Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Endpoint
Page 1 / 2   >   >>
Sophos for Sale: Thoma Bravo Offers $3.9B
News  |  10/14/2019  | 
Sophos' board of directors plans to unanimously recommend the offer to the company's shareholders.
Tamper Protection Arrives for Microsoft Defender ATP
Quick Hits  |  10/14/2019  | 
The feature, designed to block unauthorized changes to security features, is now generally available.
7 SMB Security Tips That Will Keep Your Company Safe
Slideshows  |  10/11/2019  | 
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
iTunes Zero-Day Exploited to Deliver BitPaymer
News  |  10/10/2019  | 
The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
Akamai Snaps Up ChameleonX to Tackle Magecart
Quick Hits  |  10/10/2019  | 
The Israel-based ChameleonX aims to protect websites from cyberattacks targeting payment data.
Attackers Hide Behind Trusted Domains, HTTPS
News  |  10/10/2019  | 
One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.
Magecart Attack on Volusion Highlights Supply Chain Dangers
News  |  10/10/2019  | 
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
A Realistic Threat Model for the Masses
Commentary  |  10/9/2019  | 
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
Twitter Slip-Up Spills MFA Phone Numbers, Emails to Advertisers
Quick Hits  |  10/9/2019  | 
Email addresses and phone numbers provided to secure user accounts were accidentally shared with marketers.
Microsoft Issues 9 Critical Security Patches
News  |  10/8/2019  | 
None of the total 59 patches were for previously known vulnerabilities nor are any under active attack, Microsoft reports.
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Commentary  |  10/8/2019  | 
As in any battle, understanding and exploiting the terrain often dictates the outcome.
Business Email Compromise Attacks Spike 269%
Quick Hits  |  10/8/2019  | 
A new Mimecast report finds a significant uptick in BEC attacks, malware attachments, and spam landing in target inboxes.
7 Considerations Before Adopting Security Standards
Slideshows  |  10/8/2019  | 
Here's what to think through as you prepare your organization for standards compliance.
Lack of Role Models, Burnout & Pay Disparity Hold Women Back
News  |  10/7/2019  | 
New ISACA data emphasizes a gap between men and women who share their opinions on underrepresentation of women and equal pay in the tech industry.
Magecart Skimmers Spotted on 2M Websites
Quick Hits  |  10/7/2019  | 
Researchers say supply chain attacks are responsible for the most significant spikes in Magecart detections.
10 Steps to Assess SOC Maturity in SMBs
Commentary  |  10/7/2019  | 
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
Iran Caught Targeting US Presidential Campaign Accounts
Quick Hits  |  10/4/2019  | 
Microsoft detected the so-called Phosphorus nation-state gang attacking 241 user accounts associated with a US presidential campaign, current and former US government officials, journalists, others.
Complex Environments Cause Schools to Struggle for Passing Security Grade
News  |  10/4/2019  | 
As ransomware attacks surge against school systems, an analysis of 1,200 K-12 institutions in North America shows complex environments and conflicting security controls.
Cybercrime: AI's Growing Threat
Commentary  |  10/4/2019  | 
Cyberecurity incidents expected to rise by nearly 70% and cost $5 trillion annually by 2024.
8 Ways Businesses Unknowingly Help Hackers
Slideshows  |  10/4/2019  | 
From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.
Stalkerware on the Rise Globally
Quick Hits  |  10/2/2019  | 
Stalkware is being installed on more and more victims' devices, and the trend is only accelerating, according to a new report.
Google's 'Password Checkup' Tool Tells You When Passwords Are Leaked
Quick Hits  |  10/2/2019  | 
The feature will check the strength of saved passwords and alert users when they're compromised in a breach.
Cisco Webex & Zoom Bug Lets Attackers Spy on Conference Calls
News  |  10/1/2019  | 
The "Prying-Eye" vulnerability could let intruders scan for unprotected meeting IDs and snoop on conference calls.
Microsoft Announces Ability to Force TLS Version Compliance
Quick Hits  |  9/30/2019  | 
Transport Layer Security (TLS) can be critical for security, but it must be deployed in a current version. Microsoft now provides a mechanism for administrators to guarantee the right version in their network.
Apple Patches Multiple Vulnerabilities Across Platforms
Quick Hits  |  9/27/2019  | 
Updates address two separate issues in Apple's desktop and mobile operating systems.
Cybersecurity Certification in the Spotlight Again
News  |  9/27/2019  | 
Swiss technology non-profit group joins others, such as the Obama-era President's Commission, in recommending that certain classes of technology products be tested.
DoorDash Breach Affects 4.9M Merchants, Customers, Workers
Quick Hits  |  9/27/2019  | 
The May 4 incident exposed data belonging to users on the platform on or before April 5, 2018.
Is Your Organization Suffering from Security Tool Sprawl?
Commentary  |  9/27/2019  | 
Most companies have too many tools, causing increased costs and security issues.
Microsoft's Azure Sentinel SIEM Now Generally Available
Quick Hits  |  9/25/2019  | 
The cloud-native SIEM is designed to search data from users, applications, servers, and devices running on-prem and in the cloud.
The Future of Account Security: A World Without Passwords?
Commentary  |  9/25/2019  | 
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
How to Define & Prioritize Risk Management Goals
News  |  9/24/2019  | 
As risk management programs differ from business to business, these factors remain constant.
4 Cybersecurity Best Practices for Electrical Engineers
Commentary  |  9/24/2019  | 
Most electrical engineering firms are targeted by threat actors of opportunity because of two necessary ingredients: people and computers. These four tips will help keep you safer.
Microsoft Defender Bug Fixed with Emergency Patch
Quick Hits  |  9/24/2019  | 
A second out-of-band patch issued this week addresses a denial-of-service vulnerability in Microsoft Defender.
YouTube Creators Hit in Account Hijacking Campaign
Quick Hits  |  9/23/2019  | 
The victims, who post car reviews and other videos about the auto industry, were targeted in a seemingly coordinated campaign to steal account access.
How Network Logging Mitigates Legal Risk
Commentary  |  9/23/2019  | 
Logging that is turned on, captured, and preserved immediately after a cyber event is proof positive that personal data didn't fall into the hands of a cybercriminal.
7 Ways VPNs Can Turn from Ally to Threat
Slideshows  |  9/21/2019  | 
VPNs are critical pieces of the security infrastructure, but they can be vulnerable, hackable, and weaponized against you. Here are seven things to be aware of before you ignore your VPN.
Ransomware Strikes 49 School Districts & Colleges in 2019
News  |  9/20/2019  | 
The education sector has seen 10 new victims in the past nine days alone, underscoring a consistent trend throughout 2019.
WeWork's Wi-Fi Exposed Files, Credentials, Emails
Quick Hits  |  9/20/2019  | 
For years, sensitive documents and corporate data have been easily viewable on the coworking space's open network.
A Safer IoT Future Must Be a Joint Effort
Commentary  |  9/20/2019  | 
We're just at the beginning of an important conversation about the future of our homes and cities, which must involve both consumers and many players in the industry
California's IoT Security Law Causing Confusion
News  |  9/19/2019  | 
The law, which goes into effect January 1, requires manufacturers to equip devices with 'reasonable security feature(s).' What that entails is still an open question.
Deconstructing an iPhone Spearphishing Attack
Commentary  |  9/19/2019  | 
How criminals today bypass smartphone anti-theft protection and harvest AppleID and passwords taken from fake Apple servers.
Ping Identity Prices IPO at $15 per Share
Quick Hits  |  9/19/2019  | 
The identity management company plans to sell 12.5 million shares, raising $187.5 million in its initial public offering.
WannaCry Detections At An All-Time High
News  |  9/18/2019  | 
More than 12,000 variants of the infamous malware are targeting systems that are still open to the EternalBlue exploit - but the potential danger is low, Sophos warns.
How Cybercriminals Exploit Simple Human Mistakes
News  |  9/18/2019  | 
A new report explores how attackers identify psychological vulnerabilities to effectively manipulate targets.
One Arrested in Ecuador's Mega Data Leak
Quick Hits  |  9/18/2019  | 
Officials arrest a leader of consulting firm Novaestrat, which owned an unprotected server that exposed 20.8 million personal records.
How Ransomware Criminals Turn Friends into Enemies
Commentary  |  9/18/2019  | 
Managed service providers are the latest pawns in ransomware's game of chess.
15K Private Webcams Could Let Attackers View Homes, Businesses
Quick Hits  |  9/17/2019  | 
Webcams could be potentially accessed and manipulated by anyone with an Internet connection, researchers say.
Preventing PTSD and Burnout for Cybersecurity Professionals
Commentary  |  9/16/2019  | 
The safety of our digital lives is at stake, and we need to all do our part in raising awareness of these issues.
Malware Linked to Ryuk Targets Financial & Military Data
News  |  9/13/2019  | 
A newly discovered campaign, packing traces of Ryuk ransomware, aims to steal confidential information.
Instagram Bug Put User Account Details, Phone Numbers at Risk
News  |  9/12/2019  | 
The vulnerability, now patched, is the latest in a series of bad news for Facebook.
Page 1 / 2   >   >>


For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.