News & Commentary

Latest Content tagged with Endpoint
Page 1 / 2   >   >>
Make a Wish: Dark Reading Caption Contest Winners
Commentary  |  8/18/2018  | 
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
Malicious Cryptomining & Other Shifting Threats
Malicious Cryptomining & Other Shifting Threats
Dark Reading Videos  |  8/17/2018  | 
Skybox Security CMO Michelle Johnson Cobb discloses research results that include a spike in malicious cryptomining during Bitcoins peak, a shift to outside-the-perimeter mobile threats, and more.
Using Threat Deception on Malicious Insiders
Using Threat Deception on Malicious Insiders
Dark Reading Videos  |  8/17/2018  | 
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.
Marap Malware Appears, Targeting Financial Sector
Quick Hits  |  8/17/2018  | 
A new form of modular downloader packs the ability to download other modules and payloads.
Exploring, Exploiting Active Directory Admin Flaws
News  |  8/17/2018  | 
Common methods AD administrators use to protect their environments can easily be exploited. Here's how.
Simplifying Endpoint Hardening, Defense & Response
Simplifying Endpoint Hardening, Defense & Response
Dark Reading Videos  |  8/17/2018  | 
Ziften CEO Mike Hamilton advocates taking complexity, time, and cost out of multi-faceted endpoint protection, with a single-agent solution for laptops, desktops, servers, and cloud VMs.
The 5 Challenges of Detecting Fileless Malware Attacks
Commentary  |  8/17/2018  | 
Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.
The Rise of Bespoke Ransomware
The Rise of Bespoke Ransomware
Dark Reading Videos  |  8/17/2018  | 
Drawing from a recent study by SophosLabs, Principal Research Scientist Chester Wisniewski highlights a shift to the rise of more targeted and sophisticated ransomware threats, such as SamSam.
Necurs Botnet Goes Phishing for Banks
News  |  8/16/2018  | 
A new Necurs botnet campaign targets thousands of banks with a malicious file dropping the FlawedAmmyy remote-access Trojan.
Researcher Finds MQTT Hole in IoT Defenses
News  |  8/16/2018  | 
A commonly used protocol provides a gaping backdoor when misconfigured.
Active Third-Party Content the Bane of Web Security
News  |  8/16/2018  | 
New reports shows many of the world's most popular sites serve up active content from risky sources.
Facebook Awards $1M for Defense-Based Research
Quick Hits  |  8/16/2018  | 
The company today awarded $200,000 to winners of the Internet Defense Prize after spending $800,000 on the Secure the Internet grants.
Overcoming 'Security as a Silo' with Orchestration and Automation
Commentary  |  8/16/2018  | 
When teams work in silos, the result is friction and miscommunication. Automation changes that.
2018 Pwnie Awards: Who Pwned, Who Got Pwned
Slideshows  |  8/15/2018  | 
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
Gartner Says IT Security Spending to Hit $124B in 2019
Quick Hits  |  8/15/2018  | 
Global IT security spending will grow 12.4% in 2018 and another 8.7% in 2019.
Instagram Hack: Hundreds Affected, Russia Suspected
Quick Hits  |  8/15/2018  | 
Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.
Flaws in Mobile Point of Sale Readers Displayed at Black Hat
News  |  8/14/2018  | 
While security is high overall for mPOS tools from companies like Square, PayPal, and iZettle, some devices have vulnerabilities that attackers could exploit to gather data and cash.
Microsoft ADFS Vulnerability Lets Attackers Bypass MFA
News  |  8/14/2018  | 
The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.
'Election Protection' Aims to Secure Candidates Running for Office
Quick Hits  |  8/14/2018  | 
The kit is designed to prevent credential theft targeting people running for federal, state, and local elected offices.
Social Engineers Show Off Their Tricks
News  |  8/13/2018  | 
Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.
Nigerian National Convicted for Phishing US Universities
Quick Hits  |  8/13/2018  | 
Olayinka Olaniyi and his co-conspirator targeted the University of Virginia, Georgia Tech, and other educational institutions.
FBI Warns of Cyber Extortion Scam
Quick Hits  |  8/13/2018  | 
Spear-phishing techniques are breathing new life into an old scam.
NSA Brings Nation-State Details to DEF CON
News  |  8/10/2018  | 
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
The Enigma of AI & Cybersecurity
Commentary  |  8/10/2018  | 
We've only seen the beginning of what artificial intelligence can do for information security.
Oh, No, Not Another Security Product
Commentary  |  8/9/2018  | 
Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.
White Hat to Black Hat: What Motivates the Switch to Cybercrime
News  |  8/8/2018  | 
Almost one in 10 security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
News  |  8/8/2018  | 
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
Understanding Firewalls: Build Them Up, Tear Them Down
News  |  8/8/2018  | 
A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it.
Shadow IT: Every Company's 3 Hidden Security Risks
Commentary  |  8/7/2018  | 
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
Facebook Launches Fizz Library for Dev Speed, Security
Quick Hits  |  8/6/2018  | 
New open source TLS library aims to help developers incorporate speed and security into apps and services.
IT Managers: Are You Keeping Up with Social-Engineering Attacks?
Commentary  |  8/6/2018  | 
Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.
Spot the Bot: Researchers Open-Source Tools to Hunt Twitter Bots
News  |  8/6/2018  | 
Their goal? To create a means of differentiating legitimate from automated accounts and detail the process so other researchers can replicate it.
Mastering MITRE's ATT&CK Matrix
Slideshows  |  8/6/2018  | 
This breakdown of Mitre's model for cyberattacks and defense can help organizations understand the stages of attack events and, ultimately, build better security.
4 Reasons Why Companies Are Failing at Incident Response
Commentary  |  8/3/2018  | 
When it comes to containing the business impacts of a security breach, proper planning is often the difference between success and failure.
Multifactor Acquisition: Cisco Plans to Buy Duo for $2.35B
News  |  8/2/2018  | 
Cisco intends to use Duo's authentication technology to ramp up security across hybrid and multicloud environments.
Power Grid Security: How Safe Are We?
Commentary  |  8/2/2018  | 
Experiencing a power outage? It could have been caused by a hacker or just a squirrel chewing through some equipment. And that's a problem.
6 Ways DevOps Can Supercharge Security
Slideshows  |  8/2/2018  | 
Security teams have a huge opportunity to make major inroads by embracing the DevOps movement.
How GDPR Could Turn Privileged Insiders into Bribery Targets
Commentary  |  8/2/2018  | 
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
New Chrome Extension Alerts Users to Hacked Sites
News  |  8/1/2018  | 
HackNotice leverages a database of 20,000 hacks to alert users when a site they visit has been compromised.
Reddit Warns Users of Data Breach
Quick Hits  |  8/1/2018  | 
An attacker broke into Reddit systems and accessed user data, email addresses, and a database of hashed passwords from 2007.
How AI Could Become the Firewall of 2003
Commentary  |  8/1/2018  | 
An over-reliance on artificial intelligence and machine learning for the wrong uses will create unnecessary risks.
48% of Customers Avoid Services Post-Data Breach
Quick Hits  |  8/1/2018  | 
Nearly all organizations hit with a security incident report a long-term negative impact on both revenue and consumer trust.
5 Steps to Fight Unauthorized Cryptomining
Commentary  |  8/1/2018  | 
This compromise feels like a mere annoyance, but it can open the door to real trouble.
Google Researcher Unpacks Rare Android Malware Obfuscation Library
News  |  8/1/2018  | 
Analysis exposes the lengths malware authors will go to in order to protect their code from disassembly and reverse engineering.
Hundreds of Registry Keys Exposed to Microsoft COM Hijacking
News  |  7/31/2018  | 
Experts believe there could be thousands more in the wild.
Unified Security Data: A Simple Idea to Combat Persistent, Complex Cyberattacks
Commentary  |  7/31/2018  | 
Do you know what happens to your data when it's not in use? If the answer is no, you need to fix that.
Mimecast Snaps Up Solebit for $88 Million
Quick Hits  |  7/31/2018  | 
Purchase of threat detection firm closely follows company's acquisition of security training platform Ataata.
Accidental Cryptojackers: A Tale of Two Sites
Commentary  |  7/31/2018  | 
Why website operators need to know with whom they are doing business and how to close the loop on third-party vulnerabilities.
$5 Million in Cryptocurrency Stolen in SIM Hijacking Operation
Quick Hits  |  7/30/2018  | 
College student is arrested for his alleged involvement.
MUD: The Solution to Our Messy Enterprise IoT Security Problems?
Commentary  |  7/30/2018  | 
The 'Manufacturer Usage Description' proposal from IETF offers a promising route for bolstering security across the industry.
Page 1 / 2   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.