News & Commentary

Latest Content tagged with Endpoint
Page 1 / 2   >   >>
The Rx for HIPAA Compliance in the Cloud
Commentary  |  1/18/2019  | 
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Commentary  |  1/17/2019  | 
The network no longer provides an air gap against external threats, but access devices can take up the slack.
'We Want IoT Security Regulation,' Say 95% of IT Decision-Makers
News  |  1/17/2019  | 
New global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.
Simulating Lateral Attacks Through Email
Commentary  |  1/17/2019  | 
A skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.
Oklahoma Data Leak Compromises Years of FBI Data
Quick Hits  |  1/16/2019  | 
The Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.
Fortnite Players Compromised Via Epic Games Vulnerability
News  |  1/16/2019  | 
Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.
Online Fraud: Now a Major Application Layer Security Problem
Commentary  |  1/15/2019  | 
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
US Judge: Police Can't Force Biometric Authentication
Quick Hits  |  1/15/2019  | 
Law enforcement cannot order individuals to unlock devices using facial or fingerprint scans, a California judge says.
7 Privacy Mistakes That Keep Security Pros on Their Toes
Slideshows  |  1/15/2019  | 
When it comes to privacy, it's the little things that can lead to big mishaps.
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
Commentary  |  1/14/2019  | 
In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.
NotPetya Victim Mondelez Sues Zurich Insurance for $100 Million
Quick Hits  |  1/11/2019  | 
Mondelez files lawsuit after Zurich rejects claim for damages from massive ransomware attack.
Kudos to the Unsung Rock Stars of Security
Commentary  |  1/11/2019  | 
It is great to have heroes, but the real security heroes are the men and women who keep the bad guys out while fighting their own organizations at the same time.
Reddit Alerts Users to Possible Account Breaches
Quick Hits  |  1/10/2019  | 
User lockouts, combined with requirements for new passwords, indicate an attack on accounts at the popular social media platform.
Ryuk Ransomware Attribution May Be Premature
News  |  1/10/2019  | 
The eagerness to tie recent Ryuk ransomware attacks to a specific group could be rushed, researchers say.
Election Security Isn't as Bad as People Think
Commentary  |  1/10/2019  | 
Make no mistake, however: We'll always have to be on guard. And we can take some lessons from the world of industrial cybersecurity.
Consumers Demand Security from Smart Device Makers
News  |  1/10/2019  | 
Poll shows individuals want better security from IoT device manufacturers as connected products flood the market.
Google: G Suite Now Alerts Admins to Data Exfiltration
Quick Hits  |  1/10/2019  | 
New additions to the G Suite alert center are intended to notify admins of phishing and data exports.
6 Best Practices for Managing an Online Educational Infrastructure
Commentary  |  1/10/2019  | 
Universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information.
Security Concerns Limit Remote Work Opportunities
Quick Hits  |  1/9/2019  | 
When companies limit the remote work options that they know will benefit the organization, security concerns are often to blame.
Magecart Mayhem Continues in OXO Breach
Quick Hits  |  1/9/2019  | 
The home goods company confirmed users' data may have been compromised during multiple time frames over a two-year period.
Remote Code Execution Bugs Are Primary Focus of January Patch Tuesday
News  |  1/8/2019  | 
This month's security update includes seven patches ranked Critical and one publicly known vulnerability.
Your Life Is the Attack Surface: The Risks of IoT
Commentary  |  1/8/2019  | 
To protect yourself, you must know where you're vulnerable and these tips can help.
Humana Breaches Reflect Chronic Credential Theft in Healthcare
News  |  1/8/2019  | 
A series of 2018 cybersecurity incidents shows credential stuffing is a trend to watch among healthcare organizations.
Security Matters When It Comes to Mergers & Acquisitions
Commentary  |  1/8/2019  | 
The recently disclosed Marriott breach exposed a frequently ignored issue in the M&A process.
Report: Consumers Buy New Smart Devices But Don't Trust Them
Quick Hits  |  1/7/2019  | 
The gap between acceptance and trust for new smart devices is huge, according to a new survey.
Akamai Streamlines Identity Management with Janrain Acquisition
Quick Hits  |  1/7/2019  | 
Akamai plans to combine Janrain's Identity Cloud with its Intelligent Platform to improve identity management.
Threat of a Remote Cyberattack on Today's Aircraft Is Real
Commentary  |  1/7/2019  | 
We need more stringent controls and government action to prevent a catastrophic disaster.
Managing Security in Today's Compliance and Regulatory Environment
Commentary  |  1/4/2019  | 
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
Microsoft's 'Project Bali' Wants to Let You Control Your Data
News  |  1/4/2019  | 
Currently in private beta, Bali is designed to give users control over the data Microsoft collects about them.
Emotet Malware Gets More Aggressive
News  |  1/3/2019  | 
Emotet's operators have been adding new capabilities, making the malware now even more dangerous to its enterprise targets.
Android Malware Hits Victims in 196 Countries
Quick Hits  |  1/3/2019  | 
Malware disguised as games and utilities struck more than 100,000 victims before being taken out of Google Play.
Town of Salem Game Breached, 7.6M Players Affected
Quick Hits  |  1/3/2019  | 
BlankMediaGames disclosed a data breach that affects millions using the browser-based role-playing game.
Redefining Critical Infrastructure for the Age of Disinformation
Commentary  |  1/3/2019  | 
In an era of tighter privacy laws, it's important to create an online environment that uses threat intelligence productively to defeat disinformation campaigns and bolster democracy.
Cyberattack Halts Publication for US Newspapers
News  |  1/2/2019  | 
A virus disrupted print and delivery for the Chicago Tribune, Los Angeles Times, Baltimore Sun, and other US publications this weekend.
Data on 997 North Korean Defectors Targeted in Hack
Quick Hits  |  1/2/2019  | 
Nearly 1,000 North Koreans who defected to South Korea had personal data compromised by an unknown attacker.
US-CERT Offers Tips for Securing Internet-Connected Holiday Gifts
Quick Hits  |  1/2/2019  | 
Key steps to making those home Internet of Things devices just a bit safer.
25 Years Later: Looking Back at the First Great (Cyber) Bank Heist
Commentary  |  1/2/2019  | 
The Citibank hack in 1994 marked a turning point for banking -- and cybercrime -- as we know it. What can we learn from looking back at the past 25 years?
Start Preparing Now for the Post-Quantum Future
Commentary  |  12/28/2018  | 
Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.
IoT Bug Grants Access to Home Video Surveillance
Quick Hits  |  12/27/2018  | 
Due to a shared Amazon S3 credential, all users of a certain model of the Guardzilla All-In-One Video Security System can view each other's videos.
Attackers Use Google Cloud to Target US, UK Banks
Quick Hits  |  12/26/2018  | 
Employees at financial services firms hit with an email attack campaign abusing a Google Cloud storage service.
Spending Spree: What's on Security Investors' Minds for 2019
News  |  12/26/2018  | 
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
6 Ways to Anger Attackers on Your Network
Slideshows  |  12/26/2018  | 
Because you can't hack back without breaking the law, these tactics will frustrate, deceive, and annoy intruders instead.
Unpatched Kernel-Level Vuln in IBM Security Tool for Apple MacOS Revealed
Quick Hits  |  12/21/2018  | 
Researchers disclose signedness bug in driver used by IBM Trusteer Rapport endpoint security tool after IBM fails to deliver timely patch.
Amazon Slip-Up Shows How Much Alexa Really Knows
Quick Hits  |  12/21/2018  | 
Amazon mistakenly sent one user's Alexa recordings to a stranger but neglected to disclose the error.
Criminals Move Markets to Remain in the Shadows
News  |  12/21/2018  | 
While malware families and targets continue to evolve, the most important shift might be happening in the background.
Hackers Bypass Gmail, Yahoo 2FA at Scale
Quick Hits  |  12/20/2018  | 
A new Amnesty International report explains how cyberattackers are phishing second-factor authentication codes sent via SMS.
Automating a DevOps-Friendly Security Policy
Commentary  |  12/20/2018  | 
There can be a clash of missions between security and IT Ops teams, but automation can help.
Privacy Futures: Fed-up Consumers Take Their Data Back
Commentary  |  12/19/2018  | 
In 2019, usable security will become the new buzzword and signal a rejection of the argument that there must be a trade-off between convenience and security and privacy.
Facebook Data Deals Extend to Microsoft, Amazon, Netflix
Quick Hits  |  12/19/2018  | 
An explosive new report sheds light on data-sharing deals that benefited 150 companies as Facebook handed over unknowing users' information.
Cybersecurity in 2019: From IoT & Struts to Gray Hats & Honeypots
Commentary  |  12/19/2018  | 
While you prepare your defenses against the next big thing, also pay attention to the longstanding threats that the industry still hasn't put to rest.
Page 1 / 2   >   >>


How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He just showed up at my doorstep one day without a geotag."
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.