Endpoint
News & Commentary
Emerging Threats to Add to Your Security Radar Screen
Kelly Sheridan, Associate Editor, Dark ReadingNews
The cybersecurity threat landscape is poised to grow in size and complexity - what to look out for.
By Kelly Sheridan Associate Editor, Dark Reading, 5/22/2017
Comment0 comments  |  Read  |  Post a Comment
Researcher Creates Tool to Unlock WannaCry-Infected Windows XP Files
Dark Reading Staff, Quick Hits
A security researcher appears to have discovered a flaw in WannaCry that may provide Windows XP victims of the attack with a way to unlock their files.
By Dark Reading Staff , 5/19/2017
Comment0 comments  |  Read  |  Post a Comment
Ransomware Rocks Endpoint Security Concerns
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Meanwhile, threat detection technologies are evolving that can help security teams spot incidents more efficiently.
By Dawn Kawamoto Associate Editor, Dark Reading, 5/19/2017
Comment0 comments  |  Read  |  Post a Comment
Deconstructing the 2016 Yahoo Security Breach
Jacob Olcott, VP, Strategic Partnerships, BitSightCommentary
One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.
By Jacob Olcott VP, Strategic Partnerships, BitSight, 5/19/2017
Comment0 comments  |  Read  |  Post a Comment
Don't Forget Basic Security Measures, Experts Say
Kelly Sheridan, Associate Editor, Dark ReadingNews
Some security leaders argue there is little point in worrying about emerging threats when businesses can't defend against today's attacks.
By Kelly Sheridan Associate Editor, Dark Reading, 5/18/2017
Comment1 Comment  |  Read  |  Post a Comment
All Generations, All Risks, All Contained: A How-To Guide
Stan Black, CSO, CitrixCommentary
Organizations must have a security plan that considers all of their employees.
By Stan Black CSO, Citrix, 5/18/2017
Comment1 Comment  |  Read  |  Post a Comment
FireEye CEO Mandia Talks Rapid Rise of Nation-State Threats
Kelly Sheridan, Associate Editor, Dark ReadingNews
FireEye CEO Kevin Mandia at Interop ITX discussed changes in the geopolitical threat landscape and how attackers target their victims.
By Kelly Sheridan Associate Editor, Dark Reading, 5/17/2017
Comment0 comments  |  Read  |  Post a Comment
Survey: Unpatched Windows OS on the Rise
Dark Reading Staff, Quick Hits
Despite the rise in vulnerabilities, the percentage of unpatched Windows operating systems grew in the first quarter compared to the previous year.
By Dark Reading Staff , 5/17/2017
Comment0 comments  |  Read  |  Post a Comment
The Fundamental Flaw in TCP/IP: Connecting Everything
Jeff Hussey, President & CEO, Tempered NetworksCommentary
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
By Jeff Hussey President & CEO, Tempered Networks, 5/17/2017
Comment4 comments  |  Read  |  Post a Comment
WannaCry's 'Kill Switch' May Have Been a Sandbox-Evasion Tool
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Massive ransomware worm attack appears to have come with a poorly planned anti-analysis feature.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/16/2017
Comment1 Comment  |  Read  |  Post a Comment
DocuSign's Brand Used in Phishing Attacks
Dark Reading Staff, Quick Hits
The electronic signature company issued an update alert today that it noticed a rise in phishing attacks last week and this morning.
By Dark Reading Staff , 5/16/2017
Comment0 comments  |  Read  |  Post a Comment
FTC Launches 'Operation Tech Trap' to Catch Fraudsters
Dark Reading Staff, Quick Hits
The Federal Trade Commission has teamed up with law enforcement partners to crack down on tech support scams.
By Dark Reading Staff , 5/16/2017
Comment0 comments  |  Read  |  Post a Comment
Researchers Investigate Possible Connection Between WannaCry & North Korean Hacker Group
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Google, Kaspersky Lab and Symantec all have found common code in the WannaCry malware and that of the nation-state hackers behind the mega breach of Sony.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/15/2017
Comment0 comments  |  Read  |  Post a Comment
Your Grandma Could Be the Next Ransomware Millionaire
Brian Vecci, Technical Evangelist, Varonis SystemsCommentary
Today's as-a-service technology has democratized ransomware, offering practically anyone with a computer and an Internet connection an easy way to get in on the game.
By Brian Vecci Technical Evangelist, Varonis Systems, 5/15/2017
Comment3 comments  |  Read  |  Post a Comment
7 Florida Men Charged in Global Tech Support Scheme
Dark Reading Staff, Quick Hits
Federal fraud charges have been filed against seven men for their involvement in an international tech support scam.
By Dark Reading Staff , 5/12/2017
Comment0 comments  |  Read  |  Post a Comment
'WannaCry' Rapidly Moving Ransomware Attack Spreads to 74 Countries
Dawn Kawamoto, Associate Editor, Dark ReadingNews
A wave of ransomware infections took down a wide swath of UK hospitals and is rapidly moving across the globe.
By Dawn Kawamoto Associate Editor, Dark Reading, 5/12/2017
Comment4 comments  |  Read  |  Post a Comment
New Malware Uses GeoCities, North Korea Interest to Trick Victims
Kelly Sheridan, Associate Editor, Dark ReadingNews
A new threat called Baijiu leverages the GeoCities web service, and heightened interest in North Korea, to deceive victims.
By Kelly Sheridan Associate Editor, Dark Reading, 5/12/2017
Comment0 comments  |  Read  |  Post a Comment
Trump Issues Previously Delayed Cybersecurity Executive Order
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
EO calls for immediate review of federal agencies' security postures, adoption of the NIST Framework, and a focus on critical infrastructure security.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/11/2017
Comment0 comments  |  Read  |  Post a Comment
Keylogger Discovered in Some HP Laptops
Dark Reading Staff, Quick Hits
Researchers discovered the audio driver in some HP laptops contains a tool to record and save users' keystrokes.
By Dark Reading Staff , 5/11/2017
Comment0 comments  |  Read  |  Post a Comment
SSA Plans Stronger Website Authentication
Dark Reading Staff, Quick Hits
Starting in June 2017, the US Social Security Administration will require a more secure login process for SSA.gov.
By Dark Reading Staff , 5/11/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.