Endpoint
News & Commentary
RAT Vulnerabilities Turn Hackers into Victims
Kelly Sheridan, Associate Editor, Dark ReadingNews
A small number of Remote Administration Tools have vulnerabilities which can enable attack targets to turn the tables on threat actors.
By Kelly Sheridan Associate Editor, Dark Reading, 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
Two Arrested for Microsoft Network Intrusion
Dark Reading Staff, Quick Hits
UK authorities arrest two men for allegedly breaking into Microsoft's network with the intent to steal customer data from the software giant.
By Dark Reading Staff , 6/22/2017
Comment0 comments  |  Read  |  Post a Comment
WannaCry? Youre Not Alone: The 5 Stages of Security Grief
Eric Thomas, Director of Solutions Architecture, ExtraHopCommentary
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
By Eric Thomas Director of Solutions Architecture, ExtraHop, 6/22/2017
Comment2 comments  |  Read  |  Post a Comment
Consumer Businesses Have False Confidence in their Security: Deloitte
Dark Reading Staff, Quick Hits
Consumer business executives are confident in their ability to respond to cyberattacks but fail to document and test response plans.
By Dark Reading Staff , 6/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Trusted IDs Gain Acceptance in Smart Building Environment
Dark Reading Staff, Quick Hits
A majority of survey respondents believe identities can be connected across multiple systems and devices through a single ID card or mobile phone.
By Dark Reading Staff , 6/20/2017
Comment0 comments  |  Read  |  Post a Comment
Data Breach Costs Drop Globally But Increase in US
Kelly Sheridan, Associate Editor, Dark ReadingNews
The average total cost of a data breach declined 10% year-over-year around the world, but in the US edged upward by 5%.
By Kelly Sheridan Associate Editor, Dark Reading, 6/20/2017
Comment0 comments  |  Read  |  Post a Comment
Apple iOS Threats Fewer Than Android But More Deadly
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Data leakage and corruption haunt iOS and Android mobile apps the most, a new study shows.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/20/2017
Comment3 comments  |  Read  |  Post a Comment
Cybersecurity Fact vs. Fiction
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
Based on popular media, it's easy to be concerned about the security of smart cars, homes, medical devices, and public utilities. But how truly likely are such attacks?
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 6/20/2017
Comment1 Comment  |  Read  |  Post a Comment
Rise of Nation State Threats: How Can Businesses Respond?
Kelly Sheridan, Associate Editor, Dark ReadingNews
Cybersecurity experts discuss nation-state threats of greatest concerns, different types of attacks, and how organization can prepare.
By Kelly Sheridan Associate Editor, Dark Reading, 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
Invisible Invaders: Why Detecting Bot Attacks Is Becoming More Difficult
Ido Safruti,  Founder and CTO at PerimeterXCommentary
Traditional methods can't block the latest attackers, but a behavioral approach can tell the difference between bots and humans.
By Ido Safruti Founder and CTO at PerimeterX, 6/19/2017
Comment0 comments  |  Read  |  Post a Comment
Samsung KNOX Takes Some Knocks
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Researcher at Black Hat USA will reveal Samsung KNOX 2.6 vulnerabilities and bypass techniques, and notes that new KNOX 2.8 may be at risk as well.
By Dawn Kawamoto Associate Editor, Dark Reading, 6/15/2017
Comment0 comments  |  Read  |  Post a Comment
1 Million Endpoints Exposed on Public Internet via Microsoft File-Sharing Services
Kelly Sheridan, Associate Editor, Dark ReadingNews
Research on global Internet security posture found endpoints leaving Microsoft SMB file-sharing systems wide open online, a finding that explains the rapid spread of WannaCry, Rapid7 says.
By Kelly Sheridan Associate Editor, Dark Reading, 6/15/2017
Comment0 comments  |  Read  |  Post a Comment
Climbing the Security Maturity Ladder in Cloud
Daniel Mellen, Accenture Managing Director, SecurityCommentary
These five steps will insure that you achieve the broadest coverage for onboarding your most sensitive workloads.
By Daniel Mellen Accenture Managing Director, Security, 6/15/2017
Comment0 comments  |  Read  |  Post a Comment
Hospital Email Security in Critical Condition as DMARC Adoption Lags
Kelly Sheridan, Associate Editor, Dark ReadingNews
Healthcare providers put patient data at risk by failing to protect their email domains with DMARC adoption.
By Kelly Sheridan Associate Editor, Dark Reading, 6/14/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Security Updates Include Windows XP, Server 2003
Kelly Sheridan, Associate Editor, Dark ReadingNews
Microsoft extends its monthly security updates to respond to a rise in cyberattacks and fix serious flaws in Windows XP and Windows Server 2003.
By Kelly Sheridan Associate Editor, Dark Reading, 6/14/2017
Comment0 comments  |  Read  |  Post a Comment
How Bad Data Alters Machine Learning Results
Kelly Sheridan, Associate Editor, Dark ReadingNews
Machine learning models tested on single sources of data can prove inaccurate when presented with new sources of information.
By Kelly Sheridan Associate Editor, Dark Reading, 6/13/2017
Comment0 comments  |  Read  |  Post a Comment
Businesses Spend 1,156 Hours Per Week on Endpoint Security
Kelly Sheridan, Associate Editor, Dark ReadingNews
Insecure endpoints cost businesses millions of dollars, and hours of productivity, as they struggle to detect and contain threats.
By Kelly Sheridan Associate Editor, Dark Reading, 6/13/2017
Comment1 Comment  |  Read  |  Post a Comment
WannaCry 'Scareware' Driving Downloads of Bogus Anti-Virus Apps
Dark Reading Staff, Quick Hits
Fake anti-virus apps account for 12.2% of active AV apps in the Google Play store, of which roughly one in 10 are blacklisted, according to a report released today.
By Dark Reading Staff , 6/13/2017
Comment0 comments  |  Read  |  Post a Comment
New Malware-as-a-Service Offerings Target Mac OS X
Kelly Sheridan, Associate Editor, Dark ReadingNews
MacSpy and MacRansom are two early variants of malware-as-a-service portals targeting the broader population of Mac users.
By Kelly Sheridan Associate Editor, Dark Reading, 6/12/2017
Comment4 comments  |  Read  |  Post a Comment
New Attack Method Delivers Malware Via Mouse Hover
Kelly Sheridan, Associate Editor, Dark ReadingNews
'Mouseover' technique relies on users hovering over hyperlinked text and images in Microsoft PowerPoint files to drop Trojan.
By Kelly Sheridan Associate Editor, Dark Reading, 6/9/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.