News & Commentary

Latest Content tagged with Endpoint
Page 1 / 2   >   >>
Phantom Secure 'Uncrackable Phone' Execs Indicted for RICO Crimes
Quick Hits  |  3/16/2018
Executives of Phantom Secure have been indicted on federal RICO charges for encrypting communications among criminals.
Google Rolls Out New Security Features for Chrome Enterprise
Quick Hits  |  3/16/2018
The business-friendly browser now includes new admin controls, EMM partnerships, and additions to help manage Active Directory.
Microsoft Report: Cybersecurity's Top 3 Threats Intertwine
News  |  3/15/2018
Botnets, ransomware, and simple attack methods dominate the threat landscape and build on each other to drive effectiveness.
Cryptojacking Threat Continues to Rise
News  |  3/15/2018
Unauthorized cryptocurrency mining can consume processing power and make apps unavailable as well as lead to other malware.
Online Ads vs. Security: An Invisible War
Commentary  |  3/15/2018
Why visiting one website is like visiting 50, and how you can fight back against malvertisers.
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Commentary  |  3/15/2018
The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
News  |  3/14/2018
Researchers at Black Hat Asia will demonstrate a new framework they created for catching and studying Apple MacOS malware.
77% of Businesses Lack Proper Incident Response Plans
News  |  3/14/2018
New research shows security leaders have false confidence in their ability to respond to security incidents.
Segmentation: The Neglected (Yet Essential) Control
Commentary  |  3/14/2018
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
SEC Charges Former Equifax Exec with Insider Trading
Quick Hits  |  3/14/2018
CIO of a US business unit within Equifax had reportedly learned of the company's data breach and sold his shares for nearly $1 million.
A Secure Enterprise Starts with a Cyber-Aware Staff
Commentary  |  3/14/2018
An attack doesn't have to be super high-tech to cause a lot of damage. Make sure your employees know how to spot an old-fashioned phishing campaign.
Medical Apps Come Packaged with Hardcoded Credentials
News  |  3/14/2018
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
Microsoft Report Details Different Forms of Cryptominers
News  |  3/13/2018
A new report explores different ways legitimate and malicious coin miners are appearing in the enterprise.
Microsoft Patch Tuesday: Prioritize Browser Updates
Quick Hits  |  3/13/2018
All of the critical vulnerabilities Microsoft patched on March 13 were within, and related to, browsers.
AMD Investigating Report of Vulnerabilities in its Microprocessors
Quick Hits  |  3/13/2018
Israel-based firm says it found critical bugs in AMD's newest chip families.
Google 'Distrust Dates' Are Coming Fast
Commentary  |  3/13/2018
All the tools are in place for the migration of SSL digital certificates on a scale that is unprecedented for the certificate authority industry. Are you ready?
Microsoft Remote Access Protocol Flaw Affects All Windows Machines
News  |  3/13/2018
Attackers can exploit newly discovered critical crypto bug in CredSSP via a man-in-the-middle attack and then move laterally within a victim network.
What's the C-Suite Doing About Mobile Security?
Commentary  |  3/13/2018
While most companies have security infrastructure for on-premises servers, networks, and endpoints, too many are ignoring mobile security. They'd better get moving.
Malware 'Cocktails' Raise Attack Risk
News  |  3/13/2018
Malware mash-ups hiding in encrypted traffic are boosting attack numbers and increasing the danger to data, according to recent reports.
Asia's Security Leaders Feel Underprepared for Future Threats: Report
News  |  3/12/2018
A new study highlights major concerns of cybersecurity leaders in Asia, where most fear critical infrastructure attacks, advanced threats, and social engineering.
Chinese APT Backdoor Found in CCleaner Supply Chain Attack
News  |  3/12/2018
Avast discovers ShadowPad tool for use in apparent planned third stage of the targeted attack campaign.
FlawedAmmyy RAT Campaign Puts New Spin on Old Threat
News  |  3/12/2018
A remote access Trojan, in use since 2016, has a new tactic: combining zip files with the SMB protocol to infect target systems.
Disappearing Act: Dark Reading Caption Contest Winners
Commentary  |  3/12/2018
A standout field with hysterical puns about security policies, Meltdown, Amazon Web Services, and the right to be forgotten. And the winner is
Georgia Man Pleads Guilty to Business Email Compromise Attacks
Quick Hits  |  3/12/2018
Kerby Rigaud has pleaded guilty to using BEC attacks in attempts to steal more than $1 million from US businesses.
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Commentary  |  3/12/2018
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
What Happens When You Hold Robots for Ransom?
News  |  3/10/2018
Researchers explore why an attacker would target robots with ransomware, and the implications of what might happen if they did.
Microsoft Windows Defender Prevents 400,000 Dofoil Infections
Quick Hits  |  3/9/2018
Improved anti-malware detection prevented spread of cryptomining software this week, says Microsoft.
'Slingshot' Cyber Espionage Campaign Hacks Network Routers
News  |  3/9/2018
Advanced hacking group appears to be native English speakers targeting Africa, Middle East.
Tennessee Senate Campaign Sees Possible Hack
Quick Hits  |  3/9/2018
Phil Bredesen's campaign for US senate sees a hacker's hand in email messages
DevSecOps: The Importance of Building Security from the Beginning
Commentary  |  3/9/2018
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
CIGslip Lets Attackers Bypass Microsoft Code Integrity Guard
News  |  3/8/2018
The new technique would enable attackers to inject malicious content into Microsoft Edge and other protected processes.
Group-IB Helps Suspend Ukrainian DDoS Attack Group
Quick Hits  |  3/7/2018
This case marks the first successful prosecution of cybercriminals in Ukraine, the organization reports.
Privilege Abuse Attacks: 4 Common Scenarios
Commentary  |  3/7/2018
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
Memcached DDoS Attack: Kill Switch, New Details Disclosed
Quick Hits  |  3/7/2018
Corero shares a kill switch for the Memcached vulnerability and reports the flaw is more extensive than originally believed.
Identity Management: Where It Stands, Where It's Going
News  |  3/6/2018
How companies are changing the approach to identity management as people become increasingly digital.
Connected Cars Pose New Security Challenges
Commentary  |  3/6/2018
The auto industry should seize the opportunity and get in front of this issue.
Second Ransomware Round Hits Colorado DOT
Quick Hits  |  3/6/2018
A variant of SamSam sends CDOT employees back to pen and paper with two attack waves in two weeks.
Pragmatic Security: 20 Signs You Are 'Boiling the Ocean'
Commentary  |  3/6/2018
Ocean-boiling is responsible for most of the draconian, nonproductive security policies I've witnessed over the course of my career. Here's why they don't work.
Facebook Upgrades Link Security with HSTS Preloading
Quick Hits  |  3/5/2018
Facebook and Instagram links will automatically update from HTTP to HTTPS for eligible websites, increasing both speed and security, the social media giant said.
Hacking Back & the Digital Wild West
Commentary  |  3/5/2018
Far from helping organizations defend themselves, hacking back will escalate an already chaotic situation.
Millions of Office 365 Accounts Hit with Password Stealers
News  |  3/2/2018
Phishing emails disguised as tax-related alerts aim to trick users into handing attackers their usernames and passwords.
Securing the Web of Wearables, Smartphones & Cloud
News  |  3/1/2018
Why security for the Internet of Things demands that businesses revamp their software development lifecycle.
GitHub Among Victims of Massive DDoS Attack Wave
Quick Hits  |  3/1/2018
GitHub reports its site was unavailable this week when attackers leveraged Memcached servers to generate large, widespread UDP attacks.
Phishers Target Social Media
News  |  3/1/2018
Financial institutions still the number one target, according to a new report by RiskIQ.
What Enterprises Can Learn from Medical Device Security
Commentary  |  3/1/2018
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
The State of Application Penetration Testing
News  |  2/28/2018
Data from real-world pen tests shows configuration errors and cross-site scripting are the most commonly found vulnerabilities.
Why Cryptocurrencies Are Dangerous for Enterprises
Commentary  |  2/28/2018
When employees mine coins with work computers, much can go wrong. But there are some ways to stay safe.
How to Secure 'Permissioned' Blockchains
Commentary  |  2/28/2018
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
SAML Flaw Lets Hackers Assume Users' Identities
News  |  2/27/2018
Vulnerability affects single sign-on for SAML-reliant services including OneLogin, Duo Security, Clever, and OmniAuth.
Security Starts with the User Experience
Commentary  |  2/27/2018
Preventing a data breach is safer and more cost-effective than dealing with a breach after it has already happened. That means a focus on security in the design phase.
Page 1 / 2   >   >>

Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
New 'Mac-A-Mal' Tool Automates Mac Malware Hunting & Analysis
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/14/2018
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Pat Osborne, Principal - Executive Consultant at Outhaul Consulting, LLC, & Cybersecurity Advisor for the Security Innovation Center,  3/12/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.