Endpoint //

Privacy

News & Commentary
The Human Factor in Social Media Risk
Dr. Sam Small, Chief Security Officer at ZeroFOXCommentary
Your employees need help recognizing the warning signs and understanding how to protect themselves online.
By Dr. Sam Small Chief Security Officer at ZeroFOX, 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
4 Trends Giving CISOs Sleepless Nights
Mike Convertino, CISO & VP, Information Security, F5 NetworksCommentary
IoT attacks, budget shortfalls, and the skills gap are among the problems keeping security pros up at night.
By Mike Convertino CISO & VP, Information Security, F5 Networks, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Palestinian, Middle East Targets Hit with New Surveillance Attacks
Dark Reading Staff, Quick Hits
'Big Bang' group returns with new campaign after last year's RAT attacks.
By Dark Reading Staff , 9/7/2018
Comment0 comments  |  Read  |  Post a Comment
4 Benefits of a World with Less Privacy
Reg Harnish, CEO, GreyCastle SecurityCommentary
The privacy issue is a problem for a lot of people. I see it differently.
By Reg Harnish CEO, GreyCastle Security, 8/30/2018
Comment5 comments  |  Read  |  Post a Comment
The GDPR Ripple Effect
Tim Critchley, CEO at SemafoneCommentary
Will we ever see a truly global data security and privacy mandate?
By Tim Critchley CEO at Semafone, 8/23/2018
Comment0 comments  |  Read  |  Post a Comment
How to Gauge the Effectiveness of Security Awareness Programs
Ira Winkler, CISSP, President, Secure MentemCommentary
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
By Ira Winkler CISSP, President, Secure Mentem, 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.Commentary
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
By Dana Simberkoff Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc., 8/20/2018
Comment7 comments  |  Read  |  Post a Comment
Researcher Finds MQTT Hole in IoT Defenses
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A commonly used protocol provides a gaping backdoor when misconfigured.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/16/2018
Comment3 comments  |  Read  |  Post a Comment
Gartner Says IT Security Spending to Hit $124B in 2019
Dark Reading Staff, Quick Hits
Global IT security spending will grow 12.4% in 2018 and another 8.7% in 2019.
By Dark Reading Staff , 8/15/2018
Comment2 comments  |  Read  |  Post a Comment
Flaws in Mobile Point of Sale Readers Displayed at Black Hat
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
While security is high overall for mPOS tools from companies like Square, PayPal, and iZettle, some devices have vulnerabilities that attackers could exploit to gather data and cash.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/14/2018
Comment0 comments  |  Read  |  Post a Comment
FBI Warns of Cyber Extortion Scam
Dark Reading Staff, Quick Hits
Spear-phishing techniques are breathing new life into an old scam.
By Dark Reading Staff , 8/13/2018
Comment0 comments  |  Read  |  Post a Comment
Shadow IT: Every Company's 3 Hidden Security Risks
Adam Marre,  Information Security Operations Leader, QualtricsCommentary
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
By Adam Marre Information Security Operations Leader, Qualtrics, 8/7/2018
Comment2 comments  |  Read  |  Post a Comment
6 Ways DevOps Can Supercharge Security
Ericka Chickowski, Contributing Writer, Dark Reading
Security teams have a huge opportunity to make major inroads by embracing the DevOps movement.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
How GDPR Could Turn Privileged Insiders into Bribery Targets
Mark Coates, VP, EMEA, Dtex SystemsCommentary
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
By Mark Coates VP, EMEA, Dtex Systems, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
$5 Million in Cryptocurrency Stolen in SIM Hijacking Operation
Dark Reading Staff, Quick Hits
College student is arrested for his alleged involvement.
By Dark Reading Staff , 7/30/2018
Comment0 comments  |  Read  |  Post a Comment
Stealth Mango Proves Malware Success Doesn't Require Advanced Tech
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
At Black Hat USA, a pair of researchers will show how unsophisticated software can still be part of a successful surveillance campaign.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/26/2018
Comment6 comments  |  Read  |  Post a Comment
24 Sentenced in India-Based Call Center Operation
Dark Reading Staff, Quick Hits
The scheme targeted US residents with fraudulent phone calls and conned victims out of hundreds of millions of dollars.
By Dark Reading Staff , 7/23/2018
Comment1 Comment  |  Read  |  Post a Comment
London Calling with New Strategies to Stop Ransomware
Chris Bailey, Vice President of Strategy, Entrust DatacardCommentary
The new London Protocol from the Certificate Authority Security Council/Browser Forum aims to minimize the possibility of phishing activity on high-value identity websites.
By Chris Bailey Vice President of Strategy, Entrust Datacard, 7/23/2018
Comment1 Comment  |  Read  |  Post a Comment
What the Incident Responders Saw
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New report on IR professionals' experiences reveals just how advanced attackers, such as nation-state hackers, dig in even after they're detected.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/20/2018
Comment0 comments  |  Read  |  Post a Comment
Banks Suffer an Average of 3.8 Data Leak Incidents Per Week
Dark Reading Staff, Quick Hits
New study examines how financial services information gets sold and shared in the Dark Web.
By Dark Reading Staff , 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
NSS Labs Files Antitrust Suit Against Symantec, CrowdStrike, ESET, AMTSO
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1664
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cache. ...
CVE-2018-1669
PUBLISHED: 2018-09-25
IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 are vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote atta...
CVE-2018-1539
PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561.
CVE-2018-1560
PUBLISHED: 2018-09-25
IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr...
CVE-2018-1588
PUBLISHED: 2018-09-25
IBM Jazz Foundation (IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6) is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resourc...