Endpoint

News & Commentary
Actor Advertises Japanese PII on Chinese Underground
Kelly Sheridan, Staff Editor, Dark ReadingNews
The dataset contains 200 million rows of information stolen from websites across industries, likely via opportunistic access.
By Kelly Sheridan Staff Editor, Dark Reading, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
Syrian Electronic Army Members Indicted for Conspiracy
Dark Reading Staff, Quick Hits
Two men have been charged for their involvement in a plot to commit computer hacking as members of the Syrian Electronic Army.
By Dark Reading Staff , 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
How to Hang Up on Fraud
Patrick Cox, Chairman and CEO of TRUSTIDCommentary
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
By Patrick Cox Chairman and CEO of TRUSTID, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
Get Ready for 'WannaCry 2.0'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Another widespread worm attack is "inevitable," but spreading a different more lucrative or destructive payload, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
By Kelly Sheridan Staff Editor, Dark Reading, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
The Risks of Remote Desktop Access Are Far from Remote
Matt Ahrens,  Security Team Leader at CoalitionCommentary
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
By Matt Ahrens Security Team Leader at Coalition, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Tanium's Valuation Reaches $5 Billion With New Investment
Dark Reading Staff, Quick Hits
Tanium has received a $175 million investment from TPG Growth.
By Dark Reading Staff , 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
California Teen Arrested for Phishing Teachers to Change Grades
Dark Reading Staff, Quick Hits
The student faces 14 felony counts for using a phishing campaign to steal teachers' credentials and alter students' grades.
By Dark Reading Staff , 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
7 Tools for Stronger IoT Security, Visibility
Curtis Franklin Jr., Senior Editor at Dark Reading
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
Newly Discovered Malware Targets Telegram Desktop
Kelly Sheridan, Staff Editor, Dark ReadingNews
Russian-speaking attacker behind new malware capable of lifting credentials, cookies, desktop cache, and key files.
By Kelly Sheridan Staff Editor, Dark Reading, 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
FIDO Alliance Appoints Facebook to Board of Directors
Dark Reading Staff, Quick Hits
Facebook joins Google, Microsoft, Amazon, and Intel, all among major influential tech companies backing FIDO authentication.
By Dark Reading Staff , 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
IT Pros Worried About IoT But Not Prepared to Secure It
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Few organizations have a security policy in place for Internet of Things devices, new survey shows.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Rail Europe Notifies Riders of Three-Month Data Breach
Dark Reading Staff, Quick Hits
Rail Europe North America alerts customers to a security incident in which hackers planted card-skimming malware on its website.
By Dark Reading Staff , 5/15/2018
Comment0 comments  |  Read  |  Post a Comment
New DDoS Attack Method Leverages UPnP
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
'Lock down UPnP routers,' researchers say.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/15/2018
Comment0 comments  |  Read  |  Post a Comment
Smashing Silos and Building Bridges in the IT-Infosec Divide
Kelly Sheridan, Staff Editor, Dark ReadingNews
A strong relationship between IT and security leads to strong defense, but it's not always easy getting the two to collaborate.
By Kelly Sheridan Staff Editor, Dark Reading, 5/14/2018
Comment0 comments  |  Read  |  Post a Comment
'EFAIL' Email Encryption Flaw Research Stirs Debate
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A newly revealed vulnerability in email encryption is a big problem for a small subset of users.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/14/2018
Comment0 comments  |  Read  |  Post a Comment
Facebook Suspends 200 Apps
Dark Reading Staff, Quick Hits
Thousands of apps have been investigated as Facebook determines which had access to large amounts of user data before its 2014 policy changes.
By Dark Reading Staff , 5/14/2018
Comment0 comments  |  Read  |  Post a Comment
Chili's Suffers Data Breach
Dark Reading Staff, Quick Hits
The restaurant believes malware was used to collect payment card data including names and credit or debit numbers.
By Dark Reading Staff , 5/14/2018
Comment0 comments  |  Read  |  Post a Comment
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe GroupCommentary
There's a major disconnect between Internet of Things governance and risk management, according to a new report. Follow these five steps to address the risks.
By Charlie Miller Senior Vice President, The Santa Fe Group, 5/14/2018
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11311
PUBLISHED: 2018-05-20
A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials.
CVE-2018-11319
PUBLISHED: 2018-05-20
Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be exploited for arbitrary code execution via a malicious gcc plugin, if an attacker has write access to ...
CVE-2018-11242
PUBLISHED: 2018-05-20
An issue was discovered in the MakeMyTrip application 7.2.4 for Android. The databases (locally stored) are not encrypted and have cleartext that might lead to sensitive information disclosure, as demonstrated by data/com.makemytrip/databases and data/com.makemytrip/Cache SQLite database files.
CVE-2018-11315
PUBLISHED: 2018-05-20
The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a ho...
CVE-2018-11239
PUBLISHED: 2018-05-19
An integer overflow in the _transfer function of a smart contract implementation for Hexagon (HXG), an Ethereum ERC20 token, allows attackers to accomplish an unauthorized increase of digital assets by providing a _to argument in conjunction with a large _value argument, as exploited in the wild in ...