Endpoint //


News & Commentary
The Cloud Security Conundrum: Assets vs. Infrastructure
Andrew Williams, Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, CoalfireCommentary
The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?
By Andrew Williams Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, Coalfire, 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
Account Takeover Attacks Become a Phishing Fave
Dark Reading Staff, Quick Hits
More than three-quarters of ATOs resulted in a phishing email, a new report shows.
By Dark Reading Staff , 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, YubicoCommentary
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
By John Fontana Standards & Identity Analyst, Yubico, 9/19/2018
Comment5 comments  |  Read  |  Post a Comment
The Top 5 Security Threats & Mitigations for Industrial Networks
Barak Perelman, CEO, IndegyCommentary
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
By Barak Perelman CEO, Indegy, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
IoT Threats Triple Since 2017
Dark Reading Staff, Quick Hits
Rapidly evolving malware is posing an ever-greater threat to the IoT and business users of the Internet.
By Dark Reading Staff , 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
Military, Government Users Just as Bad About Password Hygiene as Civilians
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/14/2018
Comment1 Comment  |  Read  |  Post a Comment
4 Trends Giving CISOs Sleepless Nights
Mike Convertino, CISO & VP, Information Security, F5 NetworksCommentary
IoT attacks, budget shortfalls, and the skills gap are among the problems keeping security pros up at night.
By Mike Convertino CISO & VP, Information Security, F5 Networks, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
4 Practical Measures to Improve Election Security Now
Chris Wysopal,  Chief Technology Officer, CA Veracode Commentary
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
By Chris Wysopal Chief Technology Officer, CA Veracode , 9/11/2018
Comment1 Comment  |  Read  |  Post a Comment
Authentication Grows Up
Kelly Sheridan, Staff Editor, Dark ReadingNews
Which forms of multi-factor authentication (MFA) are working, which are not, and where industry watchers think the market is headed.
By Kelly Sheridan Staff Editor, Dark Reading, 9/4/2018
Comment0 comments  |  Read  |  Post a Comment
How to Gauge the Effectiveness of Security Awareness Programs
Ira Winkler, CISSP, President, Secure MentemCommentary
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
By Ira Winkler CISSP, President, Secure Mentem, 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
Shadow IT: Every Company's 3 Hidden Security Risks
Adam Marre,  Information Security Operations Leader, QualtricsCommentary
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
By Adam Marre Information Security Operations Leader, Qualtrics, 8/7/2018
Comment2 comments  |  Read  |  Post a Comment
IT Managers: Are You Keeping Up with Social-Engineering Attacks?
Larry Ponemon, Chairman and Founder, Ponemon Institute, and 3M Privacy ConsultantCommentary
Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.
By Larry Ponemon Chairman and Founder, Ponemon Institute, and 3M Privacy Consultant, 8/6/2018
Comment3 comments  |  Read  |  Post a Comment
Is SMS 2FA Enough Login Protection?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Experts say Reddit breach offers a prime example of the risks of depending on one-time passwords sent via text.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/3/2018
Comment0 comments  |  Read  |  Post a Comment
London Calling with New Strategies to Stop Ransomware
Chris Bailey, Vice President of Strategy, Entrust DatacardCommentary
The new London Protocol from the Certificate Authority Security Council/Browser Forum aims to minimize the possibility of phishing activity on high-value identity websites.
By Chris Bailey Vice President of Strategy, Entrust Datacard, 7/23/2018
Comment1 Comment  |  Read  |  Post a Comment
Beyond Passwords: Why Your Company Should Rethink Authentication
Rajiv Dholakia, VP Products, Nok Nok LabsCommentary
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
By Rajiv Dholakia VP Products, Nok Nok Labs, 7/19/2018
Comment0 comments  |  Read  |  Post a Comment
Bomgar Acquires Avecto
Dark Reading Staff, Quick Hits
Purchase adds layers to privileged access management system.
By Dark Reading Staff , 7/10/2018
Comment0 comments  |  Read  |  Post a Comment
Reactive or Proactive? Making the Case for New Kill Chains
Ryan Stolte, co-founder and CTO at Bay DynamicsCommentary
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
By Ryan Stolte co-founder and CTO at Bay Dynamics, 7/6/2018
Comment1 Comment  |  Read  |  Post a Comment
Consumers Rank Security High in Payment Decisions
Dark Reading Staff, Quick Hits
Security is a top priority when it comes to making decisions on payment methods and technologies.
By Dark Reading Staff , 7/3/2018
Comment2 comments  |  Read  |  Post a Comment
iOS 12 2FA Feature May Carry Bank Fraud Risk
Dark Reading Staff, Quick Hits
Making two-factor authentication faster could also make it less secure.
By Dark Reading Staff , 7/2/2018
Comment0 comments  |  Read  |  Post a Comment
10 Tips for More Secure Mobile Devices
Curtis Franklin Jr., Senior Editor at Dark Reading
Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/27/2018
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Williamastro
Current Conversations Nice
In reply to: Thanks for sharing
Post Your Own Reply
More Conversations
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2018-09-26
Some Huawei products Agassi-L09 AGS-L09C100B257CUSTC100D001, AGS-L09C170B253CUSTC170D001, AGS-L09C199B251CUSTC199D001, AGS-L09C229B003CUSTC229D001, Agassi-W09 AGS-W09C100B257CUSTC100D001, AGS-W09C128B252CUSTC128D001, AGS-W09C170B252CUSTC170D001, AGS-W09C229B251CUSTC229D001, AGS-W09C331B003CUSTC331D0...
PUBLISHED: 2018-09-26
An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' (v0.12.2.0-master-ffab6700) and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An attac...
PUBLISHED: 2018-09-26
Axon (formerly TASER International) Evidence Sync 3.15.89 is vulnerable to process injection.
PUBLISHED: 2018-09-25
In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large SETTINGS frames a client can occupy a connection, server thread and CPU time without any connection timeout coming to effect. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.
PUBLISHED: 2018-09-25
An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerabl...