Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Endpoint
Page 1 / 2   >   >>
Why Security Awareness Training Should Be Backed by Security by Design
News  |  11/25/2020  | 
Cybersecurity training needs an overhaul, though the training itself is only one small part of how security teams can influence user behavior.
CISA Warns of Holiday Online Shopping Scams
Quick Hits  |  11/24/2020  | 
The agency urges shoppers to be cautious of fraudulent websites, unsolicited emails, and unencrypted financial transactions.
US Treasury's OFAC Ransomware Advisory: Navigating the Gray Areas
Commentary  |  11/24/2020  | 
Leveraging the right response strategy, following the regulations, and understanding the ransom entity are the fundamentals in any ransomware outbreak.
What's in Store for Privacy in 2021
News  |  11/24/2020  | 
Changes are coming to the privacy landscape, including more regulations and technologies.
Printers' Cybersecurity Threats Too Often Ignored
Commentary  |  11/24/2020  | 
Remote workforce heightens the need to protect printing systems against intrusion and compromise.
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
News  |  11/23/2020  | 
Companies should plan their future workforce model now, so they have time to implement the necessary tools, including cybersecurity and seamless remote access, a Forrester report says.
Ransomware Grows Easier to Spread, Harder to Block
News  |  11/23/2020  | 
Researchers illustrate the evolution toward more complete and effective ransomware attacks designed to cripple target organizations.
Evidence-Based Trust Gets Black Hat Europe Spotlight
News  |  11/23/2020  | 
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
How Retailers Can Fight Fraud and Abuse This Holiday Season
Commentary  |  11/23/2020  | 
Online shopping will be more popular than ever with consumers... and with malicious actors too.
Facebook Messenger Flaw Enabled Spying on Android Callees
Quick Hits  |  11/20/2020  | 
A critical flaw in Facebook Messenger on Android would let someone start an audio or video call without the victim's knowledge.
Cybercriminals Get Creative With Google Services
News  |  11/19/2020  | 
Attacks take advantage of popular services, including Google Forms and Google Docs.
Go SMS Pro Messaging App Exposed Users' Private Media Files
Quick Hits  |  11/19/2020  | 
The popular Android app uses easily guessable Web addresses when users send private photos, videos, and voice messages.
Unpatched Browsers Abound, Study Shows
News  |  11/19/2020  | 
Google Chrome users don't always take time to relaunch browser updates, and some legacy applications don't support new versions of Chrome, Menlo Security says.
Online Shopping Surge Puts Focus on Consumer Security Habits
News  |  11/18/2020  | 
Companies will have to tread a fine line between delivering security and a frictionless shopping experience, security firms say.
Cisco Webex Vulns Let 'Ghost' Attendees Spy on Meetings
News  |  11/18/2020  | 
Three vulnerabilities, patched today, could let an attacker snoop on meetings undetected after the host removes them.
Out With the Old Perimeter, in With the New Perimeters
Commentary  |  11/18/2020  | 
A confluence of trends and events has exploded the whole idea of "the perimeter." Now there are many perimeters, and businesses must adjust accordingly.
How to Identify Cobalt Strike on Your Network
Commentary  |  11/18/2020  | 
Common antivirus systems frequently miss Cobalt Strike, a stealthy threat emulation toolkit admired by red teams and attackers alike.
To Pay or Not to Pay: Responding to Ransomware From a Lawyer's Perspective
Commentary  |  11/17/2020  | 
The threat of data extortion adds new layers of risk when determining how to respond to a ransomware attack.
Security Risks Discovered in Tesla Backup Gateway
Quick Hits  |  11/17/2020  | 
Cybersecurity researchers report on the security and privacy risks of leaving a Tesla Backup Gateway exposed to the Internet.
Breakdown of a Break-in: A Manufacturer's Ransomware Response
News  |  11/16/2020  | 
The analysis of an industrial ransomware attack reveals common tactics and proactive steps that businesses can take to avoid similar incidents.
Zoom Debuts New Tools to Fight Meeting Disruptions
Quick Hits  |  11/16/2020  | 
Two new capabilities in version 5.4.3 let hosts and co-hosts pause Zoom meetings to remove and report disruptive attendees.
A Hacker's Holiday: How Retailers Can Avoid Black Friday Cyber Threats
Commentary  |  11/13/2020  | 
Starting on Nov. 27, online retailers of all sizes will find out if their e-commerce capabilities are ready for prime time or not.
Manufacturing Sees Rising Ransomware Threat
News  |  11/12/2020  | 
Crypto-ransomware groups are increasingly adopting malware and tools that can probe and attack operational technology, such as industrial control systems, according to an assessment of current threats.
Credential Stuffing Fills E-commerce Pipeline in 2020
Quick Hits  |  11/12/2020  | 
There were 1.3 billion attacks in the third quarter alone, according to new analysis from Arkose Labs.
DARPA and Academia Jumpstart 5G IoT Security Efforts
Commentary  |  11/12/2020  | 
With 5G IoT devices projected to hit 49 million units by 2023, researchers launch programs to keep IoT from becoming a blackhole of exfiltration.
Security Hiring Plans Remain Constant Despite Pandemic
News  |  11/11/2020  | 
Although we saw workforce gains this year, 56% of businesses surveyed report staff shortages are putting their organization at risk.
3 Tips For Successfully Running Tech Outside the IT Department
Commentary  |  11/11/2020  | 
When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.
Barracuda to Acquire Fyde for Zero-Trust Capabilities
Quick Hits  |  11/11/2020  | 
Plans call for expanding the Barracuda CloudGen SASE platform.
How to Avoid Getting Killed by Ransomware
Commentary  |  11/11/2020  | 
Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.
Flaws in Privileged Management Apps Expose Machines to Attack
News  |  11/10/2020  | 
The Intel Support Assistant is the latest Windows utility to be found that could expose millions of computers to privilege-escalation attacks through file manipulation and symbolic links.
Microsoft Patches Windows Kernel Flaw Under Active Attack
News  |  11/10/2020  | 
This month's Patch Tuesday addressed a Windows zero-day in a release of 112 vulnerabilities, 17 of which are critical.
Cloud Usage, Biometrics Surge As Remote Work Grows Permanent
News  |  11/10/2020  | 
A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.
FTC Announces Consent Agreement With Zoom
Quick Hits  |  11/9/2020  | 
The agreement covers Zoom's misleading statements on security for its audio and video calling.
Data Privacy Gets Solid Upgrade With Early Adopters
News  |  11/9/2020  | 
The United Kingdom and the regional government of Flanders kick off four pilots of the Solid data-privacy technology from World Wide Web inventor Tim Berners-Lee, which gives users more control of their data.
Preventing and Mitigating DDoS Attacks: It's Elementary
Commentary  |  11/9/2020  | 
Following a spate of cyberattacks nationwide, school IT teams need to act now to ensure their security solution makes the grade.
7 Online Shopping Tips for the Holidays
Slideshows  |  11/9/2020  | 
The holidays are right around the corner, and that means plenty of online shopping. These tips will help keep you safe.
How COVID-19 Changed the VC Investment Landscape for Cybersecurity Companies
Commentary  |  11/6/2020  | 
What trends can startups and investors expect to see going forward?
Digital Transformation Means Security Must Also Transform
Commentary  |  11/5/2020  | 
Being successful in this moment requires the ability to evolve in terms of team management, visibility, and crisis management.
Online Users Feel Safe, But Risky Behavior Abounds
News  |  11/5/2020  | 
New research also shows a divide between younger and older users in their security practices, including use of two-factor authentication and how often software updates are performed.
The One Critical Element to Hardening Your Employees' Mobile Security
Commentary  |  11/5/2020  | 
COVID-19 has exposed longstanding gaps in enterprise mobile security. Creating a comprehensive mobile security plan and mandating compliance with that plan are essential to closing them.
Cybercrime: Nation-States Go Prime Time
Commentary  |  11/3/2020  | 
Critical infrastructure remains a high-value target, but 90% of nation-states also attack other industry sectors.
Reworking the Taxonomy for Richer Risk Assessments
Commentary  |  11/3/2020  | 
By accommodating unique requirements and conditions at different sites, security pros can dig deeper get a clearer sense of organizational risk.
California's Prop. 24 Splits Privacy Advocates
News  |  11/2/2020  | 
Critics worry that the curatives in Prop. 24 are worse than the disease of privacy-rights violations.
Fraud Prevention Strategies to Prepare for the Future
Commentary  |  11/2/2020  | 
While companies have largely adjusted to the new normal for security management, here are some tips for combatting fraud, post-COVID.
As Businesses Go Remote, Hackers Find New Security Gaps
News  |  11/2/2020  | 
Improper access control, information disclosure, and SSRF are among the most impactful, and most awarded, security flaws found this year.
Ransomware Wave Targets US Hospitals: What We Know So Far
News  |  10/29/2020  | 
A joint advisory from the CISA, FBI, and HHS warns of an "increased and imminent" threat to US hospitals and healthcare providers.
How Healthcare Organizations Can Combat Ransomware
Commentary  |  10/29/2020  | 
The days of healthcare organizations relying solely on endpoint security software to stop attacks are over. Here are six ways that healthcare providers can fight the ever-present threat.
How to Increase Voter Turnout & Reduce Fraud
Commentary  |  10/29/2020  | 
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
6 Ways Passwords Fail Basic Security Tests
Slideshows  |  10/28/2020  | 
New data shows humans still struggle with password creation and management.
Trump Campaign Website Defaced by Unknown Attackers
Quick Hits  |  10/28/2020  | 
Individuals behind the brief Tuesday night incident posted anti-Trump sentiments and appeared to solicit cryptocurrency.
Page 1 / 2   >   >>


Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-29378
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password [email protected]#y$z%x6x7q8c9z) for the e...
CVE-2020-29379
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access.
CVE-2020-29380
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-...
CVE-2020-29381
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename...
CVE-2020-29382
PUBLISHED: 2020-11-29
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.