Endpoint

News & Commentary
Malware Decompiler Tool Goes Open Source
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Avast's RetDec machine-code decompiler now available for free on Github.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
80% of Americans Admit to Risky Cybersecurity Behaviors
Dark Reading Staff, Quick Hits
Nearly half of survey respondents use unsecured WiFi networks and a third open unsolicited email attachment, a report finds.
By Dark Reading Staff , 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
Healthcare Faces Poor Cybersecurity Prognosis
Kelly Sheridan, Associate Editor, Dark ReadingNews
Experts say the healthcare industry is underestimating security threats as attackers continue to seek data and monetary gain.
By Kelly Sheridan Associate Editor, Dark Reading, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
Google Play Offered Fewer Blacklisted Mobile Apps in Q3
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Third-party AndroidAPKDescargar store carried the most blacklisted mobile apps.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
8 Steps for Building an IT Security Career Path Program
Dawn Kawamoto, Associate Editor, Dark Reading
A cybersecurity career-path program can help with talent retention and recruitment.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/13/2017
Comment0 comments  |  Read  |  Post a Comment
8 Out of 10 Employees Use Unencrypted USB Devices
Dark Reading Staff, Quick Hits
Security policies for USB drivers are severely outdated or inadequate, a report finds.
By Dark Reading Staff , 12/12/2017
Comment0 comments  |  Read  |  Post a Comment
Employees on Public WiFi Rarely Face Man-in-the-Middle Attacks
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Employees' corporate mobile devices are connected to WiFi networks on average 74% of the time.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/12/2017
Comment0 comments  |  Read  |  Post a Comment
Romanian Nationals Admit to Racketeering Conspiracy, ATM Skimming
Dark Reading Staff, Quick Hits
Seven Romanian nationals pleaded guilty in connection with an ATM skimming scheme and RICO conspiracy, in addition to other crimes.
By Dark Reading Staff , 12/11/2017
Comment0 comments  |  Read  |  Post a Comment
Gartner: IT Security Spending to Reach $96 Billion in 2018
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Identity access management and security services to drive worldwide spending growth.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/8/2017
Comment0 comments  |  Read  |  Post a Comment
Microsoft Issues Emergency Patch for 'Critical' Flaw in Windows Security
Dark Reading Staff, Quick Hits
Remote code execution vulnerability in Microsoft Malware Protection Engine was found by UK spy agency's National Cyber Security Centre (NCSC).
By Dark Reading Staff , 12/8/2017
Comment0 comments  |  Read  |  Post a Comment
Android Ransomware Kits on the Rise in the Dark Web
Dawn Kawamoto, Associate Editor, Dark ReadingNews
More than 5,000 Android ransomware kit listings have been spotted so far this year, with the median price range hitting $200.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
Rutkowska: Trust Makes Us Vulnerable
Kelly Sheridan, Associate Editor, Dark ReadingNews
Offensive security researcher Joanna Rutkowska explains why trust in technology can put users at risk.
By Kelly Sheridan Associate Editor, Dark Reading, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
Bitcoin Miner NiceHash Hacked, Possibly Losing $62 Million in Bitcoin
Dark Reading Staff, Quick Hits
Breach occurred just prior to bitcoin's debut on two major US exchanges, the AP reports.
By Dark Reading Staff , 12/7/2017
Comment1 Comment  |  Read  |  Post a Comment
Uber Used $100K Bug Bounty to Pay, Silence Florida Hacker: Report
Dark Reading Staff, Quick Hits
Uber also performed a forensic analysis of the man's computer to ensure he had deleted the stolen information, Reuters said.
By Dark Reading Staff , 12/7/2017
Comment1 Comment  |  Read  |  Post a Comment
Ransomware Meets 'Grey's Anatomy'
Tom & Natalie Pageler, Neustar CRO & CSO, and MD Stanford UniversityCommentary
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
By Tom & Natalie Pageler Neustar CRO & CSO, and MD Stanford University, 12/7/2017
Comment0 comments  |  Read  |  Post a Comment
How the Major Intel ME Firmware Flaw Lets Attackers Get 'God Mode' on a Machine
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researchers at Black Hat Europe today revealed how a buffer overflow they discovered in the chip's firmware can be abused to take control of a machine - even when it's turned 'off.'
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/6/2017
Comment0 comments  |  Read  |  Post a Comment
Study: Simulated Attacks Uncover Real-World Problems in IT Security
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Some 70% of simulated attacks on real networks were able to move laterally within the network, while more than half infiltrated the perimeter and exfiltrated data.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/5/2017
Comment0 comments  |  Read  |  Post a Comment
Android Developer Tools Contain Vulnerabilities
Dark Reading Staff, Quick Hits
Several of the most popular cloud-based and downloadable tools Android developers use are affected.
By Dark Reading Staff , 12/5/2017
Comment0 comments  |  Read  |  Post a Comment
PayPal's TIO Networks Suffered Data Breach Exposing Data on 1.6 Million Customers
Dark Reading Staff, Quick Hits
PayPal states TIO Networks, a payment processing company it acquired this summer, is not part of its network and PayPal remains unaffected by the breach.
By Dark Reading Staff , 12/4/2017
Comment0 comments  |  Read  |  Post a Comment
The Rising Dangers of Unsecured IoT Technology
Danielle Jackson, Chief Information Security Officer, SecureAuthCommentary
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
By Danielle Jackson Chief Information Security Officer, SecureAuth, 12/4/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark Reading,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Gee, these virtual reality goggles work great!!! 
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.