Endpoint

News & Commentary
Facebook Awards $1M for Defense-Based Research
Dark Reading Staff, Quick Hits
The company today awarded $200,000 to winners of the Internet Defense Prize after spending $800,000 on the Secure the Internet grants.
By Dark Reading Staff , 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
Overcoming 'Security as a Silo' with Orchestration and Automation
Jen Andre, Senior Director at Rapid7Commentary
When teams work in silos, the result is friction and miscommunication. Automation changes that.
By Jen Andre Senior Director at Rapid7, 8/16/2018
Comment0 comments  |  Read  |  Post a Comment
2018 Pwnie Awards: Who Pwned, Who Got Pwned
Kelly Sheridan, Staff Editor, Dark Reading
A team of security experts round up the best and worst of the year in cybersecurity at Black Hat 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/15/2018
Comment0 comments  |  Read  |  Post a Comment
Gartner Says IT Security Spending to Hit $124B in 2019
Dark Reading Staff, Quick Hits
Global IT security spending will grow 12.4% in 2018 and another 8.7% in 2019.
By Dark Reading Staff , 8/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Instagram Hack: Hundreds Affected, Russia Suspected
Dark Reading Staff, Quick Hits
Affected users report the email addresses linked to their Instagram accounts were changed to .ru domains.
By Dark Reading Staff , 8/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Flaws in Mobile Point of Sale Readers Displayed at Black Hat
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
While security is high overall for mPOS tools from companies like Square, PayPal, and iZettle, some devices have vulnerabilities that attackers could exploit to gather data and cash.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft ADFS Vulnerability Lets Attackers Bypass MFA
Kelly Sheridan, Staff Editor, Dark ReadingNews
The flaw lets an attacker use the same second factor to bypass multifactor authentication for any account on the same ADFS service.
By Kelly Sheridan Staff Editor, Dark Reading, 8/14/2018
Comment1 Comment  |  Read  |  Post a Comment
'Election Protection' Aims to Secure Candidates Running for Office
Dark Reading Staff, Quick Hits
The kit is designed to prevent credential theft targeting people running for federal, state, and local elected offices.
By Dark Reading Staff , 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
Social Engineers Show Off Their Tricks
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts in deception shared tricks of the trade and showed their skills at Black Hat and DEF CON 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
Nigerian National Convicted for Phishing US Universities
Dark Reading Staff, Quick Hits
Olayinka Olaniyi and his co-conspirator targeted the University of Virginia, Georgia Tech, and other educational institutions.
By Dark Reading Staff , 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
FBI Warns of Cyber Extortion Scam
Dark Reading Staff, Quick Hits
Spear-phishing techniques are breathing new life into an old scam.
By Dark Reading Staff , 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
NSA Brings Nation-State Details to DEF CON
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Hackers were eager to hear the latest from the world of nation-state cybersecurity.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
The Enigma of AI & Cybersecurity
Dr. Dongyan Wang, Chief AI Officer at DeepBrain ChainCommentary
We've only seen the beginning of what artificial intelligence can do for information security.
By Dr. Dongyan Wang Chief AI Officer at DeepBrain Chain, 8/10/2018
Comment0 comments  |  Read  |  Post a Comment
Oh, No, Not Another Security Product
Paul Stokes, Founder & CEO of Prevalent AICommentary
Let's face it: There are too many proprietary software options. Addressing the problem will require a radical shift in focus.
By Paul Stokes Founder & CEO of Prevalent AI, 8/9/2018
Comment1 Comment  |  Read  |  Post a Comment
White Hat to Black Hat: What Motivates the Switch to Cybercrime
Kelly Sheridan, Staff Editor, Dark ReadingNews
Almost one in 10 security pros in the US have considered black hat work, and experts believe many dabble in criminal activity for financial gain or employer retaliation.
By Kelly Sheridan Staff Editor, Dark Reading, 8/8/2018
Comment1 Comment  |  Read  |  Post a Comment
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Kelly Sheridan, Staff Editor, Dark ReadingNews
Google engineering director Parisa Tabriz took the Black Hat keynote stage to detail the Chrome transition and share advice with security pros.
By Kelly Sheridan Staff Editor, Dark Reading, 8/8/2018
Comment6 comments  |  Read  |  Post a Comment
Understanding Firewalls: Build Them Up, Tear Them Down
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A presentation at Black Hat USA will walk attendees through developing a firewall for MacOS, and then poking holes in it.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/8/2018
Comment0 comments  |  Read  |  Post a Comment
Shadow IT: Every Company's 3 Hidden Security Risks
Adam Marre,  Information Security Operations Leader, QualtricsCommentary
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
By Adam Marre Information Security Operations Leader, Qualtrics, 8/7/2018
Comment1 Comment  |  Read  |  Post a Comment
Facebook Launches Fizz Library for Dev Speed, Security
Dark Reading Staff, Quick Hits
New open source TLS library aims to help developers incorporate speed and security into apps and services.
By Dark Reading Staff , 8/6/2018
Comment0 comments  |  Read  |  Post a Comment
IT Managers: Are You Keeping Up with Social-Engineering Attacks?
Larry Ponemon, Chairman and Founder, Ponemon Institute, and 3M Privacy ConsultantCommentary
Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.
By Larry Ponemon Chairman and Founder, Ponemon Institute, and 3M Privacy Consultant, 8/6/2018
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
The Data Security Landscape Is Shifting: Is Your Company Prepared?
Francis Dinha, CEO & Co-Founder of OpenVPN,  8/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11771
PUBLISHED: 2018-08-16
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream,...
CVE-2018-1715
PUBLISHED: 2018-08-16
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 14700...
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.