Endpoint

News & Commentary
A Glass Ceiling? Not in Privacy
Rita Heimes, Data Protection Officer, Research Director & General Counsel, IAPPCommentary
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.
By Rita Heimes Data Protection Officer, Research Director & General Counsel, IAPP, 3/25/2019
Comment0 comments  |  Read  |  Post a Comment
Inside Incident Response: 6 Key Tips to Keep in Mind
Kelly Sheridan, Staff Editor, Dark Reading
Experts share the prime window for detecting intruders, when to contact law enforcement, and what they wish they did differently after a breach.
By Kelly Sheridan Staff Editor, Dark Reading, 3/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Two Found Guilty in Online Dating, BEC Scheme
Dark Reading Staff, Quick Hits
Cybercriminals involved in the operation created fake online dating profiles and tricked victims into sending money to phony bank accounts.
By Dark Reading Staff , 3/22/2019
Comment1 Comment  |  Read  |  Post a Comment
Facebook Employees for Years Could See Millions of User Passwords in Plain Text
Dark Reading Staff, Quick Hits
2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.
By Dark Reading Staff , 3/21/2019
Comment4 comments  |  Read  |  Post a Comment
Hacker AI vs. Enterprise AI: A New Threat
Satish Abburi, Founder of Elysium AnalyticsCommentary
Artificial intelligence and machine learning are being weaponized using the same logic and functionality that legitimate organizations use.
By Satish Abburi Founder of Elysium Analytics, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Brings Defender Security Tools to Mac
Kelly Sheridan, Staff Editor, Dark ReadingNews
Windows Defender becomes Microsoft Defender, and it's available in limited preview for Mac users.
By Kelly Sheridan Staff Editor, Dark Reading, 3/21/2019
Comment0 comments  |  Read  |  Post a Comment
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Joram Borenstein & Rebecca Weintraub, General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical SchoolCommentary
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
By Joram Borenstein & Rebecca Weintraub General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical School, 3/21/2019
Comment1 Comment  |  Read  |  Post a Comment
Google Photos Bug Let Criminals Query Friends, Location
Kelly Sheridan, Staff Editor, Dark ReadingNews
The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.
By Kelly Sheridan Staff Editor, Dark Reading, 3/20/2019
Comment0 comments  |  Read  |  Post a Comment
The Insider Threat: It's More Common Than You Think
Raj Ananthanpillai, Chairman & CEO, EnderaCommentary
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
By Raj Ananthanpillai Chairman & CEO, Endera, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
TLS 1.3: A Good News/Bad News Scenario
Paula Musich, Research Director, Enterprise Management AssociatesCommentary
Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.
By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
DDoS Attack Size Drops 85% in Q4 2018
Kelly Sheridan, Staff Editor, Dark ReadingNews
The sharp decline follows an FBI takedown of so-called "booter," or DDoS-for-hire, websites in December 2018.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Norsk Hydro Shuts Plants Amid Ransomware Attack
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
The cyberattack, first detected on Monday night, has shut down Norsk's entire global network.
By Kelly Sheridan Staff Editor, Dark Reading, 3/19/2019
Comment1 Comment  |  Read  |  Post a Comment
Stealing Corporate Funds Still Top Goal of Messaging Attacks
Robert Lemos, Technology Journalist/Data ResearcherNews
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
By Robert Lemos , 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Are You Prepared for a Zombie (Domain) Apocalypse?
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
When a domain registration expires, they can be claimed by new owners. And sometimes, those new owners have malicious intent.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 3/18/2019
Comment0 comments  |  Read  |  Post a Comment
Ransomware's New Normal
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
GandCrab's evolution underscores a shift in ransomware attack methods.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
US Prosecutors Investigate Facebook's Data-Sharing Deals
Dark Reading Staff, Quick Hits
The news follows a long, tumultuous period of scandal around Facebook and its privacy practices.
By Dark Reading Staff , 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
Businesses Increase Investments in AI and Machine Learning
Dark Reading Staff, Quick Hits
More than three-quarters of IT pros say they feel safer for having done so, according to a new report.
By Dark Reading Staff , 3/14/2019
Comment0 comments  |  Read  |  Post a Comment
New Malware Shows Marketing Polish
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new strain of point-of-sale malware skims credit card numbers and comes via a highly polished marketing campaign.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/13/2019
Comment0 comments  |  Read  |  Post a Comment
The Case for Transparency in End-User License Agreements
Lysa Myers, Security Researcher, ESETCommentary
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.
By Lysa Myers Security Researcher, ESET, 3/13/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Patch Tuesday: 64 Vulnerabilities Patched, 2 Under Attack
Kelly Sheridan, Staff Editor, Dark ReadingNews
Seventeen vulnerabilities patches today are rated critical, four are publicly known, and two have been exploited in the wild.
By Kelly Sheridan Staff Editor, Dark Reading, 3/12/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by KevinStanley
Current Conversations Absolutely. 
In reply to: Re: This is the cloud
Post Your Own Reply
More Conversations
PR Newswire
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7715
PUBLISHED: 2019-03-26
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The main shell handler function uses the value of the environment variable ipcom.shell.greeting as the first argument to printf(). Setting this variable using the sysvar command results in a user-c...
CVE-2019-8981
PUBLISHED: 2019-03-26
tls1.c in Cameron Hamilton-Rich axTLS before 2.1.5 has a Buffer Overflow via a crafted sequence of TLS packets because the need_bytes value is mismanaged.
CVE-2019-10061
PUBLISHED: 2019-03-26
utils/find-opencv.js in node-opencv (aka OpenCV bindings for Node.js) prior to 6.1.0 is vulnerable to Command Injection. It does not validate user input allowing attackers to execute arbitrary commands.
CVE-2019-7711
PUBLISHED: 2019-03-26
An issue was discovered in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. The undocumented shell command "prompt" sets the (user controlled) shell's prompt value, which is used as a format string input to printf, resulting in an information leak of memory addre...
CVE-2019-7712
PUBLISHED: 2019-03-26
An issue was discovered in handler_ipcom_shell_pwd in the Interpeak IPCOMShell TELNET server on Green Hills INTEGRITY RTOS 5.0.4. When using the pwd command, the current working directory path is used as the first argument to printf() without a proper check. An attacker may thus forge a path contain...