Endpoint //

Authentication

News & Commentary
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.
By Marc Wilczek Digital Strategist & CIO Advisor, 4/25/2018
Comment1 Comment  |  Read  |  Post a Comment
Why Information Integrity Attacks Pose New Security Challenges
Tamer Hassan, Co-Founder & CTO, White OpsCommentary
To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.
By Tamer Hassan Co-Founder & CTO, White Ops, 4/25/2018
Comment0 comments  |  Read  |  Post a Comment
'Stresspaint' Targets Facebook Credentials
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
New malware variant goes after login credentials for popular Facebook pages.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/24/2018
Comment0 comments  |  Read  |  Post a Comment
Digital Identity Makes Headway Around the World
Dan Puterbaugh, Senior Legal Advocate for Adobe Document CloudCommentary
The US is lagging behind the digital ID leaders.
By Dan Puterbaugh Senior Legal Advocate for Adobe Document Cloud, 4/23/2018
Comment0 comments  |  Read  |  Post a Comment
Biometrics Are Coming & So Are Security Concerns
Michael Fauscette, Chief Research Officier at G2 CrowdCommentary
Could these advanced technologies be putting user data at risk?
By Michael Fauscette Chief Research Officier at G2 Crowd, 4/20/2018
Comment0 comments  |  Read  |  Post a Comment
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
By Steve Zurier Freelance Writer, 4/17/2018
Comment3 comments  |  Read  |  Post a Comment
Companies Still Suffering From Poor Credential Hygiene: New Report
Dark Reading Staff, Quick Hits
Credentials are being mis-handled and it's hurting most companies, according to a new report out today.
By Dark Reading Staff , 4/16/2018
Comment0 comments  |  Read  |  Post a Comment
Cisco, ISARA to Test Hybrid Classic, Quantum-Safe Digital Certificates
Jai Vijayan, Freelance writerNews
Goal is to make it easier for organizations to handle the migration to quantum computing when it becomes available.
By Jai Vijayan Freelance writer, 4/13/2018
Comment0 comments  |  Read  |  Post a Comment
HTTP Injector Steals Mobile Internet Access
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Users aren't shy about sharing the technique and payload in a new attack.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/10/2018
Comment0 comments  |  Read  |  Post a Comment
Protect Yourself from Online Fraud This Tax Season
Robert Block, Senior VP of Identity Strategy at SecureAuth and Core SecurityCommentary
Use these tips to stay safe online during everyone's least-favorite time of the year.
By Robert Block Senior VP of Identity Strategy at SecureAuth and Core Security, 4/6/2018
Comment0 comments  |  Read  |  Post a Comment
Report: White House Email Domains Poorly Protected from Fraud
Dark Reading Staff, Quick Hits
Only one Executive Office of the President email domain has fully implemented DMARC, according to a new report.
By Dark Reading Staff , 4/4/2018
Comment2 comments  |  Read  |  Post a Comment
Phantom Secure 'Uncrackable Phone' Execs Indicted for RICO Crimes
Dark Reading Staff, Quick Hits
Executives of Phantom Secure have been indicted on federal RICO charges for encrypting communications among criminals.
By Dark Reading Staff , 3/16/2018
Comment0 comments  |  Read  |  Post a Comment
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Menny Barzilay, Co-founder & CEO, FortyTwo GlobalCommentary
The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.
By Menny Barzilay Co-founder & CEO, FortyTwo Global, 3/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Segmentation: The Neglected (Yet Essential) Control
John Moynihan, President, Minuteman GovernanceCommentary
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
By John Moynihan President, Minuteman Governance, 3/14/2018
Comment1 Comment  |  Read  |  Post a Comment
Medical Apps Come Packaged with Hardcoded Credentials
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/14/2018
Comment0 comments  |  Read  |  Post a Comment
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Pat Osborne, Principal - Executive Consultant at Outhaul Consulting, LLC, & Cybersecurity Advisor for the Security Innovation CenterCommentary
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
By Pat Osborne Principal - Executive Consultant at Outhaul Consulting, LLC, & Cybersecurity Advisor for the Security Innovation Center, 3/12/2018
Comment2 comments  |  Read  |  Post a Comment
DevSecOps: The Importance of Building Security from the Beginning
Robert Hawk, Privacy & Security Lead at xMattersCommentary
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
By Robert Hawk Privacy & Security Lead at xMatters, 3/9/2018
Comment0 comments  |  Read  |  Post a Comment
Privilege Abuse Attacks: 4 Common Scenarios
Michael Fimin, CEO & Co-Founder, NetwrixCommentary
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
By Michael Fimin CEO & Co-Founder, Netwrix, 3/7/2018
Comment1 Comment  |  Read  |  Post a Comment
Identity Management: Where It Stands, Where It's Going
Kelly Sheridan, Staff Editor, Dark ReadingNews
How companies are changing the approach to identity management as people become increasingly digital.
By Kelly Sheridan Staff Editor, Dark Reading, 3/6/2018
Comment0 comments  |  Read  |  Post a Comment
What Enterprises Can Learn from Medical Device Security
Tom Gillis, Founder & CEO, Bracket ComputingCommentary
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
By Tom Gillis Founder & CEO, Bracket Computing, 3/1/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Diversity: It's About Inclusion
Kelly Jackson Higgins, Executive Editor at Dark Reading,  4/25/2018
Threat Intel: Finding Balance in an Overcrowded Market
Kelly Sheridan, Staff Editor, Dark Reading,  4/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.