Endpoint //

Authentication

News & Commentary
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, PreemptCommentary
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
By Ajit Sancheti CEO and Co-Founder, Preempt, 6/20/2018
Comment0 comments  |  Read  |  Post a Comment
3 Tips for Driving User Buy-in to Security Policies
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
Survey Shows Florida at the Bottom for Consumer Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/6/2018
Comment0 comments  |  Read  |  Post a Comment
Fortinet Completes Bradford Networks Purchase
Dark Reading Staff, Quick Hits
5 Tips for Protecting SOHO Routers Against the VPNFilter Malware
Steve Zurier, Freelance Writer
Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.
By Steve Zurier Freelance Writer, 6/2/2018
Comment2 comments  |  Read  |  Post a Comment
The Good News about Cross-Domain Identity Management
Rich Chetwynd, Head of Developer Experience, OneLoginCommentary
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
By Rich Chetwynd Head of Developer Experience, OneLogin, 5/31/2018
Comment2 comments  |  Read  |  Post a Comment
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
Christy Wyatt, CEO, Dtex SystemsCommentary
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
By Christy Wyatt CEO, Dtex Systems, 5/31/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Ways Third Parties Can Trip Up Your Security
Jai Vijayan, Freelance writer
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
By Jai Vijayan Freelance writer, 5/29/2018
Comment0 comments  |  Read  |  Post a Comment
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/24/2018
Comment4 comments  |  Read  |  Post a Comment
What Should Post-Quantum Cryptography Look Like?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/23/2018
Comment1 Comment  |  Read  |  Post a Comment
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
Marc French, Senior VP, Chief Trust Officer & Data Protection Officer, MimecastCommentary
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
By Marc French Senior VP, Chief Trust Officer & Data Protection Officer, Mimecast, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
How to Hang Up on Fraud
Patrick Cox, Chairman and CEO of TRUSTIDCommentary
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
By Patrick Cox Chairman and CEO of TRUSTID, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
California Teen Arrested for Phishing Teachers to Change Grades
Dark Reading Staff, Quick Hits
The student faces 14 felony counts for using a phishing campaign to steal teachers' credentials and alter students' grades.
By Dark Reading Staff , 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
FIDO Alliance Appoints Facebook to Board of Directors
Dark Reading Staff, Quick Hits
Facebook joins Google, Microsoft, Amazon, and Intel, all among major influential tech companies backing FIDO authentication.
By Dark Reading Staff , 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Peter Merkulov, Chief Technology Officer, GlobalscapeCommentary
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
By Peter Merkulov Chief Technology Officer, Globalscape, 5/9/2018
Comment0 comments  |  Read  |  Post a Comment
10 Lessons From an IoT Demo Lab
Curtis Franklin Jr., Senior Editor at Dark Reading
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/7/2018
Comment0 comments  |  Read  |  Post a Comment
6 Enterprise Password Managers That Lighten the Load for Security
Steve Zurier, Freelance Writer
EPMs offer the familiar password wallet with more substantial administrative management and multiple deployment models.
By Steve Zurier Freelance Writer, 5/3/2018
Comment2 comments  |  Read  |  Post a Comment
Spring Clean Your Security Systems: 6 Places to Start
Corey Nachreiner, Chief Technology Officer, WatchGuard TechnologiesCommentary
The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?
By Corey Nachreiner Chief Technology Officer, WatchGuard Technologies, 5/2/2018
Comment1 Comment  |  Read  |  Post a Comment
A Data Protection Officer's Guide to GDPR 'Privacy by Design'
Jen Brown, Compliance and Data Protection Officer at Sumo LogicCommentary
These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.
By Jen Brown Compliance and Data Protection Officer at Sumo Logic, 5/1/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-5236
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.
CVE-2018-5237
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
CVE-2018-6211
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.
CVE-2018-6212
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect proc...
CVE-2018-6213
PUBLISHED: 2018-06-20
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.