Endpoint //

Privacy

News & Commentary
How to Get Consumers to Forgive You for a Breach
Dark Reading Staff, Quick Hits
It starts with already-established trust, a new survey shows.
By Dark Reading Staff , 10/18/2018
Comment0 comments  |  Read  |  Post a Comment
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CACommentary
Websites can avoid the negative consequences of a "not secure" label from Google Chrome 68 by following four AOSSL best practices.
By Tim Callan Senior Fellow, Comodo CA, 10/18/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/16/2018
Comment1 Comment  |  Read  |  Post a Comment
3 Out of 4 Employees Pose a Security Risk
Steve Zurier, Freelance WriterNews
New MediaPRO study also finds that management performed worse than entry- and mid-level employees in how to handle a suspected phishing email.
By Steve Zurier Freelance Writer, 10/15/2018
Comment1 Comment  |  Read  |  Post a Comment
DoD Travel System Breach Exposed Data of 30K Civilian, Military Employees
Dark Reading Staff, Quick Hits
Defense Dept. says contractor that handles travel management services was hacked.
By Dark Reading Staff , 10/15/2018
Comment0 comments  |  Read  |  Post a Comment
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer
There's no excuse for not knowing your exposure. These free tools can help you analyze what your company is up against and point ways to developing a more thorough security program.
By Steve Zurier Freelance Writer, 10/12/2018
Comment3 comments  |  Read  |  Post a Comment
Window Snyder Shares Her Plans for Intel Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The security leader, known for her role in securing Microsoft, Apple, and Mozilla, discusses her new gig and what she's working on now.
By Kelly Sheridan Staff Editor, Dark Reading, 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
One-Third of US Adults Hit with Identity Theft
Dark Reading Staff, Quick Hits
That's double the global average and more than three times the rate of French and German adults.
By Dark Reading Staff , 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
Lessons Learned from the Facebook Breach: Why Logic Errors Are So Hard to Catch
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
By ensuring that each layer of protection scours an application for unintended uses, you can find the flaws before the bad guys do.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 10/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Richard Ford, Chief Scientist, ForcepointCommentary
Technology such as Apple's device trust score that decides "you" is not you is a good thing. But only if it works well.
By Richard Ford Chief Scientist, Forcepoint, 10/5/2018
Comment0 comments  |  Read  |  Post a Comment
For $14.71, You Can Buy A Passport Scan on the Dark Web
Kelly Sheridan, Staff Editor, Dark ReadingNews
That's the average price of a digital passport scan, and it goes up with proof of identification, a new study finds.
By Kelly Sheridan Staff Editor, Dark Reading, 10/4/2018
Comment1 Comment  |  Read  |  Post a Comment
Google to Let Users Disable Automatic Login to Chrome
Jai Vijayan, Freelance writerNews
The decision comes days after security researcher had blasted company for jeopardizing user privacy with browser update.
By Jai Vijayan Freelance writer, 9/27/2018
Comment2 comments  |  Read  |  Post a Comment
The Human Factor in Social Media Risk
Dr. Sam Small, Chief Security Officer at ZeroFOXCommentary
Your employees need help recognizing the warning signs and understanding how to protect themselves online.
By Dr. Sam Small Chief Security Officer at ZeroFOX, 9/25/2018
Comment2 comments  |  Read  |  Post a Comment
4 Trends Giving CISOs Sleepless Nights
Mike Convertino, CISO & VP, Information Security, F5 NetworksCommentary
IoT attacks, budget shortfalls, and the skills gap are among the problems keeping security pros up at night.
By Mike Convertino CISO & VP, Information Security, F5 Networks, 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Palestinian, Middle East Targets Hit with New Surveillance Attacks
Dark Reading Staff, Quick Hits
'Big Bang' group returns with new campaign after last year's RAT attacks.
By Dark Reading Staff , 9/7/2018
Comment0 comments  |  Read  |  Post a Comment
4 Benefits of a World with Less Privacy
Reg Harnish, CEO, GreyCastle SecurityCommentary
The privacy issue is a problem for a lot of people. I see it differently.
By Reg Harnish CEO, GreyCastle Security, 8/30/2018
Comment5 comments  |  Read  |  Post a Comment
The GDPR Ripple Effect
Tim Critchley, CEO at SemafoneCommentary
Will we ever see a truly global data security and privacy mandate?
By Tim Critchley CEO at Semafone, 8/23/2018
Comment0 comments  |  Read  |  Post a Comment
How to Gauge the Effectiveness of Security Awareness Programs
Ira Winkler, CISSP, President, Secure MentemCommentary
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
By Ira Winkler CISSP, President, Secure Mentem, 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.Commentary
There are three main reasons why the field has been more welcoming for women. Can other tech areas step up?
By Dana Simberkoff Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc., 8/20/2018
Comment7 comments  |  Read  |  Post a Comment
Researcher Finds MQTT Hole in IoT Defenses
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A commonly used protocol provides a gaping backdoor when misconfigured.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/16/2018
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by CallumLepide
Current Conversations I could not agree more
In reply to: Spot on
Post Your Own Reply
More Conversations
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.