News & Commentary

Latest Content tagged with Endpoint
Page 1 / 2   >   >>
Siemens Leads Launch of Global Cybersecurity Initiative
News  |  2/16/2018  | 
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
Rise of the 'Hivenet': Botnets That Think for Themselves
Commentary  |  2/16/2018  | 
These intelligent botnet clusters swarm compromised devices to identify and assault different attack vectors all at once.
IRS Reports Steep Decline in Tax-Related ID Theft
News  |  2/15/2018  | 
Research group Javelin confirms that the numbers are trending in the right direction, with total fraud losses dropping more than 14% to $783 million.
North Korea-Linked Cyberattacks Spread Out of Control: Report
News  |  2/15/2018  | 
New details on old cyberattacks originating from North Korea indicate several forms of malware unintentionally spread wider than authors intended.
From DevOps to DevSecOps: Structuring Communication for Better Security
Commentary  |  2/15/2018  | 
A solid approach to change management can help prevent problems downstream.
Windows 10 Critical Vulnerability Reports Grew 64% in 2017
News  |  2/14/2018  | 
The launch and growth of new operating systems is mirrored by an increase in reported vulnerabilities.
Intel Expands Bug Bounty Program, Offers up to $250K
News  |  2/14/2018  | 
Microprocessor giant adds vulnerability-finding category for Meltdown, Spectre-type flaws.
Fileless Malware: Not Just a Threat, but a Super-Threat
Commentary  |  2/14/2018  | 
Exploits are getting more sophisticated by the day, and cybersecurity technology just isn't keeping up.
AI and Machine Learning: Breaking Down Buzzwords
News  |  2/13/2018  | 
Security experts explain two of today's trendiest technologies to explain what they mean and where you need them.
Microsoft Fixes Two Security Flaws in Outlook
News  |  2/13/2018  | 
February security patches include updates for 50 vulnerabilities, 14 of which are critical.
Can Android for Work Redefine Enterprise Mobile Security?
Commentary  |  2/13/2018  | 
Google's new mobility management framework makes great strides in addressing security and device management concerns while offering diverse deployment options. Here are the pros and cons.
Microsoft Adds Windows Defender ATP Support to Windows 7, 8.1
Quick Hits  |  2/12/2018  | 
Microsoft brings Windows Defender ATP down-level support to older versions of Windows for businesses transitioning to Windows 10.
Google to Mark All HTTP Websites 'Not Secure'
Quick Hits  |  2/12/2018  | 
Google will push websites to adopt HTTPS encryption by marking all HTTP sites as 'not secure' starting in July 2018.
Tracking Bitcoin Wallets as IOCs for Ransomware
Commentary  |  2/12/2018  | 
By understanding how cybercriminals use bitcoin, threat analysts can connect the dots between cyber extortion, wallet addresses, shared infrastructure, TTPs, and attribution.
Cyber Warranties: What to Know, What to Ask
News  |  2/9/2018  | 
The drivers and details behind the growth of cyber warranties, which more businesses are using to guarantee their products.
8 Nation-State Hacking Groups to Watch in 2018
Slideshows  |  2/9/2018  | 
The aliases, geographies, famous attacks, and behaviors of some of the most prolific threat groups.
Back to Basics: AI Isn't the Answer to What Ails Us in Cyber
Commentary  |  2/9/2018  | 
The irony behind just about every headline-grabbing data breach we've seen in recent years is that they all could have been prevented with simple cyber hygiene.
Apple iOS iBoot Secure Bootloader Code Leaked Online
Quick Hits  |  2/8/2018  | 
Lawyers for Apple called for the source code to be removed from GitHub.
20 Signs You Need to Introduce Automation into Security Ops
Commentary  |  2/8/2018  | 
Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
Man Formerly on FBI Most Wanted List Pleads Guilty in 'Scareware' Hack
Quick Hits  |  2/7/2018  | 
Latvian man ran bulletproof Web hosting service that served cybercriminals.
Ticking Time Bombs in Your Data Center
Commentary  |  2/7/2018  | 
The biggest security problems inside your company may result from problems it inherited.
Adobe Patches Flash Zero-Day Used in South Korean Attacks
Quick Hits  |  2/6/2018  | 
Critical flaw is one of two critical use-after-free vulnerabilities in Flash fixed today by the software firm.
Identity Fraud Hits All-Time High in 2017
News  |  2/6/2018  | 
Survey reports that the number of fraud victims topped 16 million consumers last year, and much of that crime has moved online.
Over 12,000 Business Websites Leveraged for Cybercrime
News  |  2/5/2018  | 
Attackers exploit trust in popular websites to launch phishing campaigns and spread malware.
Apple, Cisco, Allianz, Aon Partner in Cyber Risk Management
Quick Hits  |  2/5/2018  | 
The four companies announced a tool for managing the cyber risk of ransomware and other malware-related threats.
Mastering Security in the Zettabyte Era
Commentary  |  2/5/2018  | 
Many businesses are ill-equipped to deal with potential risks posed by billions of connected devices, exponential data growth, and an unprecedented number of cyber threats. Here's how to prepare.
Russian National Arrested for Kelihos Botnet Sent to US
Quick Hits  |  2/2/2018  | 
Peter Levashov, among the world's most notorious email spammers, has been extradited to the US.
Cyberattack Impersonates FBI Internet Crime Complaint Center
Quick Hits  |  2/2/2018  | 
Threat actors trick victims into sharing personal information with fake IC3 messages laced with malware.
Adobe to Patch Flash Zero-Day Discovered in South Korean Attacks
News  |  2/1/2018  | 
Critical use-after-free vulnerability being used in targeted attacks.
Poor Visibility, Weak Passwords Compromise Active Directory
News  |  2/1/2018  | 
Security experts highlight the biggest problems they see putting Microsoft Active Directory at risk.
'Ransomware' Added to Oxford English Dictionary
Quick Hits  |  2/1/2018  | 
The term is one of 1,100 new entries added to the Oxford English Dictionary this week.
Lieberman Software Acquired by Bomgar
Quick Hits  |  2/1/2018  | 
Deal combines privileged access management products, technologies.
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Commentary  |  1/31/2018  | 
Authentication security methods are getting better all the time, but they are still not infallible.
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
News  |  1/31/2018  | 
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
IoT Botnets by the Numbers
Slideshows  |  1/31/2018  | 
IoT devices are a botherder's dream attack-vector.
Data Encryption: 4 Common Pitfalls
Partner Perspectives  |  1/31/2018  | 
To maximize encryption effectiveness you must minimize adverse effects in network performance and complexity. Here's how.
Digital Extortion to Expand Beyond Ransomware
News  |  1/30/2018  | 
In the future of digital extortion, ransomware isn't the only weapon, and database files and servers won't be the only targets.
DNS Hijacking: The Silent Threat That's Putting Your Network at Risk
Commentary  |  1/30/2018  | 
The technique is easy to carry out and can cause much damage. Here's what you need to know about fighting back.
RELX Group Agrees to Buy ThreatMetrix for 580M Cash
Quick Hits  |  1/29/2018  | 
Authentication firm ThreatMetrix will become part of Risk & Business Analytics under the LexisNexis Risk Solutions brand.
Strava Fitness App Shares Secret Army Base Locations
Quick Hits  |  1/29/2018  | 
The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty.
Former CIA CTO Talks Meltdown and Spectre Cost, Federal Threats
News  |  1/26/2018  | 
Gus Hunt, former technology leader for the CIA, explains the potential long-term cost of Meltdown and Spectre.
Intel CEO: New Products that Tackle Meltdown, Spectre Threats Coming this Year
Quick Hits  |  1/26/2018  | 
In an earnings call yesterday, Intel CEO Brian Krzanich says security remains a 'priority' for the microprocessor company.
6 Tips for Building a Data Privacy Culture
Slideshows  |  1/26/2018  | 
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
Endpoint and Mobile Top Security Spending at 57% of Businesses
Quick Hits  |  1/26/2018  | 
Businesses say data-at-rest security tools are most effective at preventing breaches, but spend most of their budgets securing endpoint and mobile devices.
Ransomware Detections Up 90% for Businesses in 2017
News  |  1/25/2018  | 
Last year, cybercriminals shifted from consumer to enterprise targets and leveraged ransomware as their weapon of choice.
New Voice MFA Tool Uses Machine Learning
Quick Hits  |  1/25/2018  | 
Pindrop claims its new multi-factor authentication solution that uses the "Deep Voice" engine could save call centers up to $1 per call.
Facebook Buys Identity Verification Firm
Quick Hits  |  1/25/2018  | 
Facebook has purchased startup Confirm, which uses pattern analysis to confirm identities.
Meltdown & Spectre: Computing's 'Unsafe at Any Speed' Problem
Commentary  |  1/25/2018  | 
Ralph Nader's book shook up the automotive world over 50 years ago. It's time to take a similar look at computer security.
Meet Chronicle: Alphabet's New Cybersecurity Business
News  |  1/24/2018  | 
Google parent company Alphabet introduces Chronicle, which will combine a security analytics platform and VirusTotal.
GDPR: Ready or Not, Here It Comes
Commentary  |  1/24/2018  | 
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
Page 1 / 2   >   >>


13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
3 Tips to Keep Cybersecurity Front & Center
Greg Kushto, Vice President of Sales Engineering at Force 3,  2/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.