Endpoint

News & Commentary
Microsoft Patch Tuesday Recap: 12 Critical Bugs Fixed
Dark Reading Staff, Quick Hits
Eight of the 12 critical vulnerabilities addressed this month affect the Chakra Scripting Engine in Microsoft Edge.
By Dark Reading Staff , 11/13/2018
Comment0 comments  |  Read  |  Post a Comment
Getting to Know Magecart: An Inside Look at 7 Groups
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report spills the details on Magecart, the criminal groups driving it, and ongoing attacks targeting low- and high-profile victims.
By Kelly Sheridan Staff Editor, Dark Reading, 11/13/2018
Comment0 comments  |  Read  |  Post a Comment
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360Commentary
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
By Shay Colson CISSP, Senior Manager, CyberClarity360, 11/13/2018
Comment0 comments  |  Read  |  Post a Comment
RIP, 'IT Security'
Kevin Kurzawa, Senior Information Security AuditorCommentary
Information security is vital, of course. But the concept of "IT security" has never made sense.
By Kevin Kurzawa Senior Information Security Auditor, 11/13/2018
Comment0 comments  |  Read  |  Post a Comment
Sophisticated Campaign Targets Pakistan's Air Force
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Espionage campaign uses a variety of new evasion techniques.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/13/2018
Comment0 comments  |  Read  |  Post a Comment
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark ReadingNews
Facebook and Synack create programs to educate vets and grow employment opportunities while shrinking the cybersecurity talent gap.
By Kelly Sheridan Staff Editor, Dark Reading, 11/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Cyberattacks Top Business Risks in North America, Europe, EAP
Dark Reading Staff, Quick Hits
The World Economic Forum reports cyberattacks are a top enterprise concern following WannaCry and the rise of e-commerce.
By Dark Reading Staff , 11/12/2018
Comment0 comments  |  Read  |  Post a Comment
'CARTA': A New Tool in the Breach Prevention Toolbox
Christopher Acton, VP, Security Services and Customer Success, RiskSenseCommentary
Gartner's continuous adaptive risk and trust assessment for averting a data breach addresses the shortcomings of static security programs.
By Christopher Acton VP, Security Services and Customer Success, RiskSense, 11/12/2018
Comment0 comments  |  Read  |  Post a Comment
Inside CSAW, a Massive Student-Led Cybersecurity Competition
Kelly Sheridan, Staff Editor, Dark ReadingNews
Nearly 400 high school, undergraduate, and graduate students advance to the final round of New York University's CSAW games.
By Kelly Sheridan Staff Editor, Dark Reading, 11/9/2018
Comment0 comments  |  Read  |  Post a Comment
Dropbox Teams with Israeli Security Firm Coronet
Dark Reading Staff, Quick Hits
The partnership is expected to improve threat detection for Dropbox while growing Coronet's user base.
By Dark Reading Staff , 11/9/2018
Comment0 comments  |  Read  |  Post a Comment
What You Should Know About Grayware (and What to Do About It)
Curtis Franklin Jr., Senior Editor at Dark Reading
Grayware is a tricky security problem, but there are steps you can take to defend your organization when you recognize the risk.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/9/2018
Comment0 comments  |  Read  |  Post a Comment
Guilty Plea Made in Massive International Cell Phone Fraud Case
Dark Reading Staff, Quick Hits
A former West Palm Beach resident is the fifth defendant to plead guilty in a case involving thousands of victims.
By Dark Reading Staff , 11/9/2018
Comment0 comments  |  Read  |  Post a Comment
User Behavior Analytics Could Find a Home in the OT World of the IIoT
Satish Gannu, Chief Security Officer, ABBCommentary
The technology never really took off in IT, but it could be very helpful in the industrial world.
By Satish Gannu Chief Security Officer, ABB, 11/8/2018
Comment0 comments  |  Read  |  Post a Comment
Banking Malware Takes Aim at Brazilians
Dark Reading Staff, Quick Hits
Two malware distribution campaigns are sending banking Trojans to customers of financial institutions in Brazil.
By Dark Reading Staff , 11/8/2018
Comment0 comments  |  Read  |  Post a Comment
IT-to-OT Solutions That Can Bolster Security in the IIoT
Satish Gannu, Chief Security Officer, ABBCommentary
Industrial companies can use the hard-won, long-fought lessons of IT to leapfrog to an advanced state of Industrial Internet of Things security.
By Satish Gannu Chief Security Officer, ABB, 11/7/2018
Comment0 comments  |  Read  |  Post a Comment
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance WriterNews
Researchers say companies need to rethink their password training and take a more holistic approach to security.
By Steve Zurier Freelance Writer, 11/7/2018
Comment1 Comment  |  Read  |  Post a Comment
HSBC: Security Breach Exposes Account, Transaction Data
Dark Reading Staff, Quick Hits
Unauthorized users accessed HSBC accounts between Oct. 4 and 14, the bank reports in a letter to customers.
By Dark Reading Staff , 11/6/2018
Comment0 comments  |  Read  |  Post a Comment
Hidden Costs of IoT Vulnerabilities
Carl Nerup, Co-Founder and Chief Marketing Officer at CogCommentary
IoT devices have become part of our work and personal lives. Unfortunately, building security into these devices was largely an afterthought.
By Carl Nerup Co-Founder and Chief Marketing Officer at Cog, 11/6/2018
Comment1 Comment  |  Read  |  Post a Comment
7 Non-Computer Hacks That Should Never Happen
Steve Zurier, Freelance Writer
From paper to IoT, security researchers offer tips for protecting common attack surfaces that you're probably overlooking.
By Steve Zurier Freelance Writer, 11/5/2018
Comment1 Comment  |  Read  |  Post a Comment
Microsoft, Amazon Top BEC's Favorite Brands
Kelly Sheridan, Staff Editor, Dark ReadingNews
When attackers want to impersonate a brand via email, the majority turn to Microsoft and Amazon because of their ubiquity in enterprise environments.
By Kelly Sheridan Staff Editor, Dark Reading, 11/1/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-2491
PUBLISHED: 2018-11-13
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps...
CVE-2018-2473
PUBLISHED: 2018-11-13
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVE-2018-2476
PUBLISHED: 2018-11-13
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
CVE-2018-2477
PUBLISHED: 2018-11-13
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
CVE-2018-2478
PUBLISHED: 2018-11-13
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands execut...