Jr., Senior Editor at Dark Reading
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
IT Pros Worried About IoT But Not Prepared to Secure It
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Few organizations have a security policy in place for Internet of Things devices, new survey shows.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Hide and Seek Brings Persistence to IoT Botnets
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The rapidly evolving Hide and Seek botnet is now persistent on a wide range of infected IoT devices.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/11/2018
Comment1 Comment  |  Read  |  Post a Comment
Script Kiddies, Criminals Hacking Video Streams for Fun & Profit
Dark Reading Staff, Quick Hits
Video streams are getting hijacked for 'prestige,' DDoS, and financial gain, a new report found.
By Dark Reading Staff , 5/9/2018
Comment0 comments  |  Read  |  Post a Comment
10 Lessons From an IoT Demo Lab
Curtis Franklin Jr., Senior Editor at Dark Reading
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/7/2018
Comment0 comments  |  Read  |  Post a Comment
LoJack Attack Finds False C2 Servers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new attack uses compromised LoJack endpoint software to take root on enterprise networks.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/1/2018
Comment0 comments  |  Read  |  Post a Comment
10 Security Innovators to Watch
Curtis Franklin Jr., Senior Editor at Dark Reading
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/30/2018
Comment0 comments  |  Read  |  Post a Comment
Routing Security Gets Boost with New Set of MANRS for IXPs
Dark Reading Staff, Quick Hits
The Internet Society debuts a new mutually agreed norms initiative for IXPs.
By Dark Reading Staff , 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
At RSAC, SOC 'Sees' User Behaviors
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Instruments at the RSA Security Operations Center give analysts insight into attendee behavior on an open network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/20/2018
Comment0 comments  |  Read  |  Post a Comment
First Public Demo of Data Breach via IoT Hack Comes to RSAC
Sara Peters, Senior Editor at Dark ReadingNews
At RSA Conference, senior researchers will show how relatively unskilled attackers can steal personally identifiable information without coming into contact with endpoint security tools.
By Sara Peters Senior Editor at Dark Reading, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
How to Protect Industrial Control Systems from State-Sponsored Hackers
Matt Cauthorn, VP of Security, ExtraHopCommentary
US-CERT recently issued an alert about Russian threat activity against infrastructure sectors. Is there a way to fight back?
By Matt Cauthorn VP of Security, ExtraHop, 4/19/2018
Comment0 comments  |  Read  |  Post a Comment
Trump Administration Cyber Czar Rob Joyce to Return to the NSA
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
First year of Trump White House's cybersecurity policy mostly followed in the footsteps of the Obama administration.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/17/2018
Comment0 comments  |  Read  |  Post a Comment
New Malware Adds RAT to a Persistent Loader
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A newly discovered variant of a long-known malware loader adds the ability to control the victim from afar.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/17/2018
Comment1 Comment  |  Read  |  Post a Comment
INsecurity Conference Seeks Security Pros to Speak on Best Practices
Tim Wilson, Editor in Chief, Dark Reading, News
Dark Reading's second annual data defense conference will be held Oct. 23-25 in Chicago; call for speakers is issued.
By Tim Wilson, Editor in Chief, Dark Reading , 4/16/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Non-Financial Data Types to Secure
Curtis Franklin Jr., Senior Editor at Dark Reading
Credit card and social security numbers aren't the only sensitive information that requires protection.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Microsegmentation: Strong Security in Small Packages
Avishai Wool, Co-Founder and CTO at AlgoSecCommentary
A deep dive into how organizations can effectively devise and implement microsegmentation in a software-defined networking data center.
By Avishai Wool Co-Founder and CTO at AlgoSec, 4/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Hack Back: An Eye for an Eye Could Make You Blind
Dr. Salvatore Stolfo, Fouder & CTO, Allure SecurityCommentary
Attackers have had almost zero consequences or cost for stealing data from innocent victims. But what if we could hack their wallets, not their systems?
By Dr. Salvatore Stolfo Fouder & CTO, Allure Security, 4/11/2018
Comment0 comments  |  Read  |  Post a Comment
20 Ways to Increase the Efficiency of the Incident Response Workflow
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Despite all the good intentions of some great security teams, we are still living in a "cut-and-paste" incident management world.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 4/10/2018
Comment0 comments  |  Read  |  Post a Comment
Attackers Exploit Cisco Switch Issue as Vendor Warns of Yet Another Critical Flaw
Jai Vijayan, Freelance writerNews
Cisco says companies fixing previously known protocol issue should also patch against critical remote-code execution issue.
By Jai Vijayan Freelance writer, 4/9/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by aghasohail
Current Conversations Thanks for sharing such a great information...
In reply to: !">Great!
Post Your Own Reply
More Conversations
PR Newswire
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8010
PUBLISHED: 2018-05-21
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerabilit...
CVE-2018-8012
PUBLISHED: 2018-05-21
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
CVE-2018-1067
PUBLISHED: 2018-05-21
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is ...
CVE-2018-7268
PUBLISHED: 2018-05-21
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information suc...
CVE-2018-11092
PUBLISHED: 2018-05-21
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.