Endpoint
News & Commentary
How To Reduce Spam & Phishing With DMARC
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015
Comment1 Comment  |  Read  |  Post a Comment
Gemalto: NSA, GCHQ May Have Been Behind Breaches It Suffered In 2010 And 2011
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
But the 'sophisticated' attacks hit only Gemalto office networks--not 'massive theft' of SIM crypto keys, vendor says, and such an attack, if waged, would only affect 2G networks, not 3G or 4G.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 2/25/2015
Comment3 comments  |  Read  |  Post a Comment
5 Ways To Prepare For IoT Security Risks
Jai Vijayan, Freelance writerNews
As the Internet of Things begins to take shape, IT organizations must prepare for change.
By Jai Vijayan Freelance writer, 2/24/2015
Comment0 comments  |  Read  |  Post a Comment
Superfish Compromises All SSL Connections On Lenovo Gear
Sara Peters, Senior Editor at Dark ReadingNews
More than just pre-installed adware on some Lenovo laptops, Superfish acts as a man-in-the-middle certificate authority, hijacking every SSL session the laptop makes.
By Sara Peters Senior Editor at Dark Reading, 2/19/2015
Comment10 comments  |  Read  |  Post a Comment
Microsoft Fix For Critical Active Directory Bug A Year In The Making
Ericka Chickowski, Contributing Writer, Dark ReadingNews
This critical Active Directory vuln along with two other particularly 'nasty' critical flaws have experts pushing organizations to pick up patching pace.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/11/2015
Comment1 Comment  |  Read  |  Post a Comment
Box Giving Customers Control Over Encryption Keys
Sara Peters, Senior Editor at Dark ReadingNews
Box says they've eliminated the last major barrier to cloud adoption, even in highly regulated organizations.
By Sara Peters Senior Editor at Dark Reading, 2/10/2015
Comment1 Comment  |  Read  |  Post a Comment
White House Revises Rules For Intelligence Gathering
Thomas Claburn, Editor-at-LargeNews
Intelligence agencies like the NSA face data-retention limits and privacy training.
By Thomas Claburn Editor-at-Large, 2/3/2015
Comment3 comments  |  Read  |  Post a Comment
Browsers Are The Window To Enterprise Infection
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Ponemon report says infections dominated by browser-based exploits.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/2/2015
Comment9 comments  |  Read  |  Post a Comment
Social Media Betrays Your Credit Card Activity: Study
Thomas Claburn, Editor-at-LargeNews
Using time and location data culled from social media posts or other sources, researchers say they can identify your purchases from amongst anonymized transaction data.
By Thomas Claburn Editor-at-Large, 1/31/2015
Comment7 comments  |  Read  |  Post a Comment
Takeaways from International Data Privacy Day: The Internet of Things
Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group
Event looks at the future of data use and how we can – and should – protect personal privacy.
By Lorie Wigle Vice President, General Manager IOT Security Solutions, Intel Security Group, 1/30/2015
Comment0 comments  |  Read  |  Post a Comment
FTC Seeks Internet Of Things Rules
Thomas Claburn, Editor-at-LargeNews
More responsible business practices and new laws are needed to make the Internet of Things viable, the FTC says.
By Thomas Claburn Editor-at-Large, 1/27/2015
Comment2 comments  |  Read  |  Post a Comment
WiIl Millennials Be The Death Of Data Security?
Chris Rouland, Founder & CEO, BastilleCommentary
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
By Chris Rouland Founder & CEO, Bastille, 1/27/2015
Comment35 comments  |  Read  |  Post a Comment
NFL Mobile Sports App Contains Super Bowl-Sized Vulns
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Lack of protections puts users at risk of exposed information by way of man-in-the-middle attacks.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/27/2015
Comment10 comments  |  Read  |  Post a Comment
Adobe Fixes Second Flash Flaw Exploited By Angler
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Second 0-day fix addresses UAF vulnerability.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/26/2015
Comment1 Comment  |  Read  |  Post a Comment
The Internet of Abused Things
Liviu Arsene, Senior E-threat Analyst, Bitdefender
We need to find ways to better secure the Internet of Things, or be prepared to face the consequences.
By Liviu Arsene Senior E-threat Analyst, Bitdefender, 1/22/2015
Comment0 comments  |  Read  |  Post a Comment
Protect Yourself by Protecting Others
Candace Worley, SVP & GM, Endpoint Security Business, Intel Security
How the consumerization of IT is affecting endpoint security.
By Candace Worley SVP & GM, Endpoint Security Business, Intel Security, 1/22/2015
Comment0 comments  |  Read  |  Post a Comment
Video: Zombie Cookies, IT Budgets & Twitter Hacks
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at zombie cookies, your 2015 IT budget, the rise of open source storage, and more.
By Andrew Conry Murray Director of Content & Community, Interop, 1/16/2015
Comment0 comments  |  Read  |  Post a Comment
Bank Fraud Toolkit Circumvents 2FA & Device Identification
Sara Peters, Senior Editor at Dark ReadingNews
KL-Remote is giving Brazilian fraudsters a user-friendly "virtual mugging" platform.
By Sara Peters Senior Editor at Dark Reading, 1/14/2015
Comment5 comments  |  Read  |  Post a Comment
Majority Of Enterprises Finally Recognize Users As Endpoint's Weakest Vulnerability
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The Ponemon State of the Endpoint report shows endpoint management continues to grow more difficult.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/14/2015
Comment0 comments  |  Read  |  Post a Comment
2015: The Year Of The Security Startup – Or Letdown
Tim Wilson, Editor in Chief, Dark ReadingCommentary
While stealth startup Ionic and other newcomers promise to change the cyber security game, ISC8 may be the first of many to head for the showers.
By Tim Wilson Editor in Chief, Dark Reading, 1/13/2015
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2188
Published: 2015-02-26
The Authentication Proxy feature in Cisco IOS does not properly handle invalid AAA return codes from RADIUS and TACACS+ servers, which allows remote attackers to bypass authentication in opportunistic circumstances via a connection attempt that triggers an invalid code, as demonstrated by a connecti...

CVE-2015-0594
Published: 2015-02-26
Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun1...

CVE-2015-0632
Published: 2015-02-26
Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770.

CVE-2015-0651
Published: 2015-02-26
Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753.

CVE-2015-0882
Published: 2015-02-26
Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php an...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.