Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Endpoint
Page 1 / 2   >   >>
5 Steps to Greater Cyber Resiliency
Commentary  |  9/21/2020  | 
Work from home isn't going away anytime soon, and the increased vulnerability means cyber resiliency will continue to be critical to business resiliency.
Mitigating Cyber-Risk While We're (Still) Working from Home
Commentary  |  9/18/2020  | 
One click is all it takes for confidential information to land in the wrong hands. The good news is that there are plenty of ways to teach preventative cybersecurity to remote workers.
Time for CEOs to Stop Enabling China's Blatant IP Theft
Commentary  |  9/17/2020  | 
Protecting intellectual property in the name of US economic and national security should be part of every company's fiduciary duty.
Struggling to Secure Remote IT? 3 Lessons from the Office
Commentary  |  9/17/2020  | 
The great remote work experiment has exacerbated existing challenges and exposed new gaps, but there are things to be learned from office challenges.
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Commentary  |  9/16/2020  | 
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
Meet the Computer Scientist Who Helped Push for Paper Ballots
News  |  9/16/2020  | 
Security Pro File: Award-winning computer scientist and electronic voting expert Barbara Simons chats up her pioneering days in computer programming, paper-ballot backups, Internet voting, math, and sushi.
Cybersecurity Bounces Back, but Talent Still Absent
Commentary  |  9/16/2020  | 
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
Taking Security With You in the WFH Era: What to Do Next
Commentary  |  9/15/2020  | 
As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.
Simplify Your Privacy Approach to Overcome CCPA Challenges
Commentary  |  9/15/2020  | 
By building a privacy-forward culture from the ground up and automating processes, organizations can simplify their approach to privacy and be prepared for any upcoming regulations.
Virginia's Largest School System Hit With Ransomware
Quick Hits  |  9/14/2020  | 
Fairfax County Public Schools has launched an investigation following a ransomware attack on some of its technology systems.
APT Groups Set Sights on Linux Targets: Inside the Trend
News  |  9/11/2020  | 
Researchers see more advanced attack groups creating tools and platforms to target Linux-based devices.
Fraud Prevention During the Pandemic
Commentary  |  9/11/2020  | 
When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.
Two Years on from GDPR: Has It Driven Growth in Cybersecurity Insurance?
News  |  9/10/2020  | 
Whilst GDPR has put the spotlight on data privacy and cyber issues, there are other more prominent trends that are driving a greater take-up of cyber insurance, says Ben Maidment, Class Underwriter Cyber, Physical & Technology at Brit Insurance.
Zoom Brings Two-Factor Authentication to All Users
Quick Hits  |  9/10/2020  | 
This marks the latest step Zoom has taken to improve user security as more employees work from home.
Managed IT Providers: The Cyber-Threat Actors' Gateway to SMBs
Commentary  |  9/10/2020  | 
Criminals have made MSPs a big target of their attacks. That should concern small and midsize businesses a great deal.
Meet the Middlemen Who Connect Cybercriminals With Victims
News  |  9/9/2020  | 
An analysis of initial access brokers explains how they break into vulnerable organizations and sell their access for up to $10,000.
7 Cybersecurity Priorities for Government Agencies & Political Campaigns
Commentary  |  9/9/2020  | 
As election season ramps up, organizations engaged in the process must strengthen security to prevent chaos and disorder from carrying the day. Here's how.
Top 5 Identity-Centric Security Imperatives for Newly Minted Remote Workers
Commentary  |  9/9/2020  | 
In the wake of COVID-19, today's remote workforce is here to stay, at least for the foreseeable future. And with it, an increase in identity-related security incidents.
Microsoft Fixes 129 Vulnerabilities for September's Patch Tuesday
News  |  9/8/2020  | 
This month's Patch Tuesday brought fixes for 23 critical vulnerabilities, including a notable flaw in Microsoft Exchange.
VPNs: The Cyber Elephant in the Room
Commentary  |  9/8/2020  | 
While virtual private networks once boosted security, their current design doesn't fulfill the evolving requirements of today's modern enterprise.
Post-COVID-19 Security Spending Update
Slideshows  |  9/8/2020  | 
Security spending growth will slow in 2020, but purse strings are looser than for other areas of IT.
8 Frequently Asked Questions on Organizations' Data Protection Programs
Commentary  |  9/8/2020  | 
Adherence to data protection regulations requires a multidisciplinary approach that has the commitment of all employees. Expect to be asked questions like these.
DDoS Attacks on Education Escalate in 2020
Quick Hits  |  9/4/2020  | 
The number of DDoS attacks affecting educational resources was far higher between February and June 2020 compared with 2019.
Evilnum APT Group Employs New Python RAT
News  |  9/3/2020  | 
The PyVil remote access Trojan enables attackers to exfiltrate data, perform keylogging, take screenshots, and deploy tools for credential theft.
New Email-Based Malware Campaigns Target Businesses
Quick Hits  |  9/3/2020  | 
Researchers who found "Salfram" say its campaigns use the same crypter to distribute payloads, including ZLoader, SmokeLoader, and AveMaria.
Facebook & Twitter Remove Russian Accounts Spreading Disinformation
News  |  9/2/2020  | 
The Russia-backed Internet Research Agency has returned with new strategies to sway voters ahead of the 2020 presidential election.
Don't Forget Cybersecurity on Your Back-to-School List
Commentary  |  9/2/2020  | 
School systems don't seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.
Anti-Phishing Startup Pixm Aims to Hook Browser-Based Threats
News  |  9/1/2020  | 
Pixm visually analyzes phishing websites from a human perspective to detect malicious pages people might otherwise miss.
Apple Signs Shlayer, Legitimizes Malware
Quick Hits  |  9/1/2020  | 
Shlayer, a common macOS Trojan, received Apple's notary certification and place in the App Store -- twice.
ISO 27701 Paves the Way for a Strategic Approach to Privacy
Commentary  |  9/1/2020  | 
As the first certifiable international privacy management standard, ISO 27701 is a welcome addition to the existing set of common security frameworks.
Why Are There Still So Many Windows 7 Devices?
Commentary  |  9/1/2020  | 
As the FBI warns, devices become more vulnerable to exploitation as time passes, due to a lack of security updates and new, emerging vulnerabilities.
Slack Patches Critical Desktop Vulnerability
News  |  8/31/2020  | 
The remote code execution flaw could allow a successful attacker to fully control the Slack desktop app on a target machine.
TA542 Returns With Emotet: What's Different Now
Quick Hits  |  8/28/2020  | 
Researchers report the TA542 threat group has made code changes to its malware and started targeting new locations with Emotet.
Vulnerability Volume Poised to Overwhelm Infosec Teams
News  |  8/27/2020  | 
The collision of Microsoft and Oracle patches on the same day has contributed to risk and stress for organizations.
The Inside Threat from Psychological Manipulators
Commentary  |  8/27/2020  | 
How internal manipulators can actually degrade your organization's cyber defense, and how to defend against them.
Higher Education CISOs Share COVID-19 Response Stories
News  |  8/26/2020  | 
Security leaders from Stanford, Ohio State, and the University of Chicago share challenges and response tactics from the COVID-19 pandemic.
Deep Fake: Setting the Stage for Next-Gen Social Engineering
Commentary  |  8/26/2020  | 
Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.
Attackers Use Unicode & HTML to Bypass Email Security Tools
News  |  8/24/2020  | 
Researchers spot cybercriminals using new techniques to help malicious phishing emails slip past detection tools.
DeathStalker APT Targets SMBs with Cyber Espionage
Quick Hits  |  8/24/2020  | 
The hacker-for-hire group, operating since at least 2012, primarily targets financial firms.
Smart-Lock Hacks Point to Larger IoT Problems
News  |  8/20/2020  | 
Two recent reports on smart-locks vulnerabilities show that IoT vendors have a bigger job to do in ensuring their products are safely deployed and configured.
Twitter Hack: The Spotlight that Insider Threats Need
Commentary  |  8/20/2020  | 
The high profile attack should spur serious board-level conversations around the importance of insider threat prevention.
Banks and the New Abnormal
Commentary  |  8/20/2020  | 
Banks have hesitated to adopt many strong security practices, and for understandable reasons. But now is the time to be bold.
Stolen Data: The Gift That Keeps on Giving
Commentary  |  8/19/2020  | 
Users regularly reuse logins and passwords, and data thieves are leveraging that reality to breach multiple accounts.
New 'Duri' Campaign Uses HTML Smuggling to Deliver Malware
News  |  8/18/2020  | 
Researchers who detected the attack explain what businesses should know about the HTML smuggling technique.
Cybersecurity Companies Among Smaller Firms Hit with Brand Spoofing
News  |  8/17/2020  | 
Researchers find smaller organizations, including some in the cybersecurity space, increasingly targeted with these impersonation attacks.
REvil Ransomware Hits Jack Daniel's Manufacturer
Quick Hits  |  8/17/2020  | 
Attackers who targeted US spirits manufacturer Brown-Forman reportedly stole a terabyte of confidential data.
DHS CISA Warns of Phishing Emails Rigged with KONNI Malware
Quick Hits  |  8/14/2020  | 
Konni is a remote administration tool cyberattackers use to steal files, capture keystrokes, take screenshots, and execute malicious code.
7 Ways to Keep Your Remote Workforce Safe
Slideshows  |  8/14/2020  | 
These tips will help you chart a course for a security strategy that just may become part of the normal way organizations will function over the next several years.
WFH Summer 2020 Caption Contest Winners
Commentary  |  8/14/2020  | 
Clever wordplay on sandcastles, sandboxes, zero trust. and granular controls. And the winners are ...
RedCurl APT Group Hacks Global Companies for Corporate Espionage
News  |  8/13/2020  | 
Researchers analyze a presumably Russian-speaking APT group that has been stealing corporate data since 2018.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4590
PUBLISHED: 2020-09-21
IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.
CVE-2020-4731
PUBLISHED: 2020-09-21
IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055.
CVE-2020-4315
PUBLISHED: 2020-09-21
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the i...
CVE-2020-4579
PUBLISHED: 2020-09-21
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438.
CVE-2020-4580
PUBLISHED: 2020-09-21
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439.