News & Commentary
Latest Content tagged with Endpoint
Page 1 / 2   >   >>
Webroot Acquires Security Training Platform
Quick Hits  |  8/15/2017  | 
Endpoint security company snaps up the assets of Securecast in a move to build out a training program to test users' ability to recognize a phishing attack.
20 Tactical Questions SMB Security Teams Should Ask Themselves
Commentary  |  8/15/2017  | 
Or why it pays for small- and medium-sized businesses to plan strategically but act tactically.
HBO Offers Hackers $250,000 as 'Show Of Good Faith' on $6 Million Ransom Request
Quick Hits  |  8/11/2017  | 
The offer was reportedly designed to stall for time, with no plans to ever pay it.
60% of Infosec Execs Are Boosting SOC Deployments
Quick Hits  |  8/10/2017  | 
A survey of security executives and managers finds a majority are expanding or upgrading their current SOC readiness.
Taking Down the Internet Has Never Been Easier
Commentary  |  8/10/2017  | 
Is there a reason why the Internet is so vulnerable? Actually, there are many, and taking steps to remain protected is crucial.
Microsoft Fixes 27 Remote Code Execution Flaws
News  |  8/9/2017  | 
Microsoft issued patches for 48 vulnerabilities as part of its monthly Patch Tuesday update, 25 of which were 'critical.'
One-Third of Businesses Hit with Malware-less Threats
Quick Hits  |  8/7/2017  | 
Scripting attacks, credential compromise, privilege escalation, and other malware-less threats affect IT systems and add to staff workload.
Risky Business: Why Enterprises Cant Abdicate Cloud Security
Commentary  |  8/7/2017  | 
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
HBO Breach Did Not Compromise Full Email System: CEO
Quick Hits  |  8/4/2017  | 
HBO's recent security breach likely did not compromise its entire email system as hacker(s) allegedly threaten to expose stolen data.
Are Third-Party Services Ready for the GDPR?
Commentary  |  8/4/2017  | 
Third-party scripts are likely to be a major stumbling block for companies seeking to be in compliance with the EU's new privacy rules. Here's a possible work-around.
Symantec Sells Digital Certificate Business to DigiCert
News  |  8/3/2017  | 
$950 million deal comes in the wake of Google sanctions on Symantec certs earlier this year.
2017 Pwnie Awards: Who Won, Lost, and Pwned
Slideshows  |  8/3/2017  | 
Security pros corralled the best and worst of cybersecurity into an award show highlighting exploits, bugs, achievements, and attacks from the past year.
Fight 'Credential Stuffing' with a New Approach to Authorization
Partner Perspectives  |  8/3/2017  | 
Token-based authorization that lets users prove their identity through Facebook, Google, or Microsoft credentials can dramatically reduce your attack surface and give enterprises a single point of control.
72% of Businesses Plan for Endpoint Security Budget Boost
News  |  8/2/2017  | 
For a full third of organizations investing more in endpoint security there will be a "substantial" increase in spending.
Microsoft Security Put to the Test at Black Hat, DEF CON
News  |  8/1/2017  | 
Researchers at both conferences demonstrated workarounds and flaws in applications and services including Office 365, PowerShell, Windows 10, Active Directory and Windows BITs.
Iranian Hackers Ensnared Targets via Phony Female Photographer
News  |  7/31/2017  | 
US, Indian, Saudi Arabian, Israeli, Iraqi IT, security, executives in oil/gas and aerospace swept up in elaborate social media ruse used for cyber espionage operations.
Anthem Hit with Data Breach of 18,580 Medicare Members
Quick Hits  |  7/31/2017  | 
Third-party service provider for the insurer discovered one of its employees allegedly engaged in identity theft of thousands of Anthem Medicare members.
Lethal Dosage of Cybercrime: Hacking the IV Pump
News  |  7/28/2017  | 
At DEF CON, a researcher demonstrated how to attack a popular model of infusion pump used in major hospitals around the world.
The Lazy Habits of Phishing Attackers
News  |  7/27/2017  | 
Most hackers who phish accounts do little to hide their tracks or even mine all of the data they can from phished accounts, mostly because they can afford to be lazy.
Get Ready for the 2038 'Epocholypse' (and Worse)
News  |  7/27/2017  | 
A leading security researcher predicts a sea of technology changes that will rock our world, including the Internet of Things, cryptocurrency, SSL encryption and national security.
The Right to Be Forgotten & the New Era of Personal Data Rights
Commentary  |  7/27/2017  | 
Because of the European Union's GDPR and other pending legislation, companies must become more transparent in how they protect their customers' data.
Downtime from Ransomware More Lethal to Small Businesses Than the Ransom
News  |  7/27/2017  | 
New survey of small-to midsized businesses (SMBs) shows half of SMBs infected with malware suffer 25 hours or more of business disruption.
How Attackers Use Machine Learning to Predict BEC Success
News  |  7/26/2017  | 
Researchers show how scammers defeat other machines, increase their success rate, and get more money from their targets.
Majority of Consumers Believe IoT Needs Security Built In
Quick Hits  |  7/26/2017  | 
Respondents to a global survey say Internet of Things security is a shared responsibility between consumers and manufacturers.
10 Critical Steps to Create a Culture of Cybersecurity
Commentary  |  7/26/2017  | 
Businesses are more vulnerable than they need to be. Here's what you should do about it.
Using AI to Break Detection Models
News  |  7/25/2017  | 
Pitting machine learning bots against one another is the new spy vs. spy battle in cybersecurity today.
7 Hardware & Firmware Hacks Highlighted at Black Hat 2017
Slideshows  |  7/24/2017  | 
Researchers will hammer home potentially devastating attacks, and demo a range of vulnerabilities, techniques and tools.
Bots Make Lousy Dates, But Not Cheap Ones
Commentary  |  7/24/2017  | 
The danger of dating sites: If a beautiful woman asks men to click on malware, they'll probably click.
Microsoft Rolls Out AI-based Security Risk Detection Tool
News  |  7/21/2017  | 
Microsoft Security Risk Detection leverages artificial intelligence to root out bugs in software before it's released.
Speed of Windows 10 Adoption Not Affected by WannaCry
News  |  7/21/2017  | 
WannaCry has motivated security teams to stay current on patching but Windows 10 adoption remains the same.
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
News  |  7/20/2017  | 
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
BEC Attacks Far More Lucrative than Ransomware over Past 3 Years
News  |  7/20/2017  | 
BEC fraud netted cyberthieves five times more profit than ransomware over a three-year period, according to Cisco's midyear report released today.
Microsoft Office 365 Users Targeted in Brute Force Attacks
Quick Hits  |  7/20/2017  | 
Attackers leveraged popular cloud service platforms to conduct persistent - and stealthy - login attempts on corporate Office 365 accounts.
'AVPass' Sneaks Malware Past Android Antivirus Apps
News  |  7/19/2017  | 
Researchers at Black Hat USA will release a toolset that studies and then cheats specific Android AV apps.
Online Courses Projected to Drive Credit Card Fraud to $24B by 2018
News  |  7/19/2017  | 
An underground ecosystem provides cybercriminals with online tutorials, tools, and credit card data they need to commit fraud.
Best of Black Hat: 20 Epic Talks in 20 Years
Slideshows  |  7/19/2017  | 
In celebration of Black Hat's 20th birthday, we take a look back at the most memorable presentations and demos since the show's inception in 1997.
Most Office 365 Admins Rely on Recycle Bin for Data Backup
News  |  7/19/2017  | 
Nearly 66% of Office 365 administrators use Recycle Bin to back up their data, a practice that could leave data lost and unrecoverable.
4 Steps to Securing Citizen-Developed Apps
Commentary  |  7/19/2017  | 
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
IoT Security Incidents Rampant and Costly
Slideshows  |  7/18/2017  | 
New research offers details about the hidden and not so hidden costs of defending the Internet of Things.
Researchers Create Framework to Evaluate Endpoint Security Products
News  |  7/17/2017  | 
Black Hat USA researchers tested more than 30,000 types of malware to learn the effectiveness of endpoint security tools - and they'll demonstrate how they did it.
AWS S3 Breaches: What to Do & Why
Commentary  |  7/17/2017  | 
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
50,000 Machines Remain Vulnerable to EternalBlue Attacks
News  |  7/14/2017  | 
Researcher's free scanner tool finds many systems remain at risk of EternalBlue-based attacks like WannaCry and NotPetya.
7 Deadly Sins to Avoid When Mitigating Cyberthreats
Commentary  |  7/14/2017  | 
How digitally savvy organizations can take cyber resilience to a whole new dimension.
The High Costs of GDPR Compliance
Commentary  |  7/11/2017  | 
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
Symantec Snaps Up Skycure in Mobile Security Move
News  |  7/11/2017  | 
Acquisition fills gap in Symantec's Apple iOS mobile security strategy - and addresses the future of 'mobile first,' Symantec CEO says.
IoT Physical Attack Exploit to be Revealed at Black Hat
News  |  7/7/2017  | 
Security researcher Billy Rios plans to demonstrate how an exploit can cause an IoT device to launch a physical attack against a human.
NotPetya: How to Prep and Respond if You're Hit
Slideshows  |  7/7/2017  | 
Security pros share practices to prepare and handle advanced malware attacks like NotPetya.
The SOC Is DeadLong Live the SOC
Commentary  |  7/7/2017  | 
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
Hacking the State of the ISIS Cyber Caliphate
News  |  7/6/2017  | 
Researchers say Islamic State's United Cyber Caliphate remains in its infancy when it comes to cyberattack expertise.
New Google Security Controls Tighten Third-Party Data Access
News  |  7/6/2017  | 
Google adds OAuth app whitelisting to G Suite so admins can vet third-party applications before users can grant them authorized data access.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, no, no! Have a Unix CRON do the pop-up reminders!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The Impact of a Security Breach 2017
The Impact of a Security Breach 2017
Despite the escalation of cybersecurity staffing and technology, enterprises continue to suffer data breaches and compromises at an alarming rate. How do these breaches occur? How are enterprises responding, and what is the impact of these compromises on the business? This report offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.