Endpoint //

Authentication

News & Commentary
70% of Consumers Want Biometrics in the Workplace
Steve Zurier, Freelance WriterNews
Speed, simplicity, and security underscore their desire, a new study shows.
By Steve Zurier Freelance Writer, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
4 Payment Security Trends for 2019
Ellen Richey, Vice Chairman and Chief Risk Officer, VisaCommentary
Visa's chief risk officer anticipates some positive changes ahead.
By Ellen Richey Vice Chairman and Chief Risk Officer, Visa, 2/7/2019
Comment0 comments  |  Read  |  Post a Comment
New Chrome Extension Takes Aim at Password Security
Steve Zurier, Freelance WriterNews
Google adds 'Password Checkup' feature that alerts users if their online credentials have been compromised.
By Steve Zurier Freelance Writer, 2/6/2019
Comment1 Comment  |  Read  |  Post a Comment
New Phishing Campaign Packs Triple Threat
Dark Reading Staff, Quick Hits
Attack threatens victims with three "deadly malware" infestations if they don't give up critical email account credentials.
By Dark Reading Staff , 1/24/2019
Comment0 comments  |  Read  |  Post a Comment
The Rx for HIPAA Compliance in the Cloud
Jason Polancich, CEO, MusubuCommentary
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
By Jason Polancich CEO, Musubu, 1/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Online Fraud: Now a Major Application Layer Security Problem
Ting-Fang Yen, Research Scientist, DataVisor, Inc.Commentary
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
By Ting-Fang Yen Research Scientist, DataVisor, Inc., 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
US Judge: Police Can't Force Biometric Authentication
Dark Reading Staff, Quick Hits
Law enforcement cannot order individuals to unlock devices using facial or fingerprint scans, a California judge says.
By Dark Reading Staff , 1/15/2019
Comment6 comments  |  Read  |  Post a Comment
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.
By Eyal Benishti CEO & Founder of IRONSCALES, 1/14/2019
Comment1 Comment  |  Read  |  Post a Comment
Akamai Streamlines Identity Management with Janrain Acquisition
Dark Reading Staff, Quick Hits
Akamai plans to combine Janrain's Identity Cloud with its Intelligent Platform to improve identity management.
By Dark Reading Staff , 1/7/2019
Comment0 comments  |  Read  |  Post a Comment
Unpatched Kernel-Level Vuln in IBM Security Tool for Apple MacOS Revealed
Dark Reading Staff, Quick Hits
Researchers disclose signedness bug in driver used by IBM Trusteer Rapport endpoint security tool after IBM fails to deliver timely patch.
By Dark Reading Staff , 12/21/2018
Comment0 comments  |  Read  |  Post a Comment
Hackers Bypass Gmail, Yahoo 2FA at Scale
Dark Reading Staff, Quick Hits
A new Amnesty International report explains how cyberattackers are phishing second-factor authentication codes sent via SMS.
By Dark Reading Staff , 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
Shhhhh! The Secret to Secrets Management
Mark B. Cooper, President and Founder, PKI SolutionsCommentary
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
By Mark B. Cooper President and Founder, PKI Solutions, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Retailers: Avoid the Hackable Holidaze
Fred Kneip, CEO at CyberGRXCommentary
The most wonderful time of the year? Sure, but not if your business and customers are getting robbed.
By Fred Kneip CEO at CyberGRX, 12/14/2018
Comment0 comments  |  Read  |  Post a Comment
Insider Threats & Insider Objections
Richard Ford, Chief Scientist, ForcepointCommentary
The tyranny of the urgent and three other reasons why its hard for CISOs to establish a robust insider threat prevention program.
By Richard Ford Chief Scientist, Forcepoint, 12/7/2018
Comment4 comments  |  Read  |  Post a Comment
Republican Committee Email Hacked During Midterms
Dark Reading Staff, Quick Hits
The National Republican Congressional Committee detected the compromise of four staffers' email accounts in April.
By Dark Reading Staff , 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways to Strengthen Your GDPR Compliance Efforts
Steve Zurier, Freelance Writer
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation and that could cost them.
By Steve Zurier Freelance Writer, 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
Another Microsoft MFA Outage Affects Multiple Services
Dark Reading Staff, Quick Hits
Once again, multifactor authentication issues have caused login problems for users across Office 365 and Azure, among other services.
By Dark Reading Staff , 11/27/2018
Comment0 comments  |  Read  |  Post a Comment
8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
JD Sherry, Chief Revenue Officer, Remediant, Inc.Commentary
Stolen credentials for industrial control system workstations are fast becoming the modus operandi for ICS attacks by cybercriminals.
By JD Sherry Chief Revenue Officer, Remediant, Inc., 11/27/2018
Comment0 comments  |  Read  |  Post a Comment
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360Commentary
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
By Shay Colson CISSP, Senior Manager, CyberClarity360, 11/13/2018
Comment4 comments  |  Read  |  Post a Comment
Guilty Plea Made in Massive International Cell Phone Fraud Case
Dark Reading Staff, Quick Hits
A former West Palm Beach resident is the fifth defendant to plead guilty in a case involving thousands of victims.
By Dark Reading Staff , 11/9/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Devastating Cyberattack on Email Provider Destroys 18 Years of Data
Jai Vijayan, Freelance writer,  2/12/2019
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark Reading,  2/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8354
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c has an integer overflow on the result of multiplication fed into malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow.
CVE-2019-8355
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. In xmalloc.h, there is an integer overflow on the result of multiplication fed into the lsx_valloc macro that wraps malloc. When the buffer is allocated, it is smaller than expected, leading to a heap-based buffer overflow in channels_start in remix.c.
CVE-2019-8356
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. One of the arguments to bitrv2 in fft4g.c is not guarded, such that it can lead to write access outside of the statically declared array, aka a stack-based buffer overflow.
CVE-2019-8357
PUBLISHED: 2019-02-15
An issue was discovered in SoX 14.4.2. lsx_make_lpf in effect_i_dsp.c allows a NULL pointer dereference.
CVE-2013-2516
PUBLISHED: 2019-02-15
Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.