Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Endpoint
Page 1 / 2   >   >>
Banking on Data Security in a Time of Insecurity
Commentary  |  6/2/2020  | 
How banks can maintain security and data integrity in the middle of a pandemic.
26 IoT Flaws Enable Denial-of-Service Attacks, Privilege Escalation
Quick Hits  |  6/1/2020  | 
Research details vulnerabilities in the Zephyr Real Time Operating Systems and MCUboot, both used in IoT devices and sensors.
Bank of America Security Incident Affects PPP Applicants
Quick Hits  |  5/29/2020  | 
The incident occurred when Paycheck Protection Program applications were uploaded to a test platform and accidentally shared.
Google, Microsoft Brands Impersonated the Most in Form-Based Attacks
News  |  5/28/2020  | 
Attackers are preying on users' inclination to click on familiar-looking websites, but instead trick them into sharing usernames and passwords.
Standing Privilege: The Attacker's Advantage
Commentary  |  5/27/2020  | 
The credential is a commodity and will continue to be breached. As a result, focus and spending must shift toward the access that the credentials provide.
GDPR Enforcement Loosens Amid Pandemic
News  |  5/27/2020  | 
The European Union has given some organizations more breathing room to remedy violations, yet no one should think regulators are planning to abandon the privacy legislation in the face of COVID-19.
Microsoft Shares PonyFinal Threat Data, Warns of Delivery Tactics
News  |  5/27/2020  | 
PonyFinal is deployed in human-operated ransomware attacks, in which adversaries tailor their techniques based on knowledge of a target system.
6 Steps Consumers Should Take Following a Hack
Slideshows  |  5/27/2020  | 
Without the luxury of an IT security team to help them after a breach or credit card compromise, consumers will want to keep these tips in mind.
StrandHogg 2.0 Emerges as 'Evil Twin' to Android Threat
News  |  5/26/2020  | 
The vulnerability, which exists in almost every version of Android, is both more dangerous and harder to detect than its predecessor.
Americans Care About Security But Don't Follow Through
Quick Hits  |  5/26/2020  | 
Most Americans say they're very concerned about online security but still behave in insecure ways, according to a new survey.
10 iOS Security Tips to Lock Down Your iPhone
Slideshows  |  5/22/2020  | 
Mobile security experts share their go-to advice for protecting iPhones from hackers, thieves, and fraudsters.
The Need for Compliance in a Post-COVID-19 World
Commentary  |  5/21/2020  | 
With the current upheaval, business leaders may lose focus and push off implementing security measures, managing risk, and keeping up with compliance requirements. That's a big mistake.
60% of Insider Threats Involve Employees Planning to Leave
News  |  5/20/2020  | 
Researchers shows most "flight-risk" employees planning to leave an organization tend to start stealing data two to eight weeks before they go.
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Commentary  |  5/20/2020  | 
Enterprises need to recognize that remote access and other pandemic-related security challenges cannot be fixed with buzzwords or silver-bullet security tools.
Google Chrome Redesign Puts Security & Privacy in Users' Hands
Quick Hits  |  5/19/2020  | 
The Chrome browser will tell users if their browser is up to date, malicious extensions are installed, and/or a password has been compromised.
Web Application Attacks Double from 2019: Verizon DBIR
News  |  5/19/2020  | 
Verizon's annual data breach report shows most attackers are external, money remains their top motivator, and web applications and unsecured cloud storage are hot targets.
Long-Term Remote Work: Keeping Workers Productive & Secure
Commentary  |  5/19/2020  | 
The pandemic has changed how we get work done. Now, data security must catch up.
Cybersecurity Extends Far Beyond Security Teams & Everyone Plays a Part
Commentary  |  5/19/2020  | 
Security isn't about tools or technology; it's about establishing a broad, fundamental awareness and sense of responsibility among all employees.
Private Equity Firm Stalls $1.9B Forescout Acquisition
Quick Hits  |  5/18/2020  | 
Officials say "there can be no assurance" Forescout and Advent International will reach an agreement, though talks are ongoing.
The 3 Top Cybersecurity Myths & What You Should Know
Commentary  |  5/18/2020  | 
With millions of employees now attempting to work from home, it's vital to challenge misconceptions about cybersecurity.
Microsoft Open Sources Its Coronavirus Threat Data
Quick Hits  |  5/15/2020  | 
Microsoft's COVID-19 intelligence will be made publicly available to help businesses fight virus-related security threats.
Identit Comes Out of Stealth
Quick Hits  |  5/14/2020  | 
Startup emerges with three-factor, no-password authentication.
79% of Companies Report Identity-Related Breach in Past Two Years
Quick Hits  |  5/14/2020  | 
Two-thirds of organizations surveyed say phishing is the most common cause of identity-related breaches, the IDSA reports.
New Cyber-Espionage Framework Dubbed Ramsay
News  |  5/13/2020  | 
The framework is designed to collect and exfiltrate sensitive documents from air-gapped networks.
The Problem with Automating Data Privacy Technology
Commentary  |  5/13/2020  | 
Managing complex and nuanced consumer rights requests presents a unique challenge for enterprises in today's regulated world of GDPR and CCPA. Here's why.
More Tips for Staying Safe While Working from Home
Commentary  |  5/13/2020  | 
While some users are up to speed with the WFH protocol, it's worth adding a few more items to your security checklist.
Microsoft Fixes 111 Vulnerabilities for Patch Tuesday
News  |  5/12/2020  | 
This marks the third month in a row that Microsoft patched more than 100 bugs, of which 16 are classified as critical.
Secure Contact Tracing Needs More Transparent Development
News  |  5/12/2020  | 
Experts worry that without proper planning, today's decisions about developing contact-tracing apps could have unforeseen consequences in the years to come.
A-List Celebrity Law Firm Confirms Cyberattack
Quick Hits  |  5/12/2020  | 
Attackers claim to steal 756GB of data from Grubman Shire Meiselas & Sacks, which includes Madonna and Lady Gaga among its clients.
Coronavirus, Data Privacy & the New Online Social Contract
Commentary  |  5/12/2020  | 
How governments can protect personal privacy in contact tracing while saving peoples' lives
6 Free Cybersecurity Training and Awareness Courses
Slideshows  |  5/12/2020  | 
Most are designed to help organizations address teleworking risks related to COVID-19 scams.
Thunderbolt Vulnerabilities Could Threaten Millions of PCs
News  |  5/11/2020  | 
Attackers with physical access to targeted machines could exploit these flaws to access and copy data within minutes, researchers say.
Researchers Analyze Oracle WebLogic Flaw Under Attack
Quick Hits  |  5/11/2020  | 
Trend Micro researchers explain how attackers bypassed the patch for a deserialization vulnerability in the Oracle WebLogic Server.
Rule of Thumb: USB Killers Pose Real Threat
Commentary  |  5/11/2020  | 
They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.
As Remote Work Becomes the Norm, Security Fight Moves to Cloud, Endpoints
News  |  5/8/2020  | 
A majority of firms expect to keep more employees working remotely post-pandemic, forcing businesses to undertake more comprehensive digital and cloud transformations.
Microsoft Identity VP Shares How and Why to Ditch Passwords
News  |  5/7/2020  | 
Passwords are on their way out, says Joy Chik, who offers guidance for businesses hoping to shift away from them.
Mac RAT Rides 2FA App Onto Systems
Quick Hits  |  5/7/2020  | 
The new macOS remote access Trojan from the Lazarus Group uses a two-factor authentication app as its delivery mechanism.
Zoom Acquires Keybase, Plans for End-to-End Encrypted Chats
Quick Hits  |  5/7/2020  | 
The company's first acquisition to date is part of a 90-day plan to improve security in its video communications platform.
Pandemic Could Accelerate Passwordless Authentication
News  |  5/7/2020  | 
As we celebrate another World Password Day, security pros are hopeful that when we move out of the stay-at-home period, companies will continue to focus on digital technologies and ditching passwords.
Maze Ransomware Operators Step Up Their Game
News  |  5/6/2020  | 
Investigations show Maze ransomware operators leave "nothing to chance" when putting pressure on victims to pay.
Financial Phishing Attacks Take Off, Malware Declines
News  |  5/6/2020  | 
In the past year, the number of digital threats increased by nearly half as phishing swamped malware to become the most dominant attack technique.
Microsoft Reportedly in Talks to Acquire CyberX
Quick Hits  |  5/6/2020  | 
CyberX was founded in 2013 and has raised $48 million to build its cybersecurity platform for IoT and industrial control systems.
The Price of Fame? Celebrities Face Unique Hacking Threats
News  |  5/6/2020  | 
Hackers are hitting the sports industry hard on social media and luring quarantined consumers with offers of free streaming services, a new report shows.
Microsoft Challenges Security Researchers to Hack Azure Sphere
News  |  5/5/2020  | 
Participants can earn up to $100,000 for finding severe flaws in Microsoft's Linux-based Azure Sphere IoT operating system.
SMB Security Catches Up to Large Companies, Data Shows
News  |  5/4/2020  | 
Small and midsize businesses face issues similar to those of large organizations and have updated security practices to respond with threat hunting, patch management, and dedicated personnel.
Zoom Installers Used to Spread WebMonitor RAT
Quick Hits  |  5/4/2020  | 
Researchers warn the installers are legitimate but don't come from official sources of the Zoom app, including the Apple App Store and Google Play.
7 Tips for Security Pros Patching in a Pandemic
Slideshows  |  5/4/2020  | 
The shift to remote work has worsened patch management challenges and created new ones. Security pros share insights and best practices.
DHS CISA Launches Site for Teleworking Security
Quick Hits  |  5/1/2020  | 
The new website is intended to be a one-stop source for information on securing teleworkers and their employers.
Best Practices for Managing a Remote SOC
News  |  5/1/2020  | 
Experts share what it takes to get your security analysts effectively countering threats from their home offices.
Apple Makes It Easier to Unlock iPhone While Wearing a Mask
Quick Hits  |  5/1/2020  | 
The beta release of iOS 13.5 brings an updated FaceID so that users wearing masks can bypass facial recognition and unlock their phone with a code.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Well I dont run on MacOS, so I need to take extra precautions"
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13659
PUBLISHED: 2020-06-02
address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer dereference related to BounceBuffer.
CVE-2020-10703
PUBLISHED: 2020-06-02
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created without a target path such as network-based pools like ...
CVE-2020-10739
PUBLISHED: 2020-06-02
Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telemetry v2 is enabled: by sending a specially crafted packet, an attacker could trigger a Null Pointer Exception resulting in a Denial of Service. This could be sent to the ingress gateway or a sidecar, ...
CVE-2020-10136
PUBLISHED: 2020-06-02
Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access cont...
CVE-2020-13757
PUBLISHED: 2020-06-01
Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing exces...