Endpoint

News & Commentary
The Rx for HIPAA Compliance in the Cloud
Jason Polancich, CEO, MusubuCommentary
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
By Jason Polancich CEO, Musubu, 1/18/2019
Comment0 comments  |  Read  |  Post a Comment
The Security Perimeter Is Dead; Long Live the New Endpoint Perimeter
Ofer Amitai, CEO, PortnoxCommentary
The network no longer provides an air gap against external threats, but access devices can take up the slack.
By Ofer Amitai CEO, Portnox, 1/17/2019
Comment2 comments  |  Read  |  Post a Comment
'We Want IoT Security Regulation,' Say 95% of IT Decision-Makers
Sara Peters, Senior Editor at Dark ReadingNews
New global survey shows businesses are valuing IoT security more highly, but they are still challenged by IoT data visibility and privacy.
By Sara Peters Senior Editor at Dark Reading, 1/17/2019
Comment0 comments  |  Read  |  Post a Comment
Simulating Lateral Attacks Through Email
Igal Gofman, Head of Security Research at XM CyberCommentary
A skilled attacker can get inside your company by abusing common email applications. Here are three strategies to block them.
By Igal Gofman Head of Security Research at XM Cyber, 1/17/2019
Comment0 comments  |  Read  |  Post a Comment
Oklahoma Data Leak Compromises Years of FBI Data
Dark Reading Staff, Quick Hits
The Oklahoma Securities Commission accidentally leaked 3 TB of information, including data on years of FBI investigations.
By Dark Reading Staff , 1/16/2019
Comment0 comments  |  Read  |  Post a Comment
Fortnite Players Compromised Via Epic Games Vulnerability
Kelly Sheridan, Staff Editor, Dark ReadingNews
Bugs in Epic Games' platform could let intruders take over players' accounts, view personal data, and/or buy in-game currency.
By Kelly Sheridan Staff Editor, Dark Reading, 1/16/2019
Comment1 Comment  |  Read  |  Post a Comment
Online Fraud: Now a Major Application Layer Security Problem
Ting-Fang Yen, Research Scientist, DataVisor, Inc.Commentary
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
By Ting-Fang Yen Research Scientist, DataVisor, Inc., 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
US Judge: Police Can't Force Biometric Authentication
Dark Reading Staff, Quick Hits
Law enforcement cannot order individuals to unlock devices using facial or fingerprint scans, a California judge says.
By Dark Reading Staff , 1/15/2019
Comment3 comments  |  Read  |  Post a Comment
7 Privacy Mistakes That Keep Security Pros on Their Toes
Steve Zurier, Freelance Writer
When it comes to privacy, it's the little things that can lead to big mishaps.
By Steve Zurier Freelance Writer, 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.
By Eyal Benishti CEO & Founder of IRONSCALES, 1/14/2019
Comment1 Comment  |  Read  |  Post a Comment
NotPetya Victim Mondelez Sues Zurich Insurance for $100 Million
Dark Reading Staff, Quick Hits
Mondelez files lawsuit after Zurich rejects claim for damages from massive ransomware attack.
By Dark Reading Staff , 1/11/2019
Comment7 comments  |  Read  |  Post a Comment
Kudos to the Unsung Rock Stars of Security
Ira Winkler, CISSP, President, Secure MentemCommentary
It is great to have heroes, but the real security heroes are the men and women who keep the bad guys out while fighting their own organizations at the same time.
By Ira Winkler CISSP, President, Secure Mentem, 1/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Reddit Alerts Users to Possible Account Breaches
Dark Reading Staff, Quick Hits
User lockouts, combined with requirements for new passwords, indicate an attack on accounts at the popular social media platform.
By Dark Reading Staff , 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
Ryuk Ransomware Attribution May Be Premature
Kelly Sheridan, Staff Editor, Dark ReadingNews
The eagerness to tie recent Ryuk ransomware attacks to a specific group could be rushed, researchers say.
By Kelly Sheridan Staff Editor, Dark Reading, 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
Election Security Isn't as Bad as People Think
Suzanne Spaulding, Former DHS Under Secretary and Nozomi Networks AdviserCommentary
Make no mistake, however: We'll always have to be on guard. And we can take some lessons from the world of industrial cybersecurity.
By Suzanne Spaulding Former DHS Under Secretary and Nozomi Networks Adviser, 1/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Consumers Demand Security from Smart Device Makers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Poll shows individuals want better security from IoT device manufacturers as connected products flood the market.
By Kelly Sheridan Staff Editor, Dark Reading, 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
Google: G Suite Now Alerts Admins to Data Exfiltration
Dark Reading Staff, Quick Hits
New additions to the G Suite alert center are intended to notify admins of phishing and data exports.
By Dark Reading Staff , 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
6 Best Practices for Managing an Online Educational Infrastructure
Jamie Smith & Larry Schwarberg, Chief Information Officer; Chief Information Security Officer for University of PhoenixCommentary
Universities must keep pace with rapidly changing technology to help thwart malicious hacking attempts and protect student information.
By Jamie Smith & Larry Schwarberg Chief Information Officer; Chief Information Security Officer for University of Phoenix, 1/10/2019
Comment0 comments  |  Read  |  Post a Comment
Security Concerns Limit Remote Work Opportunities
Dark Reading Staff, Quick Hits
When companies limit the remote work options that they know will benefit the organization, security concerns are often to blame.
By Dark Reading Staff , 1/9/2019
Comment3 comments  |  Read  |  Post a Comment
Magecart Mayhem Continues in OXO Breach
Dark Reading Staff, Quick Hits
The home goods company confirmed users' data may have been compromised during multiple time frames over a two-year period.
By Dark Reading Staff , 1/9/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
How the US Chooses Which Zero-Day Vulnerabilities to Stockpile
Ricardo Arroyo, Senior Technical Product Manager, Watchguard Technologies,  1/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He just showed up at my doorstep one day without a geotag."
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.