var _hmt = _hmt || []; (function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?d387e539c1f2d34f09a9afbac8032280"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })();

Dark Reading is part of the Informa Tech Division of Informa PLC

7x彩票网appThis site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

News & Commentary
Google Lets iPhone Users Turn Device into Security Key
Kelly Sheridan, Staff Editor, Dark ReadingNews
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
Why Firewalls Aren't Going Anywhere
Ruvi Kitov, Chairman, CEO and Co-Founder, TufinCommentary
Written off multiple times as obsolete, firewalls continue to elude demise by adding features and ensuring that VPNs keep humming.
By Ruvi Kitov Chairman, CEO and Co-Founder, Tufin, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
How SD-WAN Helps Achieve Data Security and Threat Protection
Charuhas Ghatge, Senior Product and Solutions Marketing Manager at Nokia's Nuage NetworksCommentary
Enterprises currently consider the technology a best practice because of its flexibility, scalability, performance, and agility.
By Charuhas Ghatge Senior Product and Solutions Marketing Manager at Nokia's Nuage Networks, 1/15/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Windows Vuln Discovered by the NSA
Kelly Sheridan, Staff Editor, Dark ReadingNews
The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.
By Kelly Sheridan Staff Editor, Dark Reading, 1/14/2020
Comment1 Comment  |  Read  |  Post a Comment
Consumer Reports Calls for IoT Manufacturers to Raise Security Standards
Dark Reading Staff, Quick Hits
A letter to 25 companies says Consumer Reports will change ratings to reflect stronger security and privacy standards.
By Dark Reading Staff , 1/14/2020
Comment0 comments  |  Read  |  Post a Comment
Insight Partners Acquires Armis at $1.1B Valuation
Dark Reading Staff, Quick Hits
This deal marks the largest-ever acquisition of a private Israeli cybersecurity company, Armis' co-founders report.
By Dark Reading Staff , 1/7/2020
Comment0 comments  |  Read  |  Post a Comment
Malicious Google Play Apps Linked to SideWinder APT
Kelly Sheridan, Staff Editor, Dark ReadingNews
The active attack involving three malicious Android applications is the first exploiting CVE-2019-2215, Trend Micro researchers report.
By Kelly Sheridan Staff Editor, Dark Reading, 1/6/2020
Comment0 comments  |  Read  |  Post a Comment
Mimecast Acquires Segasec to Boost Phishing Defense
Dark Reading Staff, Quick Hits
Segasec's technology will be integrated into Mimecast's email and Web security services to identify malicious domains.
By Dark Reading Staff , 1/6/2020
Comment0 comments  |  Read  |  Post a Comment
Ransomware Victim Southwire Sues Maze Operators
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers demanded $6 million from the wire and cable manufacturer when they launched a December ransomware campaign.
By Kelly Sheridan Staff Editor, Dark Reading, 1/3/2020
Comment0 comments  |  Read  |  Post a Comment
Fraud in the New Decade
Emily Wilson, VP of Research at Terbium LabsCommentary
Like any enterprise that wants to survive, fraudsters and hackers will continue to build on past successes to fuel future growth
By Emily Wilson VP of Research at Terbium Labs, 12/30/2019
Comment1 Comment  |  Read  |  Post a Comment
Defensive Wish List for 2020: Faster Responses to Threats
Robert Lemos, Contributing WriterNews
Security professionals recommend technology to detect attacks that have already infiltrated a network.
By Robert Lemos Contributing Writer, 12/27/2019
Comment11 comments  |  Read  |  Post a Comment
IoT Security: How Far We've Come, How Far We Have to Go
Kelly Sheridan, Staff Editor, Dark ReadingNews
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 12/24/2019
Comment10 comments  |  Read  |  Post a Comment
Citrix Urges Firms to Harden Configurations After Flaw Report
Robert Lemos, Contributing WriterNews
A vulnerability in two of the company's appliances opens 80,000 networks up for exploitation.
By Robert Lemos Contributing Writer, 12/23/2019
Comment0 comments  |  Read  |  Post a Comment
20 Vulnerabilities to Prioritize Patching Before 2020
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers list the top 20 vulnerabilities currently exploited by attack groups around the world.
By Kelly Sheridan Staff Editor, Dark Reading, 12/23/2019
Comment0 comments  |  Read  |  Post a Comment
F5 Pays $1 Billion for Shape
Dark Reading Staff, Quick Hits
The acquisition adds fraud detection and prevention to the application delivery company's tool collection.
By Dark Reading Staff , 12/20/2019
Comment0 comments  |  Read  |  Post a Comment
New Orleans to Boost Cyber Insurance to $10M Post-Ransomware
Dark Reading Staff, Quick Hits
Mayor LaToya Cantrell anticipates the recent cyberattack to exceed its current $3 million cyber insurance policy.
By Dark Reading Staff , 12/20/2019
Comment6 comments  |  Read  |  Post a Comment
'Password' Falls in the Ranks of Favorite Bad Passwords
Kelly Sheridan, Staff Editor, Dark ReadingNews
7x彩票网app, Google named worst password breach offenders.
By Kelly Sheridan Staff Editor, Dark Reading, 12/18/2019
Comment0 comments  |  Read  |  Post a Comment
Higher Degree, Higher Salary? Not for Some Security Pros
Kelly Sheridan, Staff Editor, Dark ReadingNews
Turns out, skill beats experience and an academic degree doesn't guarantee higher compensation for five security positions.
By Kelly Sheridan Staff Editor, Dark Reading, 12/17/2019
Comment0 comments  |  Read  |  Post a Comment
Data Security Startup Satori Cyber Launches with $5.25M Seed Round
Kelly Sheridan, Staff Editor, Dark ReadingNews
Satori Cyber aims to help businesses better protect and govern their information with its Secure Data Access Cloud.
By Kelly Sheridan Staff Editor, Dark Reading, 12/17/2019
Comment0 comments  |  Read  |  Post a Comment
SQL Server 2019 Tool Tells Attackers Which Data Is Sensitive
Kelly Sheridan, Staff Editor, Dark ReadingNews
The design of SQL Data Discovery & Classification could let attackers pinpoint sensitive information while flying under organizations' radars.
By Kelly Sheridan Staff Editor, Dark Reading, 12/16/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Major Brazilian Bank Tests Homomorphic Encryption on Financial Data
Kelly Sheridan, Staff Editor, Dark Reading,  1/10/2020
7 Free Tools for Better Visibility Into Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  1/9/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
7x彩票网app Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

PUBLISHED: 2020-01-15
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. It does not use CSRF Tokens to mitigate against CSRF; it uses the Origin header (which must match the request origin). This is problematic in conjunction with XSS: one can escalate privileges from User level...

PUBLISHED: 2020-01-15
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/list_user allows stored XSS via the auth_type parameter.

PUBLISHED: 2020-01-15
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The User Type on the admin/list_user page allows stored XSS via the type parameter.

PUBLISHED: 2020-01-15
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. An admin can change their password without providing the current password, by using interfaces outside the Change Password screen. Thus, requiring the admin to enter an Old Password value on the Change Passw...

PUBLISHED: 2020-01-15
An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. admin/add_user/UID allows stored XSS via the author parameter.
66?????? 7072???? 7073???? 689????? 963???? 66????? 7073???? 7073???? 66???app 8????app