Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

News & Commentary
Cybercriminals Hide Malware & Phishing Sites Under SSL Certificates
Kelly Sheridan, Staff Editor, Dark ReadingNews
More than half of the top 1 million websites use HTTPS, researchers report, but not all encrypted traffic is safe.
By Kelly Sheridan Staff Editor, Dark Reading, 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
71% of Security Pros See Threats Jump Since COVID-19 Outbreak
Dark Reading Staff, Quick Hits
Phishing is the top threat, followed by websites offering false information about the pandemic, malware, and ransomware attacks.
By Dark Reading Staff , 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
9 Security Podcasts Worth Tuning In To
Kelly Sheridan, Staff Editor, Dark Reading
Recommendations for podcasts discussing news, trends, guidance, and stories across the cybersecurity industry.
By Kelly Sheridan Staff Editor, Dark Reading, 4/7/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft: Emotet Attack Shut Down an Entire Business Network
Kelly Sheridan, Staff Editor, Dark ReadingNews
The infection started with a phishing email and spread throughout the organization, overheating all machines and flooding its Internet connection.
By Kelly Sheridan Staff Editor, Dark Reading, 4/6/2020
Comment0 comments  |  Read  |  Post a Comment
5 Soothing Security Products We Wish Existed
Curtis Franklin Jr., Senior Editor at Dark Reading
Maybe security alert fatigue wouldn't be so bad if the alerts themselves delivered less stress and more aromatherapy.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/3/2020
Comment0 comments  |  Read  |  Post a Comment
FBI Warns Education & Remote Work Platforms About Cyberattacks
Dark Reading Staff, Quick Hits
The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic.
By Dark Reading Staff , 4/3/2020
Comment1 Comment  |  Read  |  Post a Comment
A Day in The Life of a Pen Tester
Kelly Sheridan, Staff Editor, Dark ReadingNews
Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
By Kelly Sheridan Staff Editor, Dark Reading, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
5 Ways Enterprises Inadvertently Compromise Their Network Security
Dark Reading Staff, Quick Hits
Is your organization carelessly leaving its networks vulnerable to invasion? Check out these five common oversights to see if your resources are at risk.
By Special to Dark Reading: John Edwards, Network Computing , 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Alerts Healthcare to Human-Operated Ransomware
Dark Reading Staff, News
Microsoft has notified dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure, which could put them at risk.
By Dark Reading Staff , 4/1/2020
Comment2 comments  |  Read  |  Post a Comment
Major Cloud, CDN Providers Join Secure Routing Initiative
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Akamai, AWS, Azion, Cloudflare, Facebook, and Netflix are now members of the Mutually Agreed Norms for Routing Security (MANRS) effort.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Defense Evasion Dominated 2019 Attack Tactics
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers mapped tactics and techniques to the MITRE ATT&CK framework to determine which were most popular last year.
By Kelly Sheridan Staff Editor, Dark Reading, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
Palo Alto Networks to Buy CloudGenix for $420M
Dark Reading Staff, Quick Hits
Palo Alto Networks plans to integrate CloudGenix's SD-WAN technology into its Prisma SASE platform following the deal.
By Dark Reading Staff , 3/31/2020
Comment2 comments  |  Read  |  Post a Comment
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading
These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/31/2020
Comment3 comments  |  Read  |  Post a Comment
Introducing Zero-Trust Access
Rik Turner, Principal Analyst, Infrastructure Solutions, OmdiaCommentary
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.
By Rik Turner Principal Analyst, Infrastructure Solutions, Omdia, 3/26/2020
Comment7 comments  |  Read  |  Post a Comment
Missing Patches, Misconfiguration Top Technical Breach Causes
Kelly Sheridan, Staff Editor, Dark ReadingNews
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
By Kelly Sheridan Staff Editor, Dark Reading, 3/25/2020
Comment1 Comment  |  Read  |  Post a Comment
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers warn Microsoft 365 account holders to pay attention to unknown applications that request permissions.
By Kelly Sheridan Staff Editor, Dark Reading, 3/24/2020
Comment3 comments  |  Read  |  Post a Comment
How to Secure Your Kubernetes Deployments
Gadi Naor, CTO and Co-Founder, AlcideCommentary
As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.
By Gadi Naor CTO and Co-Founder, Alcide, 3/24/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Publishes Advisory for Windows Zero-Day
Kelly Sheridan, Staff Editor, Dark ReadingNews
There is no available patch for the vulnerabilities, which Microsoft says exist in all supported versions of Windows.
By Kelly Sheridan Staff Editor, Dark Reading, 3/23/2020
Comment0 comments  |  Read  |  Post a Comment
8 Infosec Page-Turners for Days Spent Indoors
Kelly Sheridan, Staff Editor, Dark Reading
Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry.
By Kelly Sheridan Staff Editor, Dark Reading, 3/23/2020
Comment2 comments  |  Read  |  Post a Comment
DDoS Attack Targets German Food Delivery Service
Dark Reading Staff, Quick Hits
Liefrando delivers food from more than 15,000 restaurants in Germany, where people under COVID-19 restrictions depend on the service.
By Dark Reading Staff , 3/19/2020
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by futurocoches
Current Conversations how covid has changed the rules...
In reply to: covid
Post Your Own Reply
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11509
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page).
CVE-2020-6647
PUBLISHED: 2020-04-07
An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.
CVE-2020-9286
PUBLISHED: 2020-04-07
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.
CVE-2020-11508
PUBLISHED: 2020-04-07
An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action.
CVE-2013-7488
PUBLISHED: 2020-04-07
perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.