Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //


News & Commentary
A Trustworthy Digital Foundation Is Essential to Digital Government
Gus Hunt, Managing Director and Cyber Strategy Lead for Accenture Federal ServicesCommentary
Agencies must take steps to ensure that citizens trust in the security of government's digital channels.
By Gus Hunt Managing Director and Cyber Strategy Lead for Accenture Federal Services, 5/17/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Builds on Decentralized Identity Vision
Kelly Sheridan, Staff Editor, Dark ReadingNews
The company elaborates on its plan to balance data control between businesses and consumers by giving more autonomy to individuals.
By Kelly Sheridan Staff Editor, Dark Reading, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
Commercial Spyware Uses WhatsApp Flaw to Infect Phones
Robert Lemos, Contributing WriterNews
A single flaw allowed attackers thought to be linked to a government to target human rights workers and install surveillance software by sending a phone request. The victims did not even have to answer.
By Robert Lemos Contributing Writer, 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
78% of Consumers Say Online Companies Must Protect Their Info
Steve Zurier, Contributing WriterNews
Yet 68% agree they also must do more to protect their own information.
By Steve Zurier Contributing Writer, 5/13/2019
Comment1 Comment  |  Read  |  Post a Comment
Better Behavior, Better Biometrics?
Rajiv Dholakia, VP Products, Nok Nok LabsCommentary
Behavioral biometrics is a building block to be used in conjunction with other security measures, but it shows promise.
By Rajiv Dholakia VP Products, Nok Nok Labs, 5/7/2019
Comment0 comments  |  Read  |  Post a Comment
California Consumer Privacy Act: 4 Compliance Best Practices
Chris Babel, CEO, TrustArcCommentary
Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.
By Chris Babel CEO, TrustArc, 4/30/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls
Kelly Sheridan, Staff Editor, Dark ReadingNews
New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy.
By Kelly Sheridan Staff Editor, Dark Reading, 4/30/2019
Comment0 comments  |  Read  |  Post a Comment
Credit Card Compromise Up 212% as Hackers Eye Financial Sector
Kelly Sheridan, Staff Editor, Dark ReadingNews
Financial services firms saw upticks in credential leaks and credit card compromise as cybercriminals go where the money is.
By Kelly Sheridan Staff Editor, Dark Reading, 4/29/2019
Comment0 comments  |  Read  |  Post a Comment
A Rear-View Look at GDPR: Compliance Has No Brakes
Daniel Barber, CEO & Co-founder, DataGrailCommentary
With a year of Europe's General Data Protection Regulation under our belt, what have we learned?
By Daniel Barber CEO & Co-founder, DataGrail, 4/29/2019
Comment0 comments  |  Read  |  Post a Comment
Will the US Adopt a National Privacy Law?
Seth P.  Berman, Partner, NutterCommentary
Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.
By Seth P. Berman Partner, Nutter, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent
Dark Reading Staff, Quick Hits
The social media giant says it did not access the imported data and is notifying affected users.
By Dark Reading Staff , 4/18/2019
Comment2 comments  |  Read  |  Post a Comment
Benefiting from Data Privacy Investments
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 4/16/2019
Comment0 comments  |  Read  |  Post a Comment
Home Office Apologizes for EU Citizen Data Exposure
Dark Reading Staff, Quick Hits
The Home Office has admitted to compromising private email addresses belonging to EU citizens hoping to settle in the UK.
By Dark Reading Staff , 4/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Senate Bill Would Ban Social Networks' Social Engineering Tricks
Dark Reading Staff, Quick Hits
Bill takes aim at tactics used to convince people to give up their personal data, designing games that addict kids, and more.
By Dark Reading Staff , 4/10/2019
Comment0 comments  |  Read  |  Post a Comment
Credential-Stuffing Attacks Behind 30 Billion Login Attempts in 2018
Robert Lemos, Contributing WriterNews
Using e-mail addresses and passwords from compromised sites, attackers most often targeted retail sites, video-streaming services, and entertainment companies, according to Akamai.
By Robert Lemos , 4/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Products Under EU Investigation About Data Collection
Dark Reading Staff, Quick Hits
A new inquiry aims to determine whether contracts between Microsoft and EU organizations violate GDPR.
By Dark Reading Staff , 4/8/2019
Comment2 comments  |  Read  |  Post a Comment
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
By Andrea Little Limbago Chief Social Scientist, Virtru, 3/26/2019
Comment1 Comment  |  Read  |  Post a Comment
A Glass Ceiling? Not in Privacy
Rita Heimes, Data Protection Officer, Research Director & General Counsel, IAPPCommentary
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.
By Rita Heimes Data Protection Officer, Research Director & General Counsel, IAPP, 3/25/2019
Comment1 Comment  |  Read  |  Post a Comment
Facebook Employees for Years Could See Millions of User Passwords in Plain Text
Dark Reading Staff, Quick Hits
2,000 Facebook engineers or developers reportedly made some nine million internal queries for data elements with plain text passwords.
By Dark Reading Staff , 3/21/2019
Comment6 comments  |  Read  |  Post a Comment
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Joram Borenstein & Rebecca Weintraub, General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical SchoolCommentary
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
By Joram Borenstein & Rebecca Weintraub General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical School, 3/21/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Windows 10 Migration: Getting It Right
Kevin Alexandra, Principal Solutions Engineer at BeyondTrust,  5/15/2019
Artist Uses Malware in Installation
Dark Reading Staff 5/17/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-05-20
In GoHttp through 2017-07-25, there is a stack-based buffer over-read via a long User-Agent header.
PUBLISHED: 2019-05-20
eLabFTW 1.8.5 is vulnerable to arbitrary file uploads via the /app/controllers/EntityController.php component. This may result in remote command execution. An attacker can use a user account to fully compromise the system using a POST request. This will allow for PHP files to be written to the web r...
PUBLISHED: 2019-05-19
There is XSS in browser/components/MarkdownPreview.js in BoostIO Boostnote 0.11.15 via a label named flowchart, sequence, gallery, or chart, as demonstrated by a crafted SRC attribute of an IFRAME element, a different vulnerability than CVE-2019-12136.
PUBLISHED: 2019-05-18
MacDown 0.7.1 (870) allows remote code execution via a file:\\\ URI, with a .app pathname, in the HREF attribute of an A element. This is different from CVE-2019-12138.
PUBLISHED: 2019-05-17
Typora (1913) allows arbitrary code execution via a modified file: URL syntax in the HREF attribute of an AREA element, as demonstrated by file:\\\ on macOS or Linux, or file://C| on Windows. This is different from CVE-2019-12137.