Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

News & Commentary
Experts Predict Rise of Data Theft in Ransomware Attacks
Dark Reading Staff, Quick Hits
The most attractive targets for data theft are businesses perceived as most likely to pay to prevent exposure of their information.
By Dark Reading Staff , 7/13/2020
Comment0 comments  |  Read  |  Post a Comment
Zoom Patches Zero-Day Vulnerability in Windows 7
Dark Reading Staff, Quick Hits
The flaw also affects older versions of the operating system, even if they're fully patched.
By Dark Reading Staff , 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
As Offices Reopen, Hardware from Home Threatens Security
Joan Goodchild, Contributing Writer
Devices out of sight for the past several months could spell trouble when employees bring them back to work.
By Joan Goodchild Contributing Writer, 7/10/2020
Comment0 comments  |  Read  |  Post a Comment
Fight Phishing with Intention
Runa Sandvik, Independent ResearcherCommentary
Phishing exercises have become a staple, but it helps to be as clear as possible on exactly why you're doing them.
By Runa Sandvik Independent Researcher, 7/9/2020
Comment0 comments  |  Read  |  Post a Comment
More Malware Found Preinstalled on Government Smartphones
Dark Reading Staff, Quick Hits
Researchers report the American Network Solutions UL40 smartphone comes with compromised apps.
By Dark Reading Staff , 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
How Advanced Attackers Take Aim at Office 365
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers discuss how adversaries use components of Office 365 that are poorly understood and not closely monitored.
By Kelly Sheridan Staff Editor, Dark Reading, 7/8/2020
Comment0 comments  |  Read  |  Post a Comment
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWareCommentary
The industry is missing an opportunity to educate the public about bad actors who capitalize off of protest, voting rights education and police brutality petitions through social engineering and phishing attacks.
By Tiffany Ricks CEO, HacWare, 7/8/2020
Comment1 Comment  |  Read  |  Post a Comment
EDP Renewables Confirms Ransomware Attack
Dark Reading Staff, Quick Hits
Its North American branch was notified of the attack because intruders reportedly gained access to 'at least some information' stored in its systems.
By Dark Reading Staff , 7/7/2020
Comment0 comments  |  Read  |  Post a Comment
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cosmic Lynx takes a sophisticated approach to business email compromise and represents a shift in tactics for Russian cybercriminals.
By Kelly Sheridan Staff Editor, Dark Reading, 7/7/2020
Comment1 Comment  |  Read  |  Post a Comment
BEC Busts Take Down Multimillion-Dollar Operations
Kelly Sheridan, Staff Editor, Dark ReadingNews
The two extraditions of business email compromise attackers indicate a step forward for international law enforcement collaboration.
By Kelly Sheridan Staff Editor, Dark Reading, 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
Credit-Card Skimmer Seeks Websites Running Microsoft's ASP.NET
Dark Reading Staff, Quick Hits
The payment-card skimmer targets websites hosted on Microsoft IIS servers and running the ASP.NET web framework.
By Dark Reading Staff , 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
How to Assess More Sophisticated IoT Threats
Jack Mannino, CEO, nVisiumCommentary
Securing the Internet of Things requires diligence in secure development and hardware design throughout the product life cycle, as well as resilience testing and system component analysis.
By Jack Mannino CEO, nVisium, 7/6/2020
Comment0 comments  |  Read  |  Post a Comment
BIG-IP Vulnerabilities Could be Big Trouble for Customers
Dark Reading Staff, Quick Hits
Left unpatched, pair of vulnerabilities could give attackers wide access to a victim's application delivery network.
By Dark Reading Staff , 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Making Sense of EARN IT & LAED Bills' Implications for Crypto
Seth Rosenblatt, Contributing WriterNews
After Senate Judiciary Committee pushes EARN IT Act a step closer to ratification, raising further concerns for privacy advocates, here's what to know.
By Seth Rosenblatt Contributing Writer, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Considerations for Seamless CCPA Compliance
Anurag Kahol, CTO, BitglassCommentary
Three steps to better serve consumers, ensure maximum security, and achieve compliance with the California Consumer Privacy Act.
By Anurag Kahol CTO, Bitglass, 7/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Lessons from COVID-19 Cyberattacks: Where Do We Go Next?
Derek Manky, Chief of Security Insights and Global Threat Alliances, FortiGuard LabsCommentary
We need to learn from the attacks and attempts that have occurred in order to prepare for the future.
By Derek Manky Chief of Security Insights and Global Threat Alliances, FortiGuard Labs, 7/2/2020
Comment1 Comment  |  Read  |  Post a Comment
7 IoT Tips for Home Users
Steve Zurier, Contributing Writer
Whether for business or pleasure, you're on your own once you walk into the house with a new Internet of Things device. Here's how to keep everyone secure.
By Steve Zurier Contributing Writer, 7/2/2020
Comment0 comments  |  Read  |  Post a Comment
Chinese Software Company Aisino Uninstalls GoldenSpy Malware
Steve Zurier, Contributing WriterNews
Follow-up sandbox research confirms Aisino knew about the malware in its tax software, though it's still unclear whether it was culpable.
By Steve Zurier Contributing Writer, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Issues Out-of-Band Patches for RCE Flaws
Dark Reading Staff, Quick Hits
Vulnerabilities had not been exploited or publicly disclosed before fixes were released, Microsoft reports.
By Dark Reading Staff , 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
4 Steps to a More Mature Identity Program
Mike Kiser, Global Security Advocate, Office of the CTO, SailPointCommentary
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
By Mike Kiser Global Security Advocate, Office of the CTO, SailPoint, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Qualitybacklinks
Current Conversations yes, i hope so
In reply to: Re: Affected devices
Post Your Own Reply
Posted by FlynneTrobe
Current Conversations yes, i hope so
In reply to: Re: Affected devices
Post Your Own Reply
More Conversations
PR Newswire
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/13/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19338
PUBLISHED: 2020-07-13
A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is ...
CVE-2020-11749
PUBLISHED: 2020-07-13
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A network administrator scanning a SNMP device can trigger a Cross Site Scripting (XSS), which can run arbitrary code to allow Remote Code Execution as root or apache2.
CVE-2020-5766
PUBLISHED: 2020-07-13
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.
CVE-2020-15689
PUBLISHED: 2020-07-13
Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.
CVE-2019-4591
PUBLISHED: 2020-07-13
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.