Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Endpoint
Page 1 / 2   >   >>
How North Korean APT Kimsuky Is Evolving Its Tactics
News  |  5/7/2021  | 
Researchers find differences in Kimsuky's operations that lead them to divide the APT into two groups: CloudDragon and KimDragon.
Defending Against Web Scraping Attacks
Commentary  |  5/7/2021  | 
Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.
Troy Hunt: Organizations Make Security Choices Tough for Users
News  |  5/6/2021  | 
The Have I Been Pwned founder took the virtual stage at Black Hat Asia to share stories about his work and industrywide challenges.
Google Plans to Automatically Enable Two-Factor Authentication
Quick Hits  |  5/6/2021  | 
The company plans to automatically enroll users in two-step verification if their accounts are properly configured.
Securing the Internet of Things in the Age of Quantum Computing
Commentary  |  5/6/2021  | 
Internet security, privacy, and authentication aren't new issues, but IoT presents unique security challenges.
Attackers Seek New Strategies to Improve Macros' Effectiveness
News  |  5/5/2021  | 
The ubiquity of Microsoft Office document formats means attackers will continue to use them to spread malware and infect systems.
DoD Lets Researchers Target All Publicly Accessible Info Systems
Quick Hits  |  5/5/2021  | 
The Department of Defense expands its vulnerability disclosure program to include a broad range of new targets.
Wanted: The (Elusive) Cybersecurity 'All-Star'
News  |  5/5/2021  | 
Separate workforce studies by (ISC) and ISACA point to the need for security departments to work with existing staff to identify needs and bring entry-level people into the field.
Will 2021 Mark the End of World Password Day?
Commentary  |  5/5/2021  | 
We might be leaving the world of mandatory asterisks and interrobangs behind for good.
Newer Generic Top-Level Domains a Security 'Nuisance'
News  |  5/4/2021  | 
Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use.
Apple Issues Patches for Webkit Security Flaws
Quick Hits  |  5/4/2021  | 
The vulnerabilities may already be under active attack, Apple says in an advisory.
Buer Malware Variant Rewritten in Rust Programming Language
Quick Hits  |  5/3/2021  | 
Researchers suggest a few reasons why operators rewrote Buer in an entirely new language
Dark Reading Celebrates 15th Anniversary
Commentary  |  5/3/2021  | 
Cybersecurity news site begins 16th year with plans to improve site, deliver more content on cyber threats and best practices.
Ransomware Task Force Publishes Framework to Fight Global Threat
News  |  4/30/2021  | 
An 81-page report details how ransomware has evolved, along with recommendations on how to deter attacks and disrupt its business model.
New Threat Group Carrying Out Aggressive Ransomware Campaign
News  |  4/30/2021  | 
UNC2447 observed targeting now-patched vulnerability in SonicWall VPN.
7 Modern-Day Cybersecurity Realities
Slideshows  |  4/30/2021  | 
Security pros may be working with a false sense of security. We explore seven places where old methods and techniques have to change to keep their organizations safe.
XDR Pushing Endpoint Detection and Response Technologies to Extinction
News  |  4/29/2021  | 
Ironically, EDR's success has spawn demand for technology that extends beyond it.
'BadAlloc' Flaws Could Threaten IoT and OT Devices: Microsoft
Quick Hits  |  4/29/2021  | 
More than 25 critical memory allocation bugs could enable attackers to bypass security controls in industrial, medical, and enterprise devices.
FluBot Malware's Rapid Spread May Soon Hit US Phones
News  |  4/28/2021  | 
The FluBot Android malware has spread throughout several European countries through an SMS package delivery scam.
FBI Works With 'Have I Been Pwned' to Notify Emotet Victims
Quick Hits  |  4/28/2021  | 
Officials shared 4.3 million email addresses with the HIBP website to help inform companies and individuals if Emotet compromised their accounts.
How to Secure Employees' Home Wi-Fi Networks
Commentary  |  4/28/2021  | 
Businesses must ensure their remote workers' Wi-Fi networks don't risk exposing business data or secrets due to fixable vulnerabilities.
Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat
News  |  4/28/2021  | 
New research shows how threat actors can steal and decrypt signing certificates so SAML tokens can be forged.
Do Cyberattacks Affect Stock Prices? It Depends on the Breach
News  |  4/27/2021  | 
A security researcher explores how data breaches, ransomware attacks, and other types of cybercrime influence stock prices.
Emotet Malware Uninstalled From Infected Devices
Quick Hits  |  4/27/2021  | 
A law enforcement update deployed to compromised machines in January has been pushed, effectively removing the malware.
4 Ways CISOs Can Strengthen Their Security Resilience
Commentary  |  4/27/2021  | 
Security pros must remember bad actors will target their infrastructure, using counter-incident response technology in the process.
US Urges Organizations to Implement MFA, Other Controls to Defend Against Russian Attacks
News  |  4/26/2021  | 
Actors working for Moscow's Foreign Intelligence Service are actively targeting organizations in government and other sectors, FBI and DHS say.
Proofpoint to Be Acquired by Thoma Bravo for $12.3B
Quick Hits  |  4/26/2021  | 
The cybersecurity company will go private following the all-cash transaction.
Password Manager Suffers 'Supply Chain' Attack
Quick Hits  |  4/23/2021  | 
A software update to Click Studios' Passwordstate password manager contained malware.
Name That Toon: Greetings, Earthlings
Commentary  |  4/22/2021  | 
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
Looking for Greater Security Culture? Ask an 8-Bit Plumber
Commentary  |  4/22/2021  | 
After 40 years of navigating catastrophes, video game character Mario can help us with a more intelligent approach to DevOps and improving security culture.
Rapid7 Acquires Velociraptor Open Source Project
Quick Hits  |  4/21/2021  | 
The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.
Zero-Day Flaws in SonicWall Email Security Tool Under Attack
News  |  4/21/2021  | 
Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.
Business Email Compromise Costs Businesses More Than Ransomware
Commentary  |  4/21/2021  | 
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.
How to Attack Yourself Better in 2021
Commentary  |  4/21/2021  | 
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
Pulse Secure VPN Flaws Exploited to Target US Defense Sector
News  |  4/20/2021  | 
China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.
Attackers Test Weak Passwords in Purple Fox Malware Attacks
Quick Hits  |  4/19/2021  | 
Researchers share a list of passwords that Purple Fox attackers commonly brute force when targeting the SMB protocol.
Pandemic Drives Greater Need for Endpoint Security
Quick Hits  |  4/16/2021  | 
Endpoint security has changed. Can your security plan keep up?
High-Level Admin of FIN7 Cybercrime Group Sentenced to 10 Years in Prison
Quick Hits  |  4/16/2021  | 
Fedir Hladyr pleaded guilty in 2019 to conspiracy to commit wire fraud and conspiracy to commit computer hacking.
Security Gaps in IoT Access Control Threaten Devices and Users
News  |  4/16/2021  | 
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
How the Biden Administration Can Make Digital Identity a Reality
Commentary  |  4/16/2021  | 
A digital identity framework is the answer to the US government's cybersecurity dilemma.
Google Brings 37 Security Fixes to Chrome 90
Quick Hits  |  4/15/2021  | 
The latest version of Google Chrome also introduces HTTPS as the browser's default protocol.
6 Tips for Managing Operational Risk in a Downturn
Commentary  |  4/15/2021  | 
Many organizations adjust their risk appetite in an economic downturn, as risk is expanded to include supplier and customer insolvency, not to mention cash-flow changes.
FBI Operation Remotely Removes Web Shells From Exchange Servers
News  |  4/14/2021  | 
A court order authorized the FBI to remove malicious Web shells from hundreds of vulnerable machines running on-premises Exchange Server.
DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack
News  |  4/13/2021  | 
Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products.
Dark Reading to Upgrade Site Design, Performance
Commentary  |  4/13/2021  | 
Improvements will make site content easier to navigate, faster, and more functional.
Clear & Present Danger: Data Hoarding Undermines Better Security
Commentary  |  4/13/2021  | 
Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users.
Omdia Research Spotlight: XDR
Commentary  |  4/12/2021  | 
Few emerging cybersecurity market segments are garnering more attention than XDR. Here, Omdia highlights its recent research on XDR.
Unofficial Android App Store APKPure Infected With Malware
Quick Hits  |  4/9/2021  | 
The APKPure app store was infected with malware that can download Trojans to other Android devices, researchers report.
8 Security & Privacy Apps to Share With Family and Friends
Slideshows  |  4/9/2021  | 
Mobile apps to recommend to the people in your life who want to improve their online security and privacy.
Fortune 500 Security Shows Progress and Pitfalls
News  |  4/7/2021  | 
Fortune 500 companies have improved on email security and vulnerability disclosure programs but struggle in asset management and high-risk services.
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Take me to your BISO 
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30174
PUBLISHED: 2021-05-11
RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.
CVE-2021-32544
PUBLISHED: 2021-05-11
Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks.
CVE-2021-32563
PUBLISHED: 2021-05-11
An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.
CVE-2020-23369
PUBLISHED: 2021-05-10
In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3.
CVE-2020-23370
PUBLISHED: 2021-05-10
In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML.