Endpoint

News & Commentary
Google to Delete 'Secure' Label from HTTPS Sites
Kelly Sheridan, Staff Editor, Dark ReadingQuick Hits
Google acknowledges HTTPS as the Internet standard with plans to remove secure from all HTTPS sites.
By Kelly Sheridan Staff Editor, Dark Reading, 5/21/2018
Comment1 Comment  |  Read  |  Post a Comment
'Roaming Mantis' Android Malware Evolves, Expands Targets
Dark Reading Staff, Quick Hits
Roaming Mantis has evolved rapidly, adding geographies, platforms, and capabilities to its original scope.
By Dark Reading Staff , 5/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Actor Advertises Japanese PII on Chinese Underground
Kelly Sheridan, Staff Editor, Dark ReadingNews
The dataset contains 200 million rows of information stolen from websites across industries, likely via opportunistic access.
By Kelly Sheridan Staff Editor, Dark Reading, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
Syrian Electronic Army Members Indicted for Conspiracy
Dark Reading Staff, Quick Hits
Two men have been charged for their involvement in a plot to commit computer hacking as members of the Syrian Electronic Army.
By Dark Reading Staff , 5/18/2018
Comment1 Comment  |  Read  |  Post a Comment
How to Hang Up on Fraud
Patrick Cox, Chairman and CEO of TRUSTIDCommentary
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
By Patrick Cox Chairman and CEO of TRUSTID, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
Get Ready for 'WannaCry 2.0'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Another widespread worm attack is "inevitable," but spreading a different more lucrative or destructive payload, experts say.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading
Two-factor authentication is a common best security practice but not ironclad. Here's how it can be bypassed, and how you can improve security.
By Kelly Sheridan Staff Editor, Dark Reading, 5/17/2018
Comment1 Comment  |  Read  |  Post a Comment
The Risks of Remote Desktop Access Are Far from Remote
Matt Ahrens,  Security Team Leader at CoalitionCommentary
RDP is used by fraudsters to steal and monetize data more often than you might think. But there are ways to stay safe.
By Matt Ahrens Security Team Leader at Coalition, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Tanium's Valuation Reaches $5 Billion With New Investment
Dark Reading Staff, Quick Hits
Tanium has received a $175 million investment from TPG Growth.
By Dark Reading Staff , 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
California Teen Arrested for Phishing Teachers to Change Grades
Dark Reading Staff, Quick Hits
The student faces 14 felony counts for using a phishing campaign to steal teachers' credentials and alter students' grades.
By Dark Reading Staff , 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
7 Tools for Stronger IoT Security, Visibility
Curtis Franklin Jr., Senior Editor at Dark Reading
If you don't know what's on your IoT network, you don't know what to protect -- or protect from. These tools provide visibility into your network so you can be safe with (and from) what you see.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
Newly Discovered Malware Targets Telegram Desktop
Kelly Sheridan, Staff Editor, Dark ReadingNews
Russian-speaking attacker behind new malware capable of lifting credentials, cookies, desktop cache, and key files.
By Kelly Sheridan Staff Editor, Dark Reading, 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
FIDO Alliance Appoints Facebook to Board of Directors
Dark Reading Staff, Quick Hits
Facebook joins Google, Microsoft, Amazon, and Intel, all among major influential tech companies backing FIDO authentication.
By Dark Reading Staff , 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
IT Pros Worried About IoT But Not Prepared to Secure It
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Few organizations have a security policy in place for Internet of Things devices, new survey shows.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/16/2018
Comment1 Comment  |  Read  |  Post a Comment
Rail Europe Notifies Riders of Three-Month Data Breach
Dark Reading Staff, Quick Hits
Rail Europe North America alerts customers to a security incident in which hackers planted card-skimming malware on its website.
By Dark Reading Staff , 5/15/2018
Comment0 comments  |  Read  |  Post a Comment
New DDoS Attack Method Leverages UPnP
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
'Lock down UPnP routers,' researchers say.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/15/2018
Comment0 comments  |  Read  |  Post a Comment
Smashing Silos and Building Bridges in the IT-Infosec Divide
Kelly Sheridan, Staff Editor, Dark ReadingNews
A strong relationship between IT and security leads to strong defense, but it's not always easy getting the two to collaborate.
By Kelly Sheridan Staff Editor, Dark Reading, 5/14/2018
Comment0 comments  |  Read  |  Post a Comment
'EFAIL' Email Encryption Flaw Research Stirs Debate
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A newly revealed vulnerability in email encryption is a big problem for a small subset of users.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/14/2018
Comment0 comments  |  Read  |  Post a Comment
Facebook Suspends 200 Apps
Dark Reading Staff, Quick Hits
Thousands of apps have been investigated as Facebook determines which had access to large amounts of user data before its 2014 policy changes.
By Dark Reading Staff , 5/14/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8010
PUBLISHED: 2018-05-21
This vulnerability in Apache Solr 6.0.0 to 6.6.3, 7.0.0 to 7.3.0 relates to an XML external entity expansion (XXE) in Solr config files (solrconfig.xml, schema.xml, managed-schema). In addition, Xinclude functionality provided in these config files is also affected in a similar way. The vulnerabilit...
CVE-2018-8012
PUBLISHED: 2018-05-21
No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a result an arbitrary end point could join the cluster and begin propagating counterfeit changes to the leader.
CVE-2018-1067
PUBLISHED: 2018-05-21
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is ...
CVE-2018-7268
PUBLISHED: 2018-05-21
MagniComp SysInfo before 10-H81, as shipped with BMC BladeLogic Automation and other products, contains an information exposure vulnerability in which a local unprivileged user is able to read any root (uid 0) owned file on the system, regardless of the file permissions. Confidential information suc...
CVE-2018-11092
PUBLISHED: 2018-05-21
An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action.