Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

News & Commentary
FBI Warns Education & Remote Work Platforms About Cyberattacks
Dark Reading Staff, Quick Hits
The FBI expects attackers will target virtual environments as more organizations rely on them as a result of the COVID-19 pandemic.
By Dark Reading Staff , 4/3/2020
Comment1 Comment  |  Read  |  Post a Comment
A Day in The Life of a Pen Tester
Kelly Sheridan, Staff Editor, Dark ReadingNews
Two penetration testers share their day-to-day responsibilities, challenges they encounter, and the skills they value most on the job.
By Kelly Sheridan Staff Editor, Dark Reading, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Prioritizing High-Risk Assets: A 4-Step Approach to Mitigating Insider Threats
David A. Sanders, Director of Insider Threat Operations at HaystaxCommentary
Sound insider threat detection programs combine contextual data and a thorough knowledge of employee roles and behaviors to pinpoint the biggest risks.
By David A. Sanders Director of Insider Threat Operations at Haystax, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
A Hacker's Perspective on Securing VPNs As You Go Remote
David Commentary
As organizations rush to equip and secure their newly remote workforce, it's important to keep things methodical and purposeful
By David "Moose" Wolpoff Co-founder and CTO of Randori, 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
New Magecart Skimmer Infects 19 Victim Websites
Dark Reading Staff, Quick Hits
MakeFrame, named for its ability to make iframes for skimming payment data, is attributed to Magecart Group 7.
By Dark Reading Staff , 4/2/2020
Comment0 comments  |  Read  |  Post a Comment
Why All Employees Are Responsible for Company Cybersecurity
Diya Jolly, Chief Product Officer, OktaCommentary
It's not just the IT and security team's responsibility to keep data safe -- every member of the team needs to be involved.
By Diya Jolly Chief Product Officer, Okta, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Active Directory Attacks Hit the Mainstream
Jason Crabtree, CEO & Co-Founder, QOMPLXCommentary
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
By Jason Crabtree CEO & Co-Founder, QOMPLX, 4/1/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Alerts Healthcare to Human-Operated Ransomware
Dark Reading Staff, News
Microsoft has notified dozens of hospitals with vulnerable gateway and VPN appliances in their infrastructure, which could put them at risk.
By Dark Reading Staff , 4/1/2020
Comment2 comments  |  Read  |  Post a Comment
Why Third-Party Risk Management Has Never Been More Important
Jake Olcott, VP of Communications & Government Affairs, Bitsight TechnologiesCommentary
Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.
By Jake Olcott VP of Communications & Government Affairs, Bitsight Technologies, 3/31/2020
Comment0 comments  |  Read  |  Post a Comment
Does the 2020 Online Census Account for Security Risk?
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.
By Kelly Sheridan Staff Editor, Dark Reading, 3/31/2020
Comment1 Comment  |  Read  |  Post a Comment
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading
These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/31/2020
Comment4 comments  |  Read  |  Post a Comment
Researchers Spot Sharp Increase in Zoom-Themed Domain Registrations
Jai Vijayan, Contributing WriterNews
Attackers are attempting to take advantage of the surge in teleworking prompted by COVID-19, Check Point says.
By Jai Vijayan Contributing Writer, 3/30/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Edge Will Tell You If Credentials Are Compromised
Dark Reading Staff, Quick Hits
Password Monitor, InPrivate mode, and ad-tracking prevention are three new additions to Microsoft Edge.
By Dark Reading Staff , 3/30/2020
Comment11 comments  |  Read  |  Post a Comment
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Lance Spitzner, Director, SANS Institute Securing The Human Security Awareness ProgramCommentary
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
By Lance Spitzner Director, SANS Institute Securing The Human Security Awareness Program, 3/30/2020
Comment1 Comment  |  Read  |  Post a Comment
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff, Quick Hits
Victims are being enticed to insert an unknown USB drive into their computers.
By Dark Reading Staff , 3/27/2020
Comment11 comments  |  Read  |  Post a Comment
The Wild, Wild West(world) of Cybersecurity
Bil Harmer​, CISO & Chief Evangelist at SecureAuthCommentary
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
By Bil Harmer​ CISO & Chief Evangelist at SecureAuth, 3/27/2020
Comment0 comments  |  Read  |  Post a Comment
Purported Brute-Force Attack Aims at Linksys Routers as More People Work Remotely
Robert Lemos, Contributing WriterNews
The attack takes control of poorly secured network devices, redirecting Web addresses to a COVID-themed landing page that attempts to fool victims into downloading malware.
By Robert Lemos Contributing Writer, 3/27/2020
Comment1 Comment  |  Read  |  Post a Comment
3 Mobile Security Problems That Most Security Teams Haven't Fixed Yet
Michael J. Covington, Vice President of Product Strategy at WanderaCommentary
Mobility must be included in the security operations workflow so that company data is protected regardless of where remote workers are located.
By Michael J. Covington Vice President of Product Strategy at Wandera, 3/26/2020
Comment1 Comment  |  Read  |  Post a Comment
Introducing Zero-Trust Access
Rik Turner, Principal Analyst, Infrastructure Solutions, OmdiaCommentary
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.
By Rik Turner Principal Analyst, Infrastructure Solutions, Omdia, 3/26/2020
Comment7 comments  |  Read  |  Post a Comment
Missing Patches, Misconfiguration Top Technical Breach Causes
Kelly Sheridan, Staff Editor, Dark ReadingNews
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
By Kelly Sheridan Staff Editor, Dark Reading, 3/25/2020
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by SoniaWilson
Current Conversations Nice Post
In reply to: Nice Post
Post Your Own Reply
More Conversations
PR Newswire
HackerOne Drops Mobile Voting App Vendor Voatz
Dark Reading Staff 3/30/2020
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Curtis Franklin Jr., Senior Editor at Dark Reading,  3/31/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-11527
PUBLISHED: 2020-04-04
In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.
CVE-2020-11528
PUBLISHED: 2020-04-04
bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file.
CVE-2020-11518
PUBLISHED: 2020-04-04
Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.
CVE-2020-5347
PUBLISHED: 2020-04-04
Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
CVE-2020-5348
PUBLISHED: 2020-04-04
Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode. A local unauthenticated attacker may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in system management mode.