Perimeter

News & Commentary
7 Ways to Get the Most from Your IDS/IPS
Curtis Franklin Jr., Senior Editor at Dark Reading
Intrusion detection and prevention is at the foundation of successful security in-depth. Securing the perimeter requires a solid understanding of these two critical components.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
Researchers Find Clues for Dramatically Reducing IDS Traffic Volume
Dark Reading Staff, Quick Hits
Research at military labs and Towson University shows that identifying malicious activity may require much less captured data than has been the case.
By Dark Reading Staff , 4/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Free Princeton Application Provides IoT Traffic Insight
Dark Reading Staff, Quick Hits
The application developed by a research group allows users to spot possible IoT security problems.
By Dark Reading Staff , 4/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Cisco Issues 31 Mid-April Security Alerts
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Among them, two are critical and six are of high importance.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
Cloud Security Spend Set to Reach $12.6B by 2023
Kelly Sheridan, Staff Editor, Dark ReadingNews
Growth corresponds with a greater reliance on public cloud services.
By Kelly Sheridan Staff Editor, Dark Reading, 4/18/2019
Comment0 comments  |  Read  |  Post a Comment
VPN Vulnerabilities Point Out Need for Comprehensive Remote Security
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
VPNs are the primary tool for securing remote access, but recently disclosed vulnerabilities point out the weakness of relying on them as the only tool.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/17/2019
Comment0 comments  |  Read  |  Post a Comment
Meet Scranos: New Rootkit-Based Malware Gains Confidence
Kelly Sheridan, Staff Editor, Dark ReadingNews
The cross-platform operation, first tested on victims in China, has begun to spread around the world.
By Kelly Sheridan Staff Editor, Dark Reading, 4/16/2019
Comment1 Comment  |  Read  |  Post a Comment
CERT, CISA Warn of Vuln in at Least 4 Major VPNs
Dark Reading Staff, Quick Hits
VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.
By Dark Reading Staff , 4/12/2019
Comment1 Comment  |  Read  |  Post a Comment
This Week in Security Funding: Where the Money Went
Kelly Sheridan, Staff Editor, Dark ReadingNews
Predictions for cybersecurity investment in 2019 are holding true with funding announcements from four startups.
By Kelly Sheridan Staff Editor, Dark Reading, 4/12/2019
Comment0 comments  |  Read  |  Post a Comment
'Dragonblood' Vulnerabilities Seep Into WPA3 Secure Wifi Handshake
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new set of vulnerabilities may put some early adopters of strong Wifi security at greater security risk.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/11/2019
Comment0 comments  |  Read  |  Post a Comment
Meet Baldr: The Inside Scoop on a New Stealer
Kelly Sheridan, Staff Editor, Dark ReadingNews
Baldr first appeared in January and has since evolved to version 2.2 as attackers aim to build a long-lasting threat.
By Kelly Sheridan Staff Editor, Dark Reading, 4/9/2019
Comment0 comments  |  Read  |  Post a Comment
Craigslist Founder Funds Security Toolkit for Journalists, Elections
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The free tools will be developed by the Global Cyber Alliance to monitor election infrastructure and processes in the runup to the 2020 Presidential election.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/9/2019
Comment0 comments  |  Read  |  Post a Comment
8 Steps to More Effective Small Business Security
Curtis Franklin Jr., Senior Editor at Dark Reading
Small business face the same security challenges as large enterprises but with much smaller security teams. Here are 8 things to do to get the most from yours.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Ongoing DNS Hijack Attack Hits Consumer Modems and Routers
Dark Reading Staff, Quick Hits
The attack campaigns have re-routed DNS requests through illicit servers in Canada and Russia.
By Dark Reading Staff , 4/5/2019
Comment1 Comment  |  Read  |  Post a Comment
How iOS App Permissions Open Holes for Hackers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The permissions iOS apps request from users can turn the devices into spy tools and provide a toehold into the enterprise network, according to new research.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/4/2019
Comment0 comments  |  Read  |  Post a Comment
Chinese National Carries Malware Into Mar-a-Lago
Curtis Franklin Jr., Senior Editor at Dark ReadingQuick Hits
A Chinese woman arrested for entering the grounds of Mar-a-Lago under false pretenses was carrying electronic equipment holding malware.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/3/2019
Comment3 comments  |  Read  |  Post a Comment
Microsoft Takes Down 99 Hacker-Controlled Websites
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A judge granted Microsoft the injunction allowing them to disrupt a network of sites operated by an Iranian-linked group of hackers.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/28/2019
Comment2 comments  |  Read  |  Post a Comment
Microsoft Tackles IoT Security with New Azure Updates
Kelly Sheridan, Staff Editor, Dark ReadingNews
The Azure Security Center for IoT provides teams with an overview of IoT devices and helps monitor their security properties.
By Kelly Sheridan Staff Editor, Dark Reading, 3/28/2019
Comment2 comments  |  Read  |  Post a Comment
Inside Cyber Battlefields, the Newest Domain of War
Kelly Sheridan, Staff Editor, Dark ReadingNews
In his Black Hat Asia keynote, Mikko Hypponen explored implications of "the next arms race" and why cyber will present challenges never before seen in warfare.
By Kelly Sheridan Staff Editor, Dark Reading, 3/28/2019
Comment3 comments  |  Read  |  Post a Comment
Inside Incident Response: 6 Key Tips to Keep in Mind
Kelly Sheridan, Staff Editor, Dark Reading
Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.
By Kelly Sheridan Staff Editor, Dark Reading, 3/22/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7303
PUBLISHED: 2019-04-23
A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert characters into a terminal on a 64-bit host. The seccomp rules were generated to match 64-bit ioctl(2) commands on a 64-bit platform; however, the Linux kernel only uses the lower 32 b...
CVE-2019-7304
PUBLISHED: 2019-04-23
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitrary commands as root. This issue affects: Canonical snapd versions prior to 2.37.1.
CVE-2019-0223
PUBLISHED: 2019-04-23
While investigating bug PROTON-2014, we discovered that under some circumstances Apache Qpid Proton versions 0.9 to 0.27.0 (C library and its language bindings) can connect to a peer anonymously using TLS *even when configured to verify the peer certificate* while used with OpenSSL versions before 1...
CVE-2017-12619
PUBLISHED: 2019-04-23
Apache Zeppelin prior to 0.7.3 was vulnerable to session fixation which allowed an attacker to hijack a valid user session. Issue was reported by "stone lone".
CVE-2018-1317
PUBLISHED: 2019-04-23
In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication.