Endpoint
News & Commentary
Microsoft Rolls Out AI-based Security Risk Detection Tool
Kelly Sheridan, Associate Editor, Dark ReadingNews
Microsoft Security Risk Detection leverages artificial intelligence to root out bugs in software before it's released.
By Kelly Sheridan Associate Editor, Dark Reading, 7/21/2017
Comment2 comments  |  Read  |  Post a Comment
Speed of Windows 10 Adoption Not Affected by WannaCry
Kelly Sheridan, Associate Editor, Dark ReadingNews
WannaCry has motivated security teams to stay current on patching but Windows 10 adoption remains the same.
By Kelly Sheridan Associate Editor, Dark Reading, 7/21/2017
Comment1 Comment  |  Read  |  Post a Comment
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
BEC Attacks Far More Lucrative than Ransomware over Past 3 Years
Dawn Kawamoto, Associate Editor, Dark ReadingNews
BEC fraud netted cyberthieves five times more profit than ransomware over a three-year period, according to Cisco's midyear report released today.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/20/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Office 365 Users Targeted in Brute Force Attacks
Dark Reading Staff, Quick Hits
Attackers leveraged popular cloud service platforms to conduct persistent - and stealthy - login attempts on corporate Office 365 accounts.
By Dark Reading Staff , 7/20/2017
Comment2 comments  |  Read  |  Post a Comment
'AVPass' Sneaks Malware Past Android Antivirus Apps
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers at Black Hat USA will release a toolset that studies and then cheats specific Android AV apps.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
Online Courses Projected to Drive Credit Card Fraud to $24B by 2018
Kelly Sheridan, Associate Editor, Dark ReadingNews
An underground ecosystem provides cybercriminals with online tutorials, tools, and credit card data they need to commit fraud.
By Kelly Sheridan Associate Editor, Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
Best of Black Hat: 20 Epic Talks in 20 Years
Kelly Sheridan, Associate Editor, Dark Reading
In celebration of Black Hat's 20th birthday, we take a look back at the most memorable presentations and demos since the show's inception in 1997.
By Kelly Sheridan Associate Editor, Dark Reading, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
Most Office 365 Admins Rely on Recycle Bin for Data Backup
Kelly Sheridan, Associate Editor, Dark ReadingNews
Nearly 66% of Office 365 administrators use Recycle Bin to back up their data, a practice that could leave data lost and unrecoverable.
By Kelly Sheridan Associate Editor, Dark Reading, 7/19/2017
Comment5 comments  |  Read  |  Post a Comment
4 Steps to Securing Citizen-Developed Apps
Mike Lemire, Compliance & Information Security Officer at  Quick BaseCommentary
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
By Mike Lemire Compliance & Information Security Officer at Quick Base, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
IoT Security Incidents Rampant and Costly
Dawn Kawamoto, Associate Editor, Dark Reading
New research offers details about the hidden and not so hidden costs of defending the Internet of Things.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/18/2017
Comment0 comments  |  Read  |  Post a Comment
Researchers Create Framework to Evaluate Endpoint Security Products
Kelly Sheridan, Associate Editor, Dark ReadingNews
Black Hat USA researchers tested more than 30,000 types of malware to learn the effectiveness of endpoint security tools - and they'll demonstrate how they did it.
By Kelly Sheridan Associate Editor, Dark Reading, 7/17/2017
Comment0 comments  |  Read  |  Post a Comment
AWS S3 Breaches: What to Do & Why
Rob Enns, VP Engineering, Bracket ComputingCommentary
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
By Rob Enns VP Engineering, Bracket Computing, 7/17/2017
Comment0 comments  |  Read  |  Post a Comment
50,000 Machines Remain Vulnerable to EternalBlue Attacks
Kelly Sheridan, Associate Editor, Dark ReadingNews
Researcher's free scanner tool finds many systems remain at risk of EternalBlue-based attacks like WannaCry and NotPetya.
By Kelly Sheridan Associate Editor, Dark Reading, 7/14/2017
Comment0 comments  |  Read  |  Post a Comment
7 Deadly Sins to Avoid When Mitigating Cyberthreats
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
How digitally savvy organizations can take cyber resilience to a whole new dimension.
By Marc Wilczek Digital Strategist & CIO Advisor, 7/14/2017
Comment0 comments  |  Read  |  Post a Comment
The High Costs of GDPR Compliance
Chris Babel, CEO, TrustArcCommentary
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
By Chris Babel CEO, TrustArc, 7/11/2017
Comment0 comments  |  Read  |  Post a Comment
Symantec Snaps Up Skycure in Mobile Security Move
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Acquisition fills gap in Symantec's Apple iOS mobile security strategy - and addresses the future of 'mobile first,' Symantec CEO says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/11/2017
Comment0 comments  |  Read  |  Post a Comment
NotPetya: How to Prep and Respond if You're Hit
Kelly Sheridan, Associate Editor, Dark Reading
Security pros share practices to prepare and handle advanced malware attacks like NotPetya.
By Kelly Sheridan Associate Editor, Dark Reading, 7/7/2017
Comment4 comments  |  Read  |  Post a Comment
IoT Physical Attack Exploit to be Revealed at Black Hat
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Security researcher Billy Rios plans to demonstrate how an exploit can cause an IoT device to launch a physical attack against a human.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/7/2017
Comment1 Comment  |  Read  |  Post a Comment
The SOC Is DeadLong Live the SOC
Dan Koloski, Vice President, Oracle's Systems Management and Security  products groupCommentary
The traditional security operations center can't deal with present reality. We must rethink the concept in a way that prepares for the future.
By Dan Koloski Vice President, Oracle's Systems Management and Security products group, 7/7/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.