News & Commentary
Latest Content tagged with Endpoint
Page 1 / 2   >   >>
Credential-Stuffing Threat Intensifies Amid Password Reuse
News  |  5/23/2017  | 
Employees who reuse logins on multiple websites drive the impact of third-party breaches as hackers use credential stuffing to compromise more accounts.
9 Ways Organizations Sabotage Their Own Security: Lessons from the Verizon DBIR
Slideshows  |  5/23/2017  | 
Mistakes and missteps plague enterprise security. The Verizon 2017 Data Breach Investigations Report (DBIR) offers nuggets on what organizations must stop doing now.
Staying a Step Ahead of Internet Attacks
Commentary  |  5/23/2017  | 
There's no getting around the fact that targeted attacks - like phishing - will happen. But you can figure out the type of attack to expect next.
With Billions Spent on Cybersecurity, Why Are Problems Getting Worse?
Commentary  |  5/23/2017  | 
Technology alone won't keep you safe. Fully engaged employees should be your first line of defense.
WannaCry Hit Windows 7 Machines Most
News  |  5/22/2017  | 
More than 95% of all of the infected machines were running Windows 7, according to Kaspersky Lab data.
Emerging Threats to Add to Your Security Radar Screen
News  |  5/22/2017  | 
The cybersecurity threat landscape is poised to grow in size and complexity - what to look out for.
Researcher Creates Tool to Unlock WannaCry-Infected Windows XP Files
Quick Hits  |  5/19/2017  | 
A security researcher appears to have discovered a flaw in WannaCry that may provide Windows XP victims of the attack with a way to unlock their files.
Ransomware Rocks Endpoint Security Concerns
News  |  5/19/2017  | 
Meanwhile, threat detection technologies are evolving that can help security teams spot incidents more efficiently.
Deconstructing the 2016 Yahoo Security Breach
Commentary  |  5/19/2017  | 
One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.
Don't Forget Basic Security Measures, Experts Say
News  |  5/18/2017  | 
Some security leaders argue there is little point in worrying about emerging threats when businesses can't defend against today's attacks.
All Generations, All Risks, All Contained: A How-To Guide
Commentary  |  5/18/2017  | 
Organizations must have a security plan that considers all of their employees.
FireEye CEO Mandia Talks Rapid Rise of Nation-State Threats
News  |  5/17/2017  | 
FireEye CEO Kevin Mandia at Interop ITX discussed changes in the geopolitical threat landscape and how attackers target their victims.
Survey: Unpatched Windows OS on the Rise
Quick Hits  |  5/17/2017  | 
Despite the rise in vulnerabilities, the percentage of unpatched Windows operating systems grew in the first quarter compared to the previous year.
The Fundamental Flaw in TCP/IP: Connecting Everything
Commentary  |  5/17/2017  | 
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
WannaCry's 'Kill Switch' May Have Been a Sandbox-Evasion Tool
News  |  5/16/2017  | 
Massive ransomware worm attack appears to have come with a poorly planned anti-analysis feature.
DocuSign's Brand Used in Phishing Attacks
Quick Hits  |  5/16/2017  | 
The electronic signature company issued an update alert today that it noticed a rise in phishing attacks last week and this morning.
FTC Launches 'Operation Tech Trap' to Catch Fraudsters
Quick Hits  |  5/16/2017  | 
The Federal Trade Commission has teamed up with law enforcement partners to crack down on tech support scams.
Researchers Investigate Possible Connection Between WannaCry & North Korean Hacker Group
News  |  5/15/2017  | 
Google, Kaspersky Lab and Symantec all have found common code in the WannaCry malware and that of the nation-state hackers behind the mega breach of Sony.
Your Grandma Could Be the Next Ransomware Millionaire
Commentary  |  5/15/2017  | 
Today's as-a-service technology has democratized ransomware, offering practically anyone with a computer and an Internet connection an easy way to get in on the game.
7 Florida Men Charged in Global Tech Support Scheme
Quick Hits  |  5/12/2017  | 
Federal fraud charges have been filed against seven men for their involvement in an international tech support scam.
'WannaCry' Rapidly Moving Ransomware Attack Spreads to 74 Countries
News  |  5/12/2017  | 
A wave of ransomware infections took down a wide swath of UK hospitals and is rapidly moving across the globe.
New Malware Uses GeoCities, North Korea Interest to Trick Victims
News  |  5/12/2017  | 
A new threat called Baijiu leverages the GeoCities web service, and heightened interest in North Korea, to deceive victims.
Trump Issues Previously Delayed Cybersecurity Executive Order
News  |  5/11/2017  | 
EO calls for immediate review of federal agencies' security postures, adoption of the NIST Framework, and a focus on critical infrastructure security.
Keylogger Discovered in Some HP Laptops
Quick Hits  |  5/11/2017  | 
Researchers discovered the audio driver in some HP laptops contains a tool to record and save users' keystrokes.
SSA Plans Stronger Website Authentication
Quick Hits  |  5/11/2017  | 
Starting in June 2017, the US Social Security Administration will require a more secure login process for SSA.gov.
Artificial Intelligence: Cybersecurity Friend or Foe?
Commentary  |  5/11/2017  | 
The next generation of situation-aware malware will use AI to behave like a human attacker: performing reconnaissance, identifying targets, choosing methods of attack, and intelligently evading detection.
Your IoT Baby Isn't as Beautiful as You Think It Is
Commentary  |  5/10/2017  | 
Both development and evaluation teams have been ignoring security problems in Internet-connected devices for too long. That must stop.
FTC Launches Cybersecurity Resource Website for SMBs
Quick Hits  |  5/10/2017  | 
Federal Trade Commission website offers free tips and information for small businesses.
Extreme Makeover: AI & Network Cybersecurity
Commentary  |  5/10/2017  | 
In the future, artificial intelligence will constantly adapt to the growing attack surface. Today, we are still connecting the dots.
SLocker Ransomware Variants Surge
News  |  5/10/2017  | 
SLocker, one of the top 20 Android malware families, has seen a six-fold increase in the number of new versions over the past six months.
New IoT Botnet Discovered, 120K IP Cameras At Risk of Attack
News  |  5/9/2017  | 
The Persirai IoT botnet, which targets IP cameras, arrives hot on the heels of Mirai and highlights the growing threat of IoT botnets.
Shining a Light on Securitys Grey Areas: Process, People, Technology
Commentary  |  5/9/2017  | 
The changing distributed and mobile business landscape brings with it new security and privacy risks. Heres how to meet the challenge.
10 Free or Low-Cost Security Tools
Slideshows  |  5/9/2017  | 
At a time when many organizations struggle with security funding, open-source tools can help cut costs for certain businesses.
Malspam Causing Havoc for Mac & Windows
Partner Perspectives  |  5/9/2017  | 
Spam is a multi-platform, multi-vector approach to network compromise, and organizations need to weigh up the risks on all fronts to be able to combat it successfully.
Deciphering the GDPR: What You Need to Know to Prepare Your Organization
Commentary  |  5/9/2017  | 
The European Union's upcoming privacy regulations are incredibly complex. Here are four important points to keep in mind.
Aflac CISO: Insurance Sector Ramps Up Cyber Defenses
News  |  5/8/2017  | 
Aflac CISO Tim Callahan discusses ongoing initiatives to stay secure as hackers ramp up attacks on financial services.
Google Ratchets Up OAuth Policies in Wake of Phishing Attacks
Quick Hits  |  5/8/2017  | 
Google says it responded to the widespread Google Docs phishing campaign within one hour of detecting it.
Law Firm Sues Insurer Over Income Loss in Ransomware Attack
Quick Hits  |  5/5/2017  | 
A Rhode Island law firm sued its insurer over failing to pay for lost income following a ransomware attack on the firm.
Backdoors: When Good Intentions Go Bad
Commentary  |  5/5/2017  | 
Requiring encrypted applications to provide backdoors for law enforcement will weaken security for everyone.
FBI: Business- and Email Account Compromise Attack Losses Hit $5 Billion
Quick Hits  |  5/5/2017  | 
The FBI's IC3 division reports a 2,370% spike in exposed losses resulting from BEC and EAC between January 2015 and December 2016.
Google Docs Phishing Scam a Game Changer
News  |  5/4/2017  | 
Experts expect copycats that take advantage of passive authentication from third-party applications using standards such as OAuth.
Europe Pumps Out 50% More Cybercrime Attacks Than US
News  |  5/4/2017  | 
Cyberattacks originating from Europe were substantially higher than nefarious activity launched from the US during the first quarter.
SS7 Flaws Exploited in Attacks Against Mobile Users' Bank Accounts
Quick Hits  |  5/4/2017  | 
Cyberthieves exploited long-known vulnerabilities in the Signaling System 7 (SS7) protocol, attacking bank accounts in Germany by intercepting two-factor authentication codes sent to mobile phones.
Microsoft Ends Security Updates for Windows 10 Version 1507
Quick Hits  |  5/4/2017  | 
Microsoft will end security updates for Windows 10 version 1507 on May 9, 2017.
Midsize Businesses Prove Easy Attack Targets
News  |  5/4/2017  | 
Basic security practices could protect small- to midsized businesses from cybercriminals looking for low-risk, high-reward targets.
Why OAuth Phishing Poses A New Threat to Users
Commentary  |  5/4/2017  | 
Credential phishing lets attackers gain back-end access to email accounts, and yesterday's Google Docs scam raises the risk to a new level.
Small Budgets Cripple Cybersecurity Efforts of Local Governments
Quick Hits  |  5/3/2017  | 
A survey of local government chief information officers finds that insufficient funding for cybersecurity is the biggest obstacle in achieving high levels of cyber safety.
7 Steps to Fight Ransomware
Commentary  |  5/3/2017  | 
Perpetrators are shifting to more specific targets. This means companies must strengthen their defenses, and these strategies can help.
Sabre Breach May Put Traveler Data at Risk
Quick Hits  |  5/3/2017  | 
Travel giant Sabre investigates a potentially significant data breach of a reservations system used by more than 32,000 properties.
Researchers Hack Industrial Robot
News  |  5/3/2017  | 
New research finds more than 80,000 industrial routers exposed on the public Internet.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.