Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Endpoint
Page 1 / 2   >   >>
Microsoft Ignite Brings Security & Compliance Updates
News  |  3/2/2021  | 
Microsoft announces support for data loss prevention in Google Chrome, co-authoring of protected files, and more at Ignite 2021.
Thycotic and Centrify to Merge In $1.4B Deal
Quick Hits  |  3/2/2021  | 
TPG Capital will combine privileged access management providers into one company.
4 Ways Health Centers Can Stop the Spread of Cyberattacks
Commentary  |  3/2/2021  | 
Health centers must shift the perception of cyberattacks from potential risk to real threat in order to take the first step toward a safer, healthier security posture.
Building a Next-Generation SOC Starts With Holistic Operations
Commentary  |  3/1/2021  | 
The proper template for a modernized SOC team is one that operates seamlessly across domains with a singular, end-to-end view.
NSA Releases Guidance on Zero-Trust Architecture
Quick Hits  |  2/26/2021  | 
A new document provides guidance for businesses planning to implement a zero-trust system management strategy.
Thousands of VMware Servers Exposed to Critical RCE Bug
Quick Hits  |  2/25/2021  | 
Security experts report scanning activity targeting vulnerable vCenter servers after a researcher published proof-of-concept code.
5 Key Steps Schools Can Take to Defend Against Cyber Threats
Commentary  |  2/25/2021  | 
Educational institutions have become prime targets, but there are things they can do to stay safer.
The Realities of Extended Detection and Response (XDR) Technology
Commentary  |  2/24/2021  | 
While the term XDR has become pervasive, the technology and market remain a work in progress with lots of innovation and market confusion.
Universities Face Double Threat of Ransomware, Data Breaches
News  |  2/24/2021  | 
Lack of strong security policies put many schools at risk of compromise, disrupted services, and collateral damage.
3 Security Flaws in Smart Devices & IoT That Need Fixing
Commentary  |  2/24/2021  | 
The scope and danger of unsecured, Internet-connected hardware will only continue to deepen.
10K Targeted in Phishing Attacks Spoofing FedEx, DHL Express
Quick Hits  |  2/23/2021  | 
The two campaigns aimed to steal victims' business email account credentials by posing as the shipping companies.
8 Ways Ransomware Operators Target Your Network
Slideshows  |  2/22/2021  | 
Security researchers explore how criminals are expanding their arsenals with new, more subtle, and more effective ransomware attack techniques.
What Can Your Connected Car Reveal About You?
Commentary  |  2/22/2021  | 
App developers must take responsibility for the security of users' data.
Kia Denies Ransomware Attack as IT Outage Continues
Quick Hits  |  2/19/2021  | 
Kia Motors America states there is no evidence its recent systems outage was caused by a ransomware attack.
Attackers Already Targeting Apple's M1 Chip with Custom Malware
News  |  2/19/2021  | 
A proof-of-concept program infects systems with ARM64-compiled binaries and then reaches out to download additional functionality.
CrowdStrike Buys Log Management Startup Humio for $400M
Quick Hits  |  2/18/2021  | 
CrowdStrike plans to use Humio's technology to continue building out its extended detection and response platform.
Apple Offers Closer Look at Its Platform Security Technologies, Features
News  |  2/18/2021  | 
In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.
Hiding in Plain Sight: What the SolarWinds Attack Revealed About Efficacy
Commentary  |  2/18/2021  | 
Multilayered infiltration involved custom malicious tooling, backdoors, and cloaked code, far beyond the skills of script kiddies.
Virginia Takes Different Tack Than California With Data Privacy Law
Commentary  |  2/18/2021  | 
Online businesses targeting Virginia consumers and have personal data of 100,000 consumers in the state must conform to the new statute.
Kia Faces $20M DoppelPaymer Ransomware Attack
Quick Hits  |  2/17/2021  | 
Kia Motors America this week experienced a nationwide IT outage; now, reports indicate the company was hit with ransomware.
Enterprise Windows Threats Drop as Mac Attacks Rise: Report
News  |  2/17/2021  | 
An analysis of 2020 malware activity indicates businesses should be worried about internal hack tools, ransomware, and spyware in the year ahead.
4 Predictions for the Future of Privacy
Commentary  |  2/17/2021  | 
Use these predictions to avoid pushback, find opportunity, and create value for your organization.
Strata Identity Raises $11M in Series A Round
Quick Hits  |  2/16/2021  | 
The series A round of funding, led by Menlo Ventures, will help Strata scale its distributed identity technology.
Under Attack: Hosting & Internet Service Providers
Commentary  |  2/16/2021  | 
The digital universe depends on always-on IT networks and services, so ISPs and hosting providers have become favorite targets for cyberattacks.
How to Submit a Column to Dark Reading
Commentary  |  2/15/2021  | 
Have a new idea, a lesson learned, or a call to action for your fellow cybersecurity professionals? Here's how to submit your Commentary pieces to Dark Reading.
Ransomware Attackers Set Their Sights on SaaS
News  |  2/11/2021  | 
Ransomware has begun to target data-heavy SaaS applications, open source, and Web and application frameworks.
7 Things We Know So Far About the SolarWinds Attacks
Slideshows  |  2/11/2021  | 
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
Zero Trust in the Real World
Commentary  |  2/10/2021  | 
Those who are committed to adopting the concept have the opportunity to make a larger business case for it across the organization, working with executive leaders to implement a zero-trust framework across the entire enterprise.
Microsoft Fixes Windows Zero-Day in Patch Tuesday Rollout
News  |  2/9/2021  | 
Microsoft's monthly security fixes addressed a Win32k zero-day, six publicly known flaws, and three bugs in the Windows TCP/IP stack.
Microsoft & Facebook Were Phishers' Favorite Brands in 2020
Quick Hits  |  2/9/2021  | 
Cloud services was the most impersonated industry, followed by financial services, e-commerce, and social media, researchers report.
SolarWinds Attack Reinforces Importance of Principle of Least Privilege
Commentary  |  2/9/2021  | 
Taking stock of least-privilege policies will go a long way toward hardening an organization's overall security posture.
Emotet Takedown: Short-Term Celebration, Long-Term Concerns
News  |  2/8/2021  | 
Security researchers examine how and when Emotet's operators may resurface, and the threats that could evolve in the meantime.
Cartoon Caption Winner: Insider Threat
Commentary  |  2/8/2021  | 
And the winner of Dark Reading's January cartoon caption contest is ...
Cybercrime Goes Mainstream
Commentary  |  2/5/2021  | 
Organized cybercrime is global in scale and the second-greatest risk over the next decade.
IBM Offers $3M in Grants to Defend Schools from Cyberattacks
Quick Hits  |  2/4/2021  | 
The grants will be awarded to six school districts in the United States to help prepare for, and respond to, cyberattacks.
Web Application Attacks Grow Reliant on Automated Tools
News  |  2/4/2021  | 
Attackers often use automation in fuzzing attacks, injection attacks, fake bots, and application DDoS attacks.
An Observability Pipeline Could Save Your SecOps Team
Commentary  |  2/3/2021  | 
Traditional monitoring approaches are proving brittle as security operations teams need better visibility into dynamic environments.
SolarWinds Attackers Spent Months in Corporate Email System: Report
Quick Hits  |  2/3/2021  | 
SolarWinds' CEO says evidence indicates attackers lurked in the company's Office 365 email system for months ahead of the attack.
FTC: ID Theft Doubled in 2020
Quick Hits  |  2/2/2021  | 
The Federal Trade Commission said a surge in reports of identity theft occurred amid the COVID-19 pandemic.
Agent Tesla Upgrades with New Delivery & Evasion Tactics
News  |  2/2/2021  | 
A new version of the remote access Trojan targets Microsoft Anti-Malware Software Interface to bypass endpoint detection.
RF Enables Takeover of Hostile Drones
Commentary  |  2/2/2021  | 
Tempting as it may be to blast drones out of the sky, a less aggressive approach may yield better data about attackers and keep bystanders safe.
SonicWall Confirms Zero-Day Vulnerability
Quick Hits  |  2/2/2021  | 
The confirmation arrives as researchers with NCC Group detect a SonicWall zero-day flaw under active attack.
Interview With a Russian Cybercriminal
News  |  2/2/2021  | 
A LockBit ransomware operator shared with researchers why he became involved in cybercrime, how he chooses victims, and what's in his toolbox.
Strengthening Zero-Trust Architecture
Commentary  |  2/1/2021  | 
Organizations that want to stay ahead of cybercriminals will find that going beyond user trust and device trust is critical for outwitting their adversaries.
Ransomware Payoffs Surge by 311% to Nearly $350 Million
News  |  1/29/2021  | 
Payments to ransomware gangs using cryptocurrency more than quadrupled in 2020, with less than 200 cryptocurrency wallets receiving 80% of funds.
Law Enforcement Aims to Take Down Netwalker Ransomware
Quick Hits  |  1/28/2021  | 
The Department of Justice has so far charged one Canadian national and seized nearly $500,000 in relation to Netwalker ransomware.
Digital Identity Is the New Security Control Plane
Commentary  |  1/28/2021  | 
Simplifying the management of security systems helps provide consistent protection for the new normal.
Intl. Law Enforcement Operation Disrupts Emotet Botnet
News  |  1/27/2021  | 
Global law enforcement agencies have seized control of Emotet infrastructure, disrupting one of the world's most pervasive and dangerous cyber threats.
Microsoft Security Business Exceeds $10B in Revenue
Quick Hits  |  1/27/2021  | 
Microsoft's security division has grown more than 40% year-over-year, the company reports alongside security product updates.
Apple Patches Three iOS Zero-Day Vulnerabilities
Quick Hits  |  1/27/2021  | 
New iOS 14.4 update available for iPhones and iPads.
Page 1 / 2   >   >>


News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-25252
PUBLISHED: 2021-03-03
Trend Micro's Virus Scan API (VSAPI) and Advanced Threat Scan Engine (ATSE) - are vulnerable to a memory exhaustion vulnerability that may lead to denial-of-service or system freeze if exploited by an attacker using a specially crafted file.
CVE-2021-26813
PUBLISHED: 2021-03-03
markdown2 >=1.0.1.18, fixed in 2.4.0, is affected by a regular expression denial of service vulnerability. If an attacker provides a malicious string, it can make markdown2 processing difficult or delayed for an extended period of time.
CVE-2021-27215
PUBLISHED: 2021-03-03
An issue was discovered in genua genugate before 9.0 Z p19, 9.1.x through 9.6.x before 9.6 p7, and 10.x before 10.1 p4. The Web Interfaces (Admin, Userweb, Sidechannel) can use different methods to perform the authentication of a user. A specific authentication method during login does not check the...
CVE-2021-3419
PUBLISHED: 2021-03-03
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
CVE-2020-15937
PUBLISHED: 2021-03-03
An improper neutralization of input vulnerability in FortiGate version 6.2.x below 6.2.5 and 6.4.x below 6.4.1 may allow a remote attacker to perform a stored cross site scripting attack (XSS) via the IPS and WAF logs dashboard.