Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Endpoint
Page 1 / 2   >   >>
Why Third-Party Risk Management Has Never Been More Important
Commentary  |  3/31/2020  | 
Given today's coronavirus pandemic, the need for companies to collect cybersecurity data about their business partners is more critical than ever. Here's how to start.
Does the 2020 Online Census Account for Security Risk?
News  |  3/31/2020  | 
Experts discuss the security issues surrounding a census conducted online and explain how COVID-19 could exacerbate the risk.
Limited-Time Free Offers to Secure the Enterprise Amid COVID-19
Slideshows  |  3/31/2020  | 
These products and services could be of immediate help to infosec pros now protecting their organizations while working from home.
Researchers Spot Sharp Increase in Zoom-Themed Domain Registrations
News  |  3/30/2020  | 
Attackers are attempting to take advantage of the surge in teleworking prompted by COVID-19, Check Point says.
Microsoft Edge Will Tell You If Credentials Are Compromised
Quick Hits  |  3/30/2020  | 
Password Monitor, InPrivate mode, and ad-tracking prevention are three new additions to Microsoft Edge.
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Commentary  |  3/30/2020  | 
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
Malicious USB Drive Hides Behind Gift Card Lure
Quick Hits  |  3/27/2020  | 
Victims are being enticed to insert an unknown USB drive into their computers.
The Wild, Wild West(world) of Cybersecurity
Commentary  |  3/27/2020  | 
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
Purported Brute-Force Attack Aims at Linksys Routers as More People Work Remotely
News  |  3/27/2020  | 
The attack takes control of poorly secured network devices, redirecting Web addresses to a COVID-themed landing page that attempts to fool victims into downloading malware.
3 Mobile Security Problems That Most Security Teams Haven't Fixed Yet
Commentary  |  3/26/2020  | 
Mobility must be included in the security operations workflow so that company data is protected regardless of where remote workers are located.
Introducing Zero-Trust Access
Commentary  |  3/26/2020  | 
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.
Missing Patches, Misconfiguration Top Technical Breach Causes
News  |  3/25/2020  | 
Less than half of businesses surveyed can patch critical vulnerabilities within 72 hours. Why does the process take so long?
Malware Found Hidden in Android Utility Apps, Children's Games
Quick Hits  |  3/24/2020  | 
The 'Tekya' malware, as researchers call it, is designed to imitate the user's actions to click advertisements.
How to Secure Your Kubernetes Deployments
Commentary  |  3/24/2020  | 
As more companies shift their software to a microservices-based architecture and orchestrate their containerized applications in Kubernetes, distributed security controls become a must.
Microsoft Publishes Advisory for Windows Zero-Day
News  |  3/23/2020  | 
There is no available patch for the vulnerabilities, which Microsoft says exist in all supported versions of Windows.
FBI Warns of Fake CDC Emails in COVID-19 Phishing Alert
Quick Hits  |  3/23/2020  | 
Fraudsters exploit concerns by claiming to offer virus-related information or promising stimulus checks.
8 Infosec Page-Turners for Days Spent Indoors
Slideshows  |  3/23/2020  | 
Stuck inside and looking for a new read? Check out these titles written by security practitioners and reporters across the industry.
Process Injection Tops Attacker Techniques for 2019
News  |  3/18/2020  | 
Attackers commonly use remote administration and network management tools for lateral movement, a new pool of threat data shows.
Facebook Got Tagged, but Not Hard Enough
Commentary  |  3/18/2020  | 
Ensuring that our valuable biometric information is protected is worth more than a $550 million settlement.
Trend Micro Patches Two Zero-Days Under Attack
Quick Hits  |  3/18/2020  | 
Businesses are urged to update the Apex One and OfficeScan XG enterprise security products as soon as possible.
This Tax Season, Save the Scorn and Protect Customers from Phishing Scams
Commentary  |  3/17/2020  | 
As security professionals, it's easy to get cynical about the continued proliferation of tax ID theft and blame the consumers themselves. But that doesn't help anyone.
Needed: A Cybersecurity Good Samaritan Law
Commentary  |  3/17/2020  | 
Legislation should protect the good hackers who are helping to keep us safe, not just go after the bad.
Privacy in a Pandemic: What You Can (and Can't) Ask Employees
News  |  3/16/2020  | 
Businesses struggle to strike a balance between workplace health and employees' privacy rights in the midst of a global health emergency.
What Cybersecurity Pros Really Think About Artificial Intelligence
Slideshows  |  3/13/2020  | 
While there's a ton of unbounded optimism from vendor marketing and consultant types, practitioners are still reserving a lot of judgment.
Princess Cruises Confirms Data Breach
Quick Hits  |  3/13/2020  | 
The cruise liner, forced to shut down operations due to coronavirus, says the incident may have compromised passengers' personal data.
Microsoft Patches Leaked Remote Code Execution Flaw
Quick Hits  |  3/12/2020  | 
A vulnerability in Microsoft's Server Message Block protocol prompted concerns of wormable exploits when it was disclosed this week.
Cyberspace Solarium Commission Slams US Cybersecurity Readiness
Quick Hits  |  3/11/2020  | 
The federal commission outlined more than 60 recommendations to remedy major security problems.
COVID-19 Drives Rush to Remote Work. Is Your Security Team Ready?
News  |  3/11/2020  | 
A rapid transition to remote work puts pressure on security teams to understand and address a wave of potential security risks.
How the Rise of IoT Is Changing the CISO Role
Commentary  |  3/11/2020  | 
Prepare for the future by adopting a risk-based approach. Following these five steps can help.
Paradise Ransomware Variant Hides in Office IQY Files
Quick Hits  |  3/10/2020  | 
The uncommon Internet Query file format lets attacks slip past defenses to effectively break into target networks.
How Microsoft Disabled Legacy Authentication Across the Company
News  |  3/9/2020  | 
The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.
WatchGuard Buys Panda Security for Endpoint Security Tech
Quick Hits  |  3/9/2020  | 
In the long term, Panda Security's technologies will be integrated into the WatchGuard platform.
Threat Awareness: A Critical First Step in Detecting Adversaries
Commentary  |  3/9/2020  | 
One thing seems certain: Attackers are only getting more devious and lethal. Expect to see more advanced attacks.
Securing Our Elections Requires Change in Technology, People & Attitudes
Commentary  |  3/6/2020  | 
Increasing security around our election process and systems will take a big effort from many different parties. Here's how.
6 Steps CISOs Should Take to Secure Their OT Systems
Commentary  |  3/5/2020  | 
The first question each new CISO must answer is, "What should I do on Monday morning?" My suggestion: Go back to basics. And these steps will help.
Researchers Find 670+ Microsoft Subdomains Vulnerable to Takeover
Quick Hits  |  3/5/2020  | 
The now-fixed flaw could have enabled attackers to trick users into downloading malicious content or sharing credentials.
Advanced Tech Needs More Ethical Consideration & Security
Commentary  |  3/5/2020  | 
Unintended consequences and risks need board-level attention and action.
3 Ways to Strengthen Your Cyber Defenses
Commentary  |  3/4/2020  | 
By taking proactive action, organizations can face down threats with greater agility and earned confidence.
Gotta Patch 'Em All? Not Necessarily, Experts Say
News  |  3/3/2020  | 
When it's impossible to remediate all vulnerabilities in an organization, data can indicate which bugs should be prioritized.
Avoiding the Perils of Electronic Communications
Commentary  |  3/3/2020  | 
Twitter, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.
How Security Leaders at Starbucks and Microsoft Prepare for Breaches
News  |  3/2/2020  | 
Executives discuss the security incidents they're most worried about and the steps they take to prepare for them.
New Trickbot Delivery Method Focuses on Windows 10
Quick Hits  |  2/28/2020  | 
Researchers discover attackers abusing the latest version of the remote desktop ActiveX control class introduced for Windows 10.
Exploitation, Phishing Top Worries for Mobile Users
News  |  2/28/2020  | 
Reports find that mobile malware appears on the decline, but the exploitation of vulnerabilities along with phishing has led to a rise in compromises, experts say.
Educating Educators: Microsoft's Tips for Security Awareness Training
News  |  2/28/2020  | 
Microsoft's director of security education and awareness shares his approach to helping train employees in defensive practices.
Government Employees Unprepared for Ransomware
Quick Hits  |  2/27/2020  | 
Data shows 73% are concerned about municipal ransomware threats but only 38% are trained on preventing these attacks.
How We Enabled Ransomware to Become a Multibillion-Dollar Industry
Commentary  |  2/27/2020  | 
As an industry, we must move beyond one-dimensional approaches to assessing ransomware exposures. Asking these four questions will help.
Intel Analyzes Vulns Reported in its Products Last Year
News  |  2/27/2020  | 
A new Intel report looks at the more than 200 CVEs affecting Intel products in 2019.
What Your Company Needs to Know About Hardware Supply Chain Security
Commentary  |  2/27/2020  | 
By establishing a process and framework, you can ensure you're not giving more advanced attackers carte blanche to your environment.
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
News  |  2/26/2020  | 
Routers and devices with Broadcom and Cypress Wi-Fi chipsets could be forced to sometimes use encryption keys consisting of all zeroes. Now patched, the issue affected a billion devices, including those from Amazon, Apple, Google, and Samsung.
5 Ways to Up Your Threat Management Game
Commentary  |  2/26/2020  | 
Good security programs start with a mindset that it's not about the tools, it's what you do with them. Here's how to get out of a reactive fire-drill mode with vulnerability management.
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7263
PUBLISHED: 2020-04-01
Improper access control vulnerability in ESConfigTool.exe in ENS for Windows all current versions allows a local administrator to alter the ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.
CVE-2020-7066
PUBLISHED: 2020-04-01
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_he...
CVE-2020-11445
PUBLISHED: 2020-04-01
TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.
CVE-2020-7064
PUBLISHED: 2020-04-01
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
CVE-2020-7065
PUBLISHED: 2020-04-01
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.