News & Commentary

Latest Content tagged with Endpoint
Page 1 / 2   >   >>
What's Next after the SEC 'Insider Trading' Breach?
Commentary  |  10/19/2017  | 
Last month's hack of the Security Exchange Commission may prove to be the most high-profile corporate gatekeeper attack to date. But it definitely won't be the last.
New Locky Ransomware Strain Emerges
News  |  10/19/2017  | 
Latest version goes by the .asasin extension and is collecting information on users' computer operating system and IP address.
Malicious Minecraft Apps on Google Android Could Turn Devices into Bots
Quick Hits  |  10/18/2017  | 
New 'Sockbot' malware has 'highly flexible proxy topology' that might be leveraged for a variety of nefarious purposes.
Game Change: Meet the Mach37 Fall Startups
Slideshows  |  10/18/2017  | 
CEOs describe how they think their fledgling ventures will revolutionize user training, privacy, identity management and embedded system security.
'Hacker Door' Backdoor Resurfaces as RAT a Decade Later
Quick Hits  |  10/18/2017  | 
Sophisticated backdoor re-emerges as a RAT more than a decade after its 2004 public release, with updated advanced malicious functionality.
What's Next After HTTPS: A Fully Encrypted Web?
Commentary  |  10/18/2017  | 
As the rate of HTTPS adoption grows faster by the day, it's only a matter of time before a majority of websites turn on SSL. Here's why.
ATM Machine Malware Sold on Dark Web
Quick Hits  |  10/17/2017  | 
Cybercriminals are advertising ATM malware that's designed to exploit hardware and software vulnerabilities on the cash-dispensing machines.
Google Bolsters Security for Select Groups
Quick Hits  |  10/17/2017  | 
Business leaders, political campaign teams, journalists, and other high-risk groups will receive advanced email and account protection.
US Supreme Court to Hear Microsoft-DOJ Email Case
Quick Hits  |  10/16/2017  | 
High court to rule on email privacy case, pitting Redmond giant against DOJ over access to its foreign-based email servers.
DHS to Require All Fed Agencies to Use DMARC, HTTPS, and STARTTLS
News  |  10/16/2017  | 
The move follows a DHS review of federal government agencies' steps to secure email and deploy authentication technologies.
Adobe Patches Flash ZeroDay Used To Plant Surveillance Software
Quick Hits  |  10/16/2017  | 
Second time in four weeks FINSPY "lawful intercept" tool and a zero-day found together.
GDPR Compliance: 5 Early Steps to Get Laggards Going
Slideshows  |  10/16/2017  | 
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
20 Questions to Ask Yourself before Giving a Security Conference Talk
Commentary  |  10/16/2017  | 
As cybersecurity continues to become more of a mainstream concern, those of us who speak at industry events must learn how to truly connect with our audience.
Printers: The Weak Link in Enterprise Security
News  |  10/16/2017  | 
Organizations frequently overlook printer security, leaving systems exposed to malware and theft. New tools aim to lessen the risk.
Kaspersky Lab and the AV Security Hole
News  |  10/12/2017  | 
It's unclear what happened in the reported theft of NSA data by Russian spies, but an attacker would need little help to steal if he or she had privileged access to an AV vendor's network, security experts say.
Olympic Games Face Greater Cybersecurity Risks
News  |  10/12/2017  | 
Cybercriminals may alter score results and engage in launching physical attacks at future Olympic Games, a recently released report warns.
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Commentary  |  10/12/2017  | 
With social media, gathering information has never been easier, making Business Email Compromise the land of milk and honey for cybercriminals.
IoT: Insecurity of Things or Internet of Threats?
News  |  10/11/2017  | 
Security leaders call for device manufacturers to buckle down on device security as the Internet of Things evolves.
Phishing Emails that Invoke Fear, Urgency, Get the Most Clicks
News  |  10/11/2017  | 
The most commonly clicked phishing emails include urgent calls to action, or exploit victims' desire for popularity.
How Systematic Lying Can Improve Your Security
Commentary  |  10/11/2017  | 
No, you don't have to tell websites your mother's actual maiden name.
Security Tops Use Cases for Endpoint Data
Quick Hits  |  10/11/2017  | 
Businesses increasingly use endpoint data for security investigations, eDiscovery, and device migration to Windows 10.
GDPR Concerns Include 'Where's My Data Stored?'
News  |  10/11/2017  | 
European data protection regulations are coming like a freight train and many firms are still unprepared.
Ransomware Sales on the Dark Web Spike 2,502% in 2017
News  |  10/11/2017  | 
Sales soar to $6.2 million as do-it-yourself kits, ransomware-as-a-service, and distribution offerings take hold.
Microsoft Patches Windows Zero-Day Flaws Tied to DNSSEC
News  |  10/10/2017  | 
Security experts advise 'immediate' patching of critical DNS client vulnerabilities in Windows 8, 10, and other affected systems.
Unstructured Data: The Threat You Cannot See
Commentary  |  10/10/2017  | 
Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.
Key New Security Features in Android Oreo
Slideshows  |  10/10/2017  | 
Android 8.0 Oreo marks a major revamp of Google's mobile operating system, putting in a number of new security-hardening measures.
Russian Hackers Targeted NSA Employee's Home Computer
Quick Hits  |  10/6/2017  | 
New reports today say it was a National Security Agency employee, not a a contractor, whose home machine running Kaspersky Lab antivirus was hacked for classified files.
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Commentary  |  10/6/2017  | 
As the value and volume of data grows, perimeter security is not enough to battle internal or external threats.
How Businesses Should Respond to the Ransomware Surge
News  |  10/5/2017  | 
Modern endpoint security tools and incident response plans will be key in the fight against ransomware.
Equifax Lands $7.25 Million Contract with IRS
Quick Hits  |  10/5/2017  | 
The embattled credit monitoring agency will provide taxpayer identification verification and fraud prevention services to the federal tax agency.
10 Steps for Writing a Secure Mobile App
Slideshows  |  10/5/2017  | 
Best practices to avoid the dangers of developing vulnerability-ridden apps.
URL Obfuscation: Still a Phisher's Phriend
Partner Perspectives  |  10/5/2017  | 
There are three primary techniques to trick users into thinking a website link is real: URL shorteners, URL doppelgangers, and URL redirects.
Ransomware Will Target Backups: 4 Ways to Protect Your Data
Commentary  |  10/4/2017  | 
Backups are the best way to take control of your defense against ransomware, but they need protecting as well.
Yahoo: All 3 Billion Accounts Affected in 2013 Breach
Quick Hits  |  10/3/2017  | 
Every single Yahoo account was affected in a 2013 data breach, bringing the total from 1 billion to 3 billion.
70% of US Employees Lack Security and Privacy Awareness
News  |  10/3/2017  | 
Acceptable use of social media and adherence to workplace physical security drops, new survey shows.
Equifax: Number of US Breach Victims Rises to 145.5 Million
Quick Hits  |  10/2/2017  | 
Credit bureau provides update on its breach investigation.
FBI Won't Have to Reveal iPhone-Cracking Tool Used in Terror Case
News  |  10/2/2017  | 
Revealing vendor's name and pricing details a threat to national security, DC court says.
5 IT Practices That Put Enterprises at Risk
Commentary  |  10/2/2017  | 
No one solution will keep you 100% protected, but if you avoid these common missteps, you can shore up your security posture.
Best and Worst Security Functions to Outsource
Slideshows  |  9/29/2017  | 
Which security functions are best handled by third parties, and which should be kept in-house? Experts weigh in.
Whole Foods Reports Credit Card Breach
Quick Hits  |  9/29/2017  | 
The breach affects customers of certain Whole Foods taprooms and table-service restaurants.
Apple Mac Models Vulnerable to Targeted Attacks
News  |  9/29/2017  | 
Several updated Mac models don't receive EFI security fixes, putting machines at risk for targeted cyberattacks.
Ransomware Numbers Continue to Look Abysmal
News  |  9/28/2017  | 
Ransomware is one of the fastest-growing concerns among IT pros, according to several studies out this week.
Cybercrime Costs Each Business $11.7M Per Year
News  |  9/26/2017  | 
The most expensive attacks are malware infections, which cost global businesses $2.4 million per incident.
Chevron's Jump to the Cloud is a Journey
News  |  9/26/2017  | 
Enterprises entertaining a move to the cloud should brace themselves for a challenging path of discovery.
Why Your Business Must Care about Privacy
Commentary  |  9/26/2017  | 
It might not have something to hide, but it definitely has something to protect.
Microsoft Builds Automation into Windows Defender ATP
News  |  9/25/2017  | 
Automation can help manage and respond to alert overflow, but will come with its own specific set of challenges.
1.4 Million New Phishing Sites Launched Each Month
Quick Hits  |  9/22/2017  | 
The number of phishing attacks reach a record rate in 2017, but the majority of the phishing sites remain active for just four- to eight hours.
Americans Rank Criminal Hacking as Their Number One Threat
News  |  9/22/2017  | 
Global warming and artificial intelligence rate as less of a threat to human health, safety, and prosperity, than getting hacked, according to a survey released today.
CCleaner Malware Targeted Tech Giants Cisco, Google, Microsoft
News  |  9/21/2017  | 
The backdoor discovered in Avast's CCleaner targeted top tech companies including Google, Microsoft, Samsung, Sony, VMware, and Cisco.
SMBs Paid $301 Million to Ransomware Attackers
Quick Hits  |  9/21/2017  | 
But small- to midsized businesses are taking a tougher stand against ransomware attacks, according to a survey released today of the 2016-2017 period.
Page 1 / 2   >   >>


20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
Hyatt Hit With Another Credit Card Breach
Dark Reading Staff 10/13/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.