Endpoint

News & Commentary
Iranian Hackers Target Nuclear Experts, US Officials
Dark Reading Staff, Quick Hits
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
By Dark Reading Staff , 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Who Are You, Really? A Peek at the Future of Identity
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
By Kelly Sheridan Staff Editor, Dark Reading, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Retailers: Avoid the Hackable Holidaze
Fred Kneip, CEO at CyberGRXCommentary
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
By Fred Kneip CEO at CyberGRX, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading
Security pundits predict the ways that cybercriminals, nation-state actors, and other attackers will refine their tactics, techniques, and procedures in the coming year.
By Ericka Chickowski Contributing Writer, Dark Reading, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Setting the Table for Effective Cybersecurity: 20 Culinary Questions
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
Even the best chefs will produce an inferior product if they begin with the wrong ingredients.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Education Gets an 'F' for Cybersecurity
Dark Reading Staff, Quick Hits
The education sector falls last on a list analyzing the security posture of 17 US industries, SecurityScorecard reports.
By Dark Reading Staff , 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
The Economics Fueling IoT (In)security
Ariel Kriger, VP Business Development at VDOOCommentary
Attackers understand the profits that lie in the current lack of security. That must change.
By Ariel Kriger VP Business Development at VDOO, 12/13/2018
Comment0 comments  |  Read  |  Post a Comment
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Good password practices remain elusive as Dashlane's latest list of the worst password blunders can attest.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018
Comment3 comments  |  Read  |  Post a Comment
Bug Hunting Paves Path to Infosec Careers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Ethical hackers use bug bounty programs to build the skills they need to become security professionals.
By Kelly Sheridan Staff Editor, Dark Reading, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Mac Malware Cracks WatchGuards Top 10 List
Steve Zurier, Freelance WriterNews
Hundreds of sites also still support insecure versions of the SSL encryption protocol, the security vendor reports.
By Steve Zurier Freelance Writer, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft, PayPal, Google Top Phishing's Favorite Targets in Q3
Dark Reading Staff, Quick Hits
One out of every 100 emails an enterprise receives is a phishing scam, and the attackers behind them are getting more sophisticated.
By Dark Reading Staff , 12/12/2018
Comment1 Comment  |  Read  |  Post a Comment
Forget Shifting Security Left; It's Time to Race Left
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
Once DevOps teams decide to shift left, they can finally look forward instead of backward.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 12/12/2018
Comment0 comments  |  Read  |  Post a Comment
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading
Constant learning is a requirement for cybersecurity professionals. Here are 15 books recommended by professionals to continue a professional's education.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/12/2018
Comment5 comments  |  Read  |  Post a Comment
Patch Tuesday Arrives with 9 Critical CVEs, 1 Under Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Serious bugs addressed today include a Win32K privilege escalation vulnerability and Windows DNS server heap overflow flaw.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
Grammarly Takes Bug Bounty Program Public
Dark Reading Staff, Quick Hits
The private bug bounty program has nearly 1,500 participants and is ready for a public rollout with HackerOne.
By Dark Reading Staff , 12/11/2018
Comment0 comments  |  Read  |  Post a Comment
DanaBot Malware Adds Spam to its Menu
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new generation of modular malware increases its value to criminals.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
'Highly Active' Seedworm Group Hits IT Services, Governments
Kelly Sheridan, Staff Editor, Dark ReadingNews
Since September, the cyber espionage actors have targeted more than 130 victims in 30 organizations including NGOs, oil and gas, and telecom businesses.
By Kelly Sheridan Staff Editor, Dark Reading, 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
'Dr. Shifro' Prescribes Fake Ransomware Cure
Dark Reading Staff, Quick Hits
A Russian firm aims to capitalize on ransomware victims' desperation by offering to unlock files then passing money to attackers.
By Dark Reading Staff , 12/10/2018
Comment0 comments  |  Read  |  Post a Comment
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher demonstrates how attackers could steal data from smartphones while they're charging.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/8/2018
Comment3 comments  |  Read  |  Post a Comment
Iranian Nationals Charged for Atlanta Ransomware Attack
Dark Reading Staff, Quick Hits
The March attack used SamSam ransomware to infect 3,789 computers.
By Dark Reading Staff , 12/7/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19007
PUBLISHED: 2018-12-14
In Geutebrueck GmbH E2 Camera Series versions prior to 1.12.0.25 the DDNS configuration (in the Network Configuration panel) is vulnerable to an OS system command injection as root.
CVE-2018-20147
PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, authors could modify metadata to bypass intended restrictions on deleting files.
CVE-2018-20148
PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata.
CVE-2018-20149
PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS.
CVE-2018-20150
PUBLISHED: 2018-12-14
In WordPress versions before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins.