Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

News & Commentary
Thycotic and Centrify to Merge In $1.4B Deal
Dark Reading Staff, Quick Hits
TPG Capital will combine privileged access management providers into one company.
By Dark Reading Staff , 3/2/2021
Comment0 comments  |  Read  |  Post a Comment
NSA Releases Guidance on Zero-Trust Architecture
Dark Reading Staff, Quick Hits
A new document provides guidance for businesses planning to implement a zero-trust system management strategy.
By Dark Reading Staff , 2/26/2021
Comment0 comments  |  Read  |  Post a Comment
5 Key Steps Schools Can Take to Defend Against Cyber Threats
Chris Abbey, Manager, Incident Handling, at Red CanaryCommentary
Educational institutions have become prime targets, but there are things they can do to stay safer.
By Chris Abbey Manager, Incident Handling, at Red Canary, 2/25/2021
Comment0 comments  |  Read  |  Post a Comment
The Realities of Extended Detection and Response (XDR) Technology
Jon Oltsik, Senior Principal Analyst & Fellow, Enterprise Strategy GroupCommentary
While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.
By Jon Oltsik Senior Principal Analyst & Fellow, Enterprise Strategy Group, 2/24/2021
Comment0 comments  |  Read  |  Post a Comment
8 Ways Ransomware Operators Target Your Network
Kelly Sheridan, Staff Editor, Dark Reading
Security researchers explore how criminals are expanding their arsenals with new, more subtle, and more effective ransomware attack techniques.
By Kelly Sheridan Staff Editor, Dark Reading, 2/22/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Azure Front Door Gets a Security Upgrade
Kelly Sheridan, Staff Editor, Dark ReadingNews
New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.
By Kelly Sheridan Staff Editor, Dark Reading, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Pieter Danhieux, CEO, Chairman, & Co-Founder, Secure Code WarriorCommentary
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
By Pieter Danhieux CEO, Chairman, & Co-Founder, Secure Code Warrior, 2/18/2021
Comment0 comments  |  Read  |  Post a Comment
Enterprise Windows Threats Drop as Mac Attacks Rise: Report
Kelly Sheridan, Staff Editor, Dark ReadingNews
An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.
By Kelly Sheridan Staff Editor, Dark Reading, 2/17/2021
Comment0 comments  |  Read  |  Post a Comment
Strata Identity Raises $11M in Series A Round
Dark Reading Staff, Quick Hits
The series A round of funding, led by Menlo Ventures, will help Strata scale its distributed identity technology.
By Dark Reading Staff , 2/16/2021
Comment0 comments  |  Read  |  Post a Comment
How to Submit a Column to Dark Reading
Dark Reading Staff, Commentary
Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here's how to submit your Commentary pieces to Dark Reading.
By Dark Reading Staff , 2/15/2021
Comment0 comments  |  Read  |  Post a Comment
SASE Surge: Why the Market Is Poised to Grow
Kelly Sheridan, Staff Editor, Dark ReadingNews
Analysts who anticipate the SASE market will expand by more than a factor of five before 2025 explain reasons behind the surge.
By Kelly Sheridan Staff Editor, Dark Reading, 2/10/2021
Comment0 comments  |  Read  |  Post a Comment
SentinelOne Buys Data Analytics Company Scalyr
Dark Reading Staff, Quick Hits
Cloud-based big data platform boosts extended detection and response (XDR) offering.
By Dark Reading Staff , 2/9/2021
Comment0 comments  |  Read  |  Post a Comment
Cartoon Caption Winner: Insider Threat
John Klossner, CartoonistCommentary
And the winner of Dark Reading's January cartoon caption contest is ...
By John Klossner Cartoonist, 2/8/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attackers Spent Months in Corporate Email System: Report
Dark Reading Staff, Quick Hits
SolarWinds' CEO says evidence indicates attackers lurked in the company's Office 365 email system for months ahead of the attack.
By Dark Reading Staff , 2/3/2021
Comment0 comments  |  Read  |  Post a Comment
Agent Tesla Upgrades with New Delivery & Evasion Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new version of the remote access Trojan targets Microsoft Anti-Malware Software Interface to bypass endpoint detection.
By Kelly Sheridan Staff Editor, Dark Reading, 2/2/2021
Comment0 comments  |  Read  |  Post a Comment
Average Ransom Payments Declined Last Quarter
Jai Vijayan, Contributing WriterNews
More victims appear to be realizing that paying a ransom doesn't guarantee stolen data will be purged.
By Jai Vijayan Contributing Writer, 2/2/2021
Comment0 comments  |  Read  |  Post a Comment
Strengthening Zero-Trust Architecture
Carolyn Crandall, Chief Security Advocate and CMO at Attivo NetworksCommentary
Organizations that want to stay ahead of cybercriminals will find that going beyond user trust and device trust is critical for outwitting their adversaries.
By Carolyn Crandall Chief Security Advocate and CMO at Attivo Networks, 2/1/2021
Comment0 comments  |  Read  |  Post a Comment
Digital Identity Is the New Security Control Plane
Charlie Winckless, Senior Director, Cybersecurity Solutions, at PresidioCommentary
Simplifying the management of security systems helps provide consistent protection for the new normal.
By Charlie Winckless Senior Director, Cybersecurity Solutions, at Presidio, 1/28/2021
Comment1 Comment  |  Read  |  Post a Comment
Security's Inevitable Shift to the Edge
Patrick Sullivan, Akamai CTO, Security StrategyCommentary
As the edge becomes the place for DDoS mitigation, Web app security, and other controls, SASE is the management platform to handle them all.
By Patrick Sullivan Akamai CTO, Security Strategy, 1/27/2021
Comment0 comments  |  Read  |  Post a Comment
Mainframe Security Automation Is Not a Luxury
John McKenny, SVP/GM of ZSolutions, BMC SoftwareCommentary
As cyber threats grow, even the most securable platform is vulnerable and requires adaptive autonomous protection.
By John McKenny SVP/GM of ZSolutions, BMC Software, 1/26/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24913
PUBLISHED: 2021-03-04
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
CVE-2020-24914
PUBLISHED: 2021-03-04
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
CVE-2020-24036
PUBLISHED: 2021-03-04
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
CVE-2020-24912
PUBLISHED: 2021-03-04
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
CVE-2019-18629
PUBLISHED: 2021-03-04
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a com...