News & Commentary

Latest Content tagged with Endpoint
Page 1 / 2   >   >>
When Cryptocurrency Falls, What Happens to Cryptominers?
News  |  12/18/2018  | 
The fall of cryptocurrency's value doesn't signify an end to cryptomining, but attackers may be more particular about when they use it.
Trend Micro Finds Major Flaws in HolaVPN
Quick Hits  |  12/18/2018  | 
A popular free VPN is found to have a very high cost for users.
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
Commentary  |  12/18/2018  | 
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
Cyber Readiness Institute Launches New Program for SMBs
News  |  12/17/2018  | 
Program seeks to raise employees' cyber awareness and give small and midsize business owners the tools to make a difference.
53 Bugs in 50 Days: Researchers Fuzz Adobe Reader
News  |  12/17/2018  | 
Automatic vulnerability finding tools detect more than 50 CVEs in Adobe Reader and Adobe Pro during a 50-day experiment.
Facebook: Photo API Bug Exposed 6.8M User Photos
Quick Hits  |  12/17/2018  | 
The flaw let developers access images that users may not have shared publicly, including those they started to upload but didnt post.
Shhhhh! The Secret to Secrets Management
Commentary  |  12/17/2018  | 
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
Iranian Hackers Target Nuclear Experts, US Officials
Quick Hits  |  12/14/2018  | 
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
Who Are You, Really? A Peek at the Future of Identity
News  |  12/14/2018  | 
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
Retailers: Avoid the Hackable Holidaze
Commentary  |  12/14/2018  | 
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
2019 Attacker Playbook
Slideshows  |  12/14/2018  | 
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Commentary  |  12/13/2018  | 
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
Education Gets an 'F' for Cybersecurity
Quick Hits  |  12/13/2018  | 
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
The Economics Fueling IoT (In)security
Commentary  |  12/13/2018  | 
Attackers understand the profits that lie in the current lack of security. That must change.
Worst Password Blunders of 2018 Hit Organizations East and West
News  |  12/12/2018  | 
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
Bug Hunting Paves Path to Infosec Careers
News  |  12/12/2018  | 
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
Mac Malware Cracks WatchGuards Top 10 List
News  |  12/12/2018  | 
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
Quick Hits  |  12/12/2018  | 
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
Forget Shifting Security Left; It's Time to Race Left
Commentary  |  12/12/2018  | 
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Slideshows  |  12/12/2018  | 
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
News  |  12/11/2018  | 
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
Grammarly Takes Bug Bounty Program Public
Quick Hits  |  12/11/2018  | 
The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.
DanaBot Malware Adds Spam to its Menu
News  |  12/10/2018  | 
A new generation of modular malware increases its value to criminals.
'Highly Active' Seedworm Group Hits IT Services, Governments
News  |  12/10/2018  | 
Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.
'Dr. Shifro' Prescribes Fake Ransomware Cure
Quick Hits  |  12/10/2018  | 
A Russian firm aims to capitalize on ransomware victims' desperation by offering to unlock files then passing money to attackers.
'PowerSnitch' Hacks Androids via Power Banks
News  |  12/8/2018  | 
Researcher demonstrates how attackers could steal data from smartphones while they're charging.
Iranian Nationals Charged for Atlanta Ransomware Attack
Quick Hits  |  12/7/2018  | 
The March attack used SamSam ransomware to infect 3,789 computers.
Kubernetes Deployments Around the World Show Vulnerabilities
Quick Hits  |  12/7/2018  | 
Kubernetes owners who expose APIs to the Internet are leaving their systems open to hackers.
Insider Threats & Insider Objections
Commentary  |  12/7/2018  | 
The tyranny of the urgent and three other reasons why its hard for CISOs to establish a robust insider threat prevention program.
Adobe Flash Zero-Day Spreads via Office Docs
News  |  12/6/2018  | 
Adobe has patched a zero-day in its Flash player after attackers leveraged the exploit in an active campaign.
4 Lessons Die Hard Teaches About Combating Cyber Villains
Commentary  |  12/6/2018  | 
With proper planning, modern approaches, and tools, we can all be heroes in the epic battle against the cyber threat.
55% of Companies Don't Offer Mandatory Security Awareness Training
Quick Hits  |  12/6/2018  | 
Even those that provide employee training do so sparingly, a new study finds.
Apple Issues Security Fixes Across Mac, iOS
Quick Hits  |  12/6/2018  | 
Software updates for Mac and iOS bring patches to Safari, iCloud, iTunes on Windows, and tvOS.
7 Common Breach Disclosure Mistakes
Slideshows  |  12/6/2018  | 
How you report a data breach can have a big impact on its fallout.
A Shift from Cybersecurity to Cyber Resilience: 6 Steps
Commentary  |  12/5/2018  | 
Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.
Starwood Breach Reaction Focuses on 4-Year Dwell
News  |  12/5/2018  | 
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
Google Cloud Security Command Center Now in Beta
News  |  12/5/2018  | 
The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.
Republican Committee Email Hacked During Midterms
Quick Hits  |  12/5/2018  | 
The National Republican Congressional Committee detected the compromise of four staffers' email accounts in April.
Windows 10 Security Questions Prove Easy for Attackers to Exploit
News  |  12/5/2018  | 
New research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges.
The Case for a Human Security Officer
Commentary  |  12/5/2018  | 
Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.
6 Ways to Strengthen Your GDPR Compliance Efforts
Slideshows  |  12/5/2018  | 
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation and that could cost them.
Backdoors Up 44%, Ransomware Up 43% from 2017
News  |  12/4/2018  | 
Nearly one in three computers was hit with a malware attack this year, and ransomware and backdoors continue to pose a risk.
London Blue BEC Cybercrime Gang Unmasked
News  |  12/4/2018  | 
Security firm turned the tables on attackers targeting its chief financial officer in an email-borne financial scam.
5 Emerging Trends in Cybercrime
Commentary  |  12/4/2018  | 
Organizations can start today to protect against 2019's threats. Look out for crooks using AI "fuzzing" techniques, machine learning, and swarms.
'Influence Agents' Used Twitter to Sway 2018 Midterms
Quick Hits  |  12/3/2018  | 
About 25% of political support in Arizona and Florida was generated by influence agents using Twitter as a platform, research shows.
Microsoft, Mastercard Aim to Change Identity Management
News  |  12/3/2018  | 
A new partnership wants to improve how people use and manage the virtual identities that govern their lives online.
Holiday Hacks: 6 Cyberthreats to Watch Right Now
Slideshows  |  11/30/2018  | 
'Tis the season for holiday crafted phishes, scams, and a range of cyberattacks. Experts list the hottest holiday hacks for 2018.
Threat Hunting: Improving Bot Detection in Enterprise SD-WANs
Commentary  |  11/30/2018  | 
How security researchers tracked down Kuai and Bujoi malware through multiple vectors including client type, traffic frequency, and destination.
39 Arrested in Tech Support Scam Crackdown: Microsoft
Quick Hits  |  11/30/2018  | 
Law enforcement officials in India raided 16 call center locations that conned primarily American and Canadian victims.
MITRE Changes the Game in Security Product Testing
News  |  11/29/2018  | 
Nonprofit has published its first-ever evaluation of popular endpoint security tools - measured against its ATT&CK model.
Page 1 / 2   >   >>


Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
[Sponsored Content] The State of Encryption and How to Improve It
[Sponsored Content] The State of Encryption and How to Improve It
Encryption and access controls are considered to be the ultimate safeguards to ensure the security and confidentiality of data, which is why they're mandated in so many compliance and regulatory standards. While the cybersecurity market boasts a wide variety of encryption technologies, many data breaches reveal that sensitive and personal data has often been left unencrypted and, therefore, vulnerable.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...
CVE-2018-19829
PUBLISHED: 2018-12-18
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
CVE-2018-16884
PUBLISHED: 2018-12-18
A flaw was found in the Linux kernel in the NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel id and cause a use-after-free. Thus a malicious container user can cause a host kernel memory corruption and a system ...
CVE-2018-17777
PUBLISHED: 2018-12-18
An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editing the path of the cookie "sid" generated by the page. The attacker will have acc...
CVE-2018-18921
PUBLISHED: 2018-12-18
PHP Server Monitor before 3.3.2 has CSRF, as demonstrated by a Delete action.