Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

News & Commentary
Sophos for Sale: Thoma Bravo Offers $3.9B
Kelly Sheridan, Staff Editor, Dark ReadingNews
Sophos' board of directors plans to unanimously recommend the offer to the company's shareholders.
By Kelly Sheridan Staff Editor, Dark Reading, 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
Tamper Protection Arrives for Microsoft Defender ATP
Dark Reading Staff, Quick Hits
The feature, designed to block unauthorized changes to security features, is now generally available.
By Dark Reading Staff , 10/14/2019
Comment0 comments  |  Read  |  Post a Comment
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer
With National Cybersecurity Awareness Month as a backdrop, industry leaders weigh in on how SMBs can more effectively protect themselves from cyberattacks.
By Steve Zurier Contributing Writer, 10/11/2019
Comment1 Comment  |  Read  |  Post a Comment
iTunes Zero-Day Exploited to Deliver BitPaymer
Kelly Sheridan, Staff Editor, Dark ReadingNews
The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer.
By Kelly Sheridan Staff Editor, Dark Reading, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Akamai Snaps Up ChameleonX to Tackle Magecart
Dark Reading Staff, Quick Hits
The Israel-based ChameleonX aims to protect websites from cyberattacks targeting payment data.
By Dark Reading Staff , 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Attackers Hide Behind Trusted Domains, HTTPS
Robert Lemos, Contributing WriterNews
One in four malicious URLs employed a legitimate domain, making it more difficult for potential victims to spot possible dangers, a mid-year report finds.
By Robert Lemos Contributing Writer, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
Magecart Attack on Volusion Highlights Supply Chain Dangers
Kelly Sheridan, Staff Editor, Dark ReadingNews
Attackers compromised Volusion's Google Cloud environment to load malicious skimmer code onto more than 6,500 customer sites.
By Kelly Sheridan Staff Editor, Dark Reading, 10/10/2019
Comment0 comments  |  Read  |  Post a Comment
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESETCommentary
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
By Lysa Myers Security Researcher, ESET, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
Twitter Slip-Up Spills MFA Phone Numbers, Emails to Advertisers
Dark Reading Staff, Quick Hits
Email addresses and phone numbers provided to secure user accounts were accidentally shared with marketers.
By Dark Reading Staff , 10/9/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft Issues 9 Critical Security Patches
Kelly Sheridan, Staff Editor, Dark ReadingNews
None of the total 59 patches were for previously known vulnerabilities nor are any under active attack, Microsoft reports.
By Kelly Sheridan Staff Editor, Dark Reading, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis CybersecurityCommentary
As in any battle, understanding and exploiting the terrain often dictates the outcome.
By Craig Harber Chief Technology Officer at Fidelis Cybersecurity, 10/8/2019
Comment1 Comment  |  Read  |  Post a Comment
Business Email Compromise Attacks Spike 269%
Dark Reading Staff, Quick Hits
A new Mimecast report finds a significant uptick in BEC attacks, malware attachments, and spam landing in target inboxes.
By Dark Reading Staff , 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
7 Considerations Before Adopting Security Standards
Steve Zurier, Contributing Writer
Here's what to think through as you prepare your organization for standards compliance.
By Steve Zurier Contributing Writer, 10/8/2019
Comment0 comments  |  Read  |  Post a Comment
Lack of Role Models, Burnout & Pay Disparity Hold Women Back
Kelly Sheridan, Staff Editor, Dark ReadingNews
New ISACA data emphasizes a gap between men and women who share their opinions on underrepresentation of women and equal pay in the tech industry.
By Kelly Sheridan Staff Editor, Dark Reading, 10/7/2019
Comment0 comments  |  Read  |  Post a Comment
Magecart Skimmers Spotted on 2M Websites
Dark Reading Staff, Quick Hits
Researchers say supply chain attacks are responsible for the most significant spikes in Magecart detections.
By Dark Reading Staff , 10/7/2019
Comment0 comments  |  Read  |  Post a Comment
10 Steps to Assess SOC Maturity in SMBs
Andrew Houshian, Associate Director of SOC and Attestation Services at A-LIGNCommentary
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
By Andrew Houshian Associate Director of SOC and Attestation Services at A-LIGN, 10/7/2019
Comment0 comments  |  Read  |  Post a Comment
Iran Caught Targeting US Presidential Campaign Accounts
Dark Reading Staff, Quick Hits
Microsoft detected the so-called Phosphorus nation-state gang attacking 241 user accounts associated with a US presidential campaign, current and former US government officials, journalists, others.
By Dark Reading Staff , 10/4/2019
Comment1 Comment  |  Read  |  Post a Comment
Complex Environments Cause Schools to Struggle for Passing Security Grade
Robert Lemos, Contributing WriterNews
As ransomware attacks surge against school systems, an analysis of 1,200 K-12 institutions in North America shows complex environments and conflicting security controls.
By Robert Lemos Contributing Writer, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
Cybercrime: AI's Growing Threat
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
Cyberecurity incidents expected to rise by nearly 70% and cost $5 trillion annually by 2024.
By Marc Wilczek Digital Strategist & CIO Advisor, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
8 Ways Businesses Unknowingly Help Hackers
Kelly Sheridan, Staff Editor, Dark Reading
From lengthy email signatures to employees' social media posts, we look at the many ways organizations make it easier for attackers to break in.
By Kelly Sheridan Staff Editor, Dark Reading, 10/4/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.