Endpoint //

Authentication

News & Commentary
Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent
Dark Reading Staff, Quick Hits
The social media giant says it did not access the imported data and is notifying affected users.
By Dark Reading Staff , 4/18/2019
Comment2 comments  |  Read  |  Post a Comment
CERT, CISA Warn of Vuln in at Least 4 Major VPNs
Dark Reading Staff, Quick Hits
VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.
By Dark Reading Staff , 4/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Credential-Stuffing Attacks Behind 30 Billion Login Attempts in 2018
Robert Lemos, Technology Journalist/Data ResearcherNews
Using e-mail addresses and passwords from compromised sites, attackers most often targeted retail sites, video-streaming services, and entertainment companies, according to Akamai.
By Robert Lemos , 4/8/2019
Comment1 Comment  |  Read  |  Post a Comment
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Joram Borenstein & Rebecca Weintraub, General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical SchoolCommentary
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
By Joram Borenstein & Rebecca Weintraub General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical School, 3/21/2019
Comment1 Comment  |  Read  |  Post a Comment
Stealing Corporate Funds Still Top Goal of Messaging Attacks
Robert Lemos, Technology Journalist/Data ResearcherNews
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
By Robert Lemos , 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Shifting Attacks Put Increasing ID Fraud Burden on Consumers
Robert Lemos, Technology Journalist/Data ResearcherNews
Card-present fraud is down, but attackers continue to find new strategies, and consumers are paying the price.
By Robert Lemos , 3/8/2019
Comment0 comments  |  Read  |  Post a Comment
Debunking 5 Myths About Zero Trust Security
Torsten George, Cybersecurity Evangelist at CentrifyCommentary
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
By Torsten George Cybersecurity Evangelist at Centrify, 3/7/2019
Comment0 comments  |  Read  |  Post a Comment
4 Ways At-Work Apps Are Vulnerable to Attack
Yoram Salinger, CEO of Perception PointCommentary
Collaboration applications make users and IT teams more efficient. But they come with an added cost: security.
By Yoram Salinger CEO of Perception Point, 3/7/2019
Comment3 comments  |  Read  |  Post a Comment
Fighting Alert Fatigue with Actionable Intelligence
Curtis Brazzell, Managing Security Consultant, PonduranceCommentary
By fine-tuning security system algorithms, analysts can make alerts intelligent and useful, not merely generators of noise.
By Curtis Brazzell Managing Security Consultant, Pondurance, 3/6/2019
Comment0 comments  |  Read  |  Post a Comment
Artificial Intelligence: The Terminator of Malware
Chris Rouland, Co-Founder and Chief Executive Officer at Phosphorus CybersecurityCommentary
Is it possible that the combination of AI, facial recognition, and the coalescence of global mass-hack data could lead us toward a Skynet-like future?
By Chris Rouland Co-Founder and Chief Executive Officer at Phosphorus Cybersecurity, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Startup Armor Scientific Launches Multifactor Identity System
Robert Lemos, Technology Journalist/Data ResearcherNews
Company aims to replace usernames and passwords by combining GPS location, biometrics, and keys issued through a blockchain-based network.
By Robert Lemos Technology Journalist/Data Researcher, 3/4/2019
Comment0 comments  |  Read  |  Post a Comment
6 Tips for Getting the Most from Your VPN
Curtis Franklin Jr., Senior Editor at Dark Reading
VPNs are critical for information security. But simply having these cozy security tunnels in the toolkit isn't enough to keep an organization's data safe.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/22/2019
Comment4 comments  |  Read  |  Post a Comment
The Anatomy of a Lazy Phish
Jordan Shakhsheer, Information Security Engineer, Bluestone AnalyticsCommentary
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.
By Jordan Shakhsheer Information Security Engineer, Bluestone Analytics, 2/20/2019
Comment2 comments  |  Read  |  Post a Comment
6 Tax Season Tips for Security Pros
Steve Zurier, Freelance Writer
Here are some practical ways to keep your company safe as Uncle Sam comes calling.
By Steve Zurier Freelance Writer, 2/19/2019
Comment3 comments  |  Read  |  Post a Comment
70% of Consumers Want Biometrics in the Workplace
Steve Zurier, Freelance WriterNews
Speed, simplicity, and security underscore their desire, a new study shows.
By Steve Zurier Freelance Writer, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
4 Payment Security Trends for 2019
Ellen Richey, Vice Chairman and Chief Risk Officer, VisaCommentary
Visa's chief risk officer anticipates some positive changes ahead.
By Ellen Richey Vice Chairman and Chief Risk Officer, Visa, 2/7/2019
Comment0 comments  |  Read  |  Post a Comment
New Chrome Extension Takes Aim at Password Security
Steve Zurier, Freelance WriterNews
Google adds 'Password Checkup' feature that alerts users if their online credentials have been compromised.
By Steve Zurier Freelance Writer, 2/6/2019
Comment1 Comment  |  Read  |  Post a Comment
New Phishing Campaign Packs Triple Threat
Dark Reading Staff, Quick Hits
Attack threatens victims with three "deadly malware" infestations if they don't give up critical email account credentials.
By Dark Reading Staff , 1/24/2019
Comment0 comments  |  Read  |  Post a Comment
The Rx for HIPAA Compliance in the Cloud
Jason Polancich, CEO, MusubuCommentary
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
By Jason Polancich CEO, Musubu, 1/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Online Fraud: Now a Major Application Layer Security Problem
Ting-Fang Yen, Research Scientist, DataVisor, Inc.Commentary
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
By Ting-Fang Yen Research Scientist, DataVisor, Inc., 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Why We Need a 'Cleaner Internet'
Darren Anstee, Chief Technology Officer at Arbor Networks,  4/19/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11515
PUBLISHED: 2019-04-25
core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?download= absolute path traversal to read arbitrary files.
CVE-2019-11511
PUBLISHED: 2019-04-25
Zoho ManageEngine ADSelfService Plus before build 5708 has XSS via the mobile app API.
CVE-2019-11513
PUBLISHED: 2019-04-25
The File Manager in CMS Made Simple through 2.2.10 has Reflected XSS via the "New name" field in a Rename action.
CVE-2019-11514
PUBLISHED: 2019-04-25
User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens.
CVE-2019-11506
PUBLISHED: 2019-04-24
In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to Expo...