Endpoint //


News & Commentary
Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent
Dark Reading Staff, Quick Hits
The social media giant says it did not access the imported data and is notifying affected users.
By Dark Reading Staff , 4/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Benefiting from Data Privacy Investments
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 4/16/2019
Comment0 comments  |  Read  |  Post a Comment
Home Office Apologizes for EU Citizen Data Exposure
Dark Reading Staff, Quick Hits
The Home Office has admitted to compromising private email addresses belonging to EU citizens hoping to settle in the UK.
By Dark Reading Staff , 4/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Senate Bill Would Ban Social Networks' Social Engineering Tricks
Dark Reading Staff, Quick Hits
Bill takes aim at tactics used to convince people to give up their personal data, designing games that addict kids, and more.
By Dark Reading Staff , 4/10/2019
Comment0 comments  |  Read  |  Post a Comment
Credential-Stuffing Attacks Behind 30 Billion Login Attempts in 2018
Robert Lemos, Technology Journalist/Data ResearcherNews
Using e-mail addresses and passwords from compromised sites, attackers most often targeted retail sites, video-streaming services, and entertainment companies, according to Akamai.
By Robert Lemos , 4/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Products Under EU Investigation About Data Collection
Dark Reading Staff, Quick Hits
A new inquiry aims to determine whether contracts between Microsoft and EU organizations violate GDPR.
By Dark Reading Staff , 4/8/2019
Comment2 comments  |  Read  |  Post a Comment
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
By Andrea Little Limbago Chief Social Scientist, Virtru, 3/26/2019
Comment1 Comment  |  Read  |  Post a Comment
A Glass Ceiling? Not in Privacy
Rita Heimes, Data Protection Officer, Research Director & General Counsel, IAPPCommentary
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.
By Rita Heimes Data Protection Officer, Research Director & General Counsel, IAPP, 3/25/2019
Comment0 comments  |  Read  |  Post a Comment
Facebook Employees for Years Could See Millions of User Passwords in Plain Text
Dark Reading Staff, Quick Hits
2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.
By Dark Reading Staff , 3/21/2019
Comment6 comments  |  Read  |  Post a Comment
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Joram Borenstein & Rebecca Weintraub, General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical SchoolCommentary
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
By Joram Borenstein & Rebecca Weintraub General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical School, 3/21/2019
Comment1 Comment  |  Read  |  Post a Comment
TLS 1.3: A Good News/Bad News Scenario
Paula Musich, Research Director, Enterprise Management AssociatesCommentary
Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.
By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
US Prosecutors Investigate Facebook's Data-Sharing Deals
Dark Reading Staff, Quick Hits
The news follows a long, tumultuous period of scandal around Facebook and its privacy practices.
By Dark Reading Staff , 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
The Case for Transparency in End-User License Agreements
Lysa Myers, Security Researcher, ESETCommentary
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.
By Lysa Myers Security Researcher, ESET, 3/13/2019
Comment0 comments  |  Read  |  Post a Comment
Debunking 5 Myths About Zero Trust Security
Torsten George, Cybersecurity Evangelist at CentrifyCommentary
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
By Torsten George Cybersecurity Evangelist at Centrify, 3/7/2019
Comment0 comments  |  Read  |  Post a Comment
Facebook Plans Makeover as Privacy-Focused Network
Dark Reading Staff, Quick Hits
CEO Mark Zuckerberg published a lengthy post detailing the company's shift from open platform to privacy-focused communications.
By Dark Reading Staff , 3/6/2019
Comment1 Comment  |  Read  |  Post a Comment
Artificial Intelligence: The Terminator of Malware
Chris Rouland, Co-Founder and Chief Executive Officer at Phosphorus CybersecurityCommentary
Is it possible that the combination of AI, facial recognition, and the coalescence of global mass-hack data could lead us toward a Skynet-like future?
By Chris Rouland Co-Founder and Chief Executive Officer at Phosphorus Cybersecurity, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Startup Armor Scientific Launches Multifactor Identity System
Robert Lemos, Technology Journalist/Data ResearcherNews
Company aims to replace usernames and passwords by combining GPS location, biometrics, and keys issued through a blockchain-based network.
By Robert Lemos Technology Journalist/Data Researcher, 3/4/2019
Comment0 comments  |  Read  |  Post a Comment
Encryption Offers Safe Haven for Criminals and Malware
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The same encryption that secures private enterprise data also provides security to malware authors and criminal networks.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/1/2019
Comment0 comments  |  Read  |  Post a Comment
New Legislation Builds on California Data Breach Law
Dark Reading Staff, Quick Hits
This bill requires businesses to notify consumers of compromised passport numbers and biometric data.
By Dark Reading Staff , 2/22/2019
Comment19 comments  |  Read  |  Post a Comment
Post-Quantum Crypto Standards Arent All About the Math
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The industry needs to keep in mind the realities of hardware limits and transitional growing pains, according to Microsoft, Utimaco researchers.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/15/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by KevinStanley
Current Conversations Absolutely. 
In reply to: Re: This is the cloud
Post Your Own Reply
More Conversations
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Former Student Admits to USB Killer Attack
Dark Reading Staff 4/18/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-04-18
MKCMS 5.0 allows remote attackers to take over arbitrary user accounts by posting a username and e-mail address to ucenter/repass.php, which triggers e-mail transmission with the password, as demonstrated by 123456.
PUBLISHED: 2019-04-18
WAC on the Sangfor Sundray WLAN Controller version and earlier has a Remote Code Execution issue allowing remote attackers to achieve full access to the system, because shell metacharacters in the nginx_webconsole.php Cookie header can be used to read an etc/config/wac/wns_cfg_admin_detail.x...
PUBLISHED: 2019-04-18
A vulnerability was found in the MIUI OS version that allows a physically proximate attacker to bypass Lockscreen based authentication via the Wallpaper Carousel application to obtain sensitive Clipboard data and the user's stored credentials (partially). This occurs because of paste access...
PUBLISHED: 2019-04-18
Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.
PUBLISHED: 2019-04-18
WAC on the Sangfor Sundray WLAN Controller version and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).