Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

News & Commentary
When Older Windows Systems Won't Die
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft's decision to patch unsupported machines for the critical CVE-2019-0708 flaw is a reminder that XP, 2003, and other older versions of Windows still run in some enterprises.
By Kelly Sheridan Staff Editor, Dark Reading, 5/17/2019
Comment2 comments  |  Read  |  Post a Comment
A Trustworthy Digital Foundation Is Essential to Digital Government
Gus Hunt, Managing Director and Cyber Strategy Lead for Accenture Federal ServicesCommentary
Agencies must take steps to ensure that citizens trust in the security of government's digital channels.
By Gus Hunt Managing Director and Cyber Strategy Lead for Accenture Federal Services, 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
Google to Replace Titan Security Keys Affected by Bluetooth Bug
Kelly Sheridan, Staff Editor, Dark ReadingNews
A misconfiguration in Bluetooth Titan Security Keys' pairing protocols could compromise users under specific circumstances.
By Kelly Sheridan Staff Editor, Dark Reading, 5/16/2019
Comment0 comments  |  Read  |  Post a Comment
New Intel Vulnerabilities Bring Fresh CPU Attack Dangers
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Four newly discovered vulns from the speculative-execution family bring Meltdown-like threats to Intel's processors.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Builds on Decentralized Identity Vision
Kelly Sheridan, Staff Editor, Dark ReadingNews
The company elaborates on its plan to balance data control between businesses and consumers by giving more autonomy to individuals.
By Kelly Sheridan Staff Editor, Dark Reading, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Introducing the Digital Transformation Architect
Jordan Blake, VP of Products at BehavioSecCommentary
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.
By Jordan Blake VP of Products at BehavioSec, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Two Ransomware Recovery Firms Typically Pay Hackers
Dark Reading Staff, Quick Hits
Companies promising the safe return of data sans ransom payment secretly pass Bitcoin to attackers and charge clients added fees.
By Dark Reading Staff , 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrustCommentary
The transition to Windows 10 doesn't need to be a sprint. Organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.
By Kevin Alexandra Principal Solutions Engineer at BeyondTrust, 5/15/2019
Comment4 comments  |  Read  |  Post a Comment
Commercial Spyware Uses WhatsApp Flaw to Infect Phones
Robert Lemos, Contributing WriterNews
A single flaw allowed attackers thought to be linked to a government to target human rights workers and install surveillance software by sending a phone request. The victims did not even have to answer.
By Robert Lemos Contributing Writer, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patches Wormable Vuln in Windows 7, 2003, XP, Server 2008
Kelly Sheridan, Staff Editor, Dark ReadingNews
Microsoft releases security updates for some out-of-support systems to fix a bug that could be weaponized as a worm if exploited.
By Kelly Sheridan Staff Editor, Dark Reading, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
LockerGoga, MegaCortex Ransomware Share Unlikely Traits
Kelly Sheridan, Staff Editor, Dark ReadingNews
New form of ransomware MegaCortex shares commonalities with LockerGoga, enterprise malware recently seen in major cyberattacks.
By Kelly Sheridan Staff Editor, Dark Reading, 5/13/2019
Comment0 comments  |  Read  |  Post a Comment
78% of Consumers Say Online Companies Must Protect Their Info
Steve Zurier, Contributing WriterNews
Yet 68% agree they also must do more to protect their own information.
By Steve Zurier Contributing Writer, 5/13/2019
Comment1 Comment  |  Read  |  Post a Comment
Demystifying the Dark Web: What You Need to Know
Kelly Sheridan, Staff Editor, Dark Reading
The Dark Web and Deep Web are not the same, neither is fully criminal, and more await in this guide to the Internet's mysterious corners.
By Kelly Sheridan Staff Editor, Dark Reading, 5/10/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft SharePoint Bug Exploited in the Wild
Dark Reading Staff, Quick Hits
A number of reports show CVE-2019-0604 is under active attack, Alien Labs researchers say.
By Dark Reading Staff , 5/10/2019
Comment0 comments  |  Read  |  Post a Comment
How We Collectively Can Improve Cyber Resilience
Todd Weller, Chief Strategy Officer at Bandura CyberCommentary
Three steps you can take, based on Department of Homeland Security priorities.
By Todd Weller Chief Strategy Officer at Bandura Cyber, 5/10/2019
Comment0 comments  |  Read  |  Post a Comment
Symantec CEO Greg Clark Steps Down
Dark Reading Staff, Quick Hits
Exec shake-up comes amid earnings drop in financial report.
By Dark Reading Staff , 5/10/2019
Comment0 comments  |  Read  |  Post a Comment
Sectigo Buys Icon Labs to Expand IoT Security Platform
Dark Reading Staff, Quick Hits
End-to-end IoT security product aims to give manufacturers, systems integrators, and businesses a means to harden device security.
By Dark Reading Staff , 5/9/2019
Comment0 comments  |  Read  |  Post a Comment
Fighting Back Against Tech-Savvy Fraudsters
Chris Ryan, Senior Fraud Solutions Consultant at ExperianCommentary
Staying a step ahead requires moving beyond the security techniques of the past.
By Chris Ryan Senior Fraud Solutions Consultant at Experian, 5/9/2019
Comment0 comments  |  Read  |  Post a Comment
Social Engineering Slams the C-Suite: Verizon DBIR
Kelly Sheridan, Staff Editor, Dark ReadingNews
Criminals are also going after cloud-based email accounts, according to Verizon's '2019 Data Breach Investigations Report.'
By Kelly Sheridan Staff Editor, Dark Reading, 5/8/2019
Comment0 comments  |  Read  |  Post a Comment
FBI: Cybercrime Losses Doubled in 2018
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
The world has embraced digital technology, but cybercrime is putting a serious dent in corporate finances, the FBI finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 5/8/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Artist Uses Malware in Installation
Dark Reading Staff 5/17/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12198
PUBLISHED: 2019-05-20
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
CVE-2019-12185
PUBLISHED: 2019-05-20
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web r...
CVE-2019-12184
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
CVE-2019-12173
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
CVE-2019-12172
PUBLISHED: 2019-05-17
Typora 0.9.9.21.1 (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.