Endpoint //

Privacy

News & Commentary
What the Incident Responders Saw
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
New report on IR professionals' experiences reveals just how advanced attackers, such as nation-state hackers, dig in even after they're detected.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 7/20/2018
Comment0 comments  |  Read  |  Post a Comment
Banks Suffer an Average of 3.8 Data Leak Incidents Per Week
Dark Reading Staff, Quick Hits
New study examines how financial services information gets sold and shared in the Dark Web.
By Dark Reading Staff , 7/11/2018
Comment0 comments  |  Read  |  Post a Comment
Bomgar Acquires Avecto
Dark Reading Staff, Quick Hits
Purchase adds layers to privileged access management system.
By Dark Reading Staff , 7/10/2018
Comment0 comments  |  Read  |  Post a Comment
7 Ways to Keep DNS Safe
Curtis Franklin Jr., Senior Editor at Dark Reading
A DNS attack can have an outsize impact on the targeted organization or organizations. Here's how to make hackers' lives much more difficult.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/10/2018
Comment2 comments  |  Read  |  Post a Comment
Trading Platforms Riddled With Severe Flaws
Ericka Chickowski, Contributing Writer, Dark ReadingNews
In spite of routing trillions of dollars of stock and commodity trades every day, financial cousins to online banking applications are written very insecurely.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/6/2018
Comment0 comments  |  Read  |  Post a Comment
Preparing for Transport Layer Security 1.3
David DeSanto, Director, Products and Threat Research, at Spirent CommunicationsCommentary
The long-awaited encryption standard update is almost here. Get ready while you can to ensure security, interoperability, and performance.
By David DeSanto Director, Products and Threat Research, at Spirent Communications, 7/2/2018
Comment0 comments  |  Read  |  Post a Comment
10 Tips for More Secure Mobile Devices
Curtis Franklin Jr., Senior Editor at Dark Reading
Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/27/2018
Comment2 comments  |  Read  |  Post a Comment
3 Tips for Driving User Buy-in to Security Policies
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 6/18/2018
Comment1 Comment  |  Read  |  Post a Comment
74 Arrested in International Email Scam Schemes
Dark Reading Staff, Quick Hits
A coordinated effort has led to the arrest of 74 individuals around the world on charges of defrauding businesses and individuals.
By Dark Reading Staff , 6/11/2018
Comment0 comments  |  Read  |  Post a Comment
Facebook Bug Sets 14M Users' Settings to 'Public'
Dark Reading Staff, Quick Hits
The default sharing setting was accidentally changed for millions of accounts during a four-day period last month.
By Dark Reading Staff , 6/8/2018
Comment0 comments  |  Read  |  Post a Comment
In Pursuit of Cryptography's Holy Grail
Ellison Anne Williams, Founder and CEO of EnveilCommentary
Homomorphic encryption eliminates the need for data exposure at any point something that certainly would be welcome these days.
By Ellison Anne Williams Founder and CEO of Enveil, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
Survey Shows Florida at the Bottom for Consumer Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/6/2018
Comment1 Comment  |  Read  |  Post a Comment
'EFAIL' Is Why We Cant Have Golden Keys
Adam Shostack, Founder, Stealth StartupCommentary
A deep dive into the issues surrounding an HTML email attack.
By Adam Shostack Founder, Stealth Startup, 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
The Good News about Cross-Domain Identity Management
Rich Chetwynd, Head of Developer Experience, OneLoginCommentary
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
By Rich Chetwynd Head of Developer Experience, OneLogin, 5/31/2018
Comment2 comments  |  Read  |  Post a Comment
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
Christy Wyatt, CEO, Dtex SystemsCommentary
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
By Christy Wyatt CEO, Dtex Systems, 5/31/2018
Comment1 Comment  |  Read  |  Post a Comment
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
Sara Peters, Senior Editor at Dark ReadingNews
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
By Sara Peters Senior Editor at Dark Reading, 5/25/2018
Comment14 comments  |  Read  |  Post a Comment
Privacy Survey Says: Americans Don't Want to Sell Their Data
Dark Reading Staff, Quick Hits
A new survey shows the extent to which Americans are reluctant to sell their personal information for any price.
By Dark Reading Staff , 5/25/2018
Comment6 comments  |  Read  |  Post a Comment
Privacy Group: Facebook, Google Policies Break GDPR Laws
Dark Reading Staff, News
Nonprofit 'None of Your Business' files complaints against Facebook, Google, WhatsApp, and Instagram.
By Dark Reading Staff , 5/25/2018
Comment7 comments  |  Read  |  Post a Comment
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
Ron Teicher, CEO & Founder, EverCompliantCommentary
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
By Ron Teicher CEO & Founder, EverCompliant, 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
Jen Brown, Compliance and Data Protection Officer at Sumo LogicCommentary
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
By Jen Brown Compliance and Data Protection Officer at Sumo Logic, 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
The Fundamental Flaw in Security Awareness Programs
Ira Winkler, CISSP, President, Secure Mentem,  7/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-3770
PUBLISHED: 2018-07-20
A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files.
CVE-2018-3771
PUBLISHED: 2018-07-20
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
CVE-2018-5065
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2018-5066
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-5067
PUBLISHED: 2018-07-20
Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.