Operations //

Identity & Access Management

News & Commentary
IRS Reports Steep Decline in Tax-Related ID Theft
Steve Zurier, Freelance WriterNews
Research group Javelin confirms that the numbers are trending in the right direction, with total fraud losses dropping more than 14% to $783 million.
By Steve Zurier Freelance Writer, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
Back to Basics: AI Isn't the Answer to What Ails Us in Cyber
Amit Yoran, Chairman & CEO, Tenable Network SecurityCommentary
The irony behind just about every headline-grabbing data breach we've seen in recent years is that they all could have been prevented with simple cyber hygiene.
By Amit Yoran Chairman & CEO, Tenable Network Security, 2/9/2018
Comment1 Comment  |  Read  |  Post a Comment
20 Signs You Need to Introduce Automation into Security Ops
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 2/8/2018
Comment0 comments  |  Read  |  Post a Comment
Identity Fraud Hits All-Time High in 2017
Steve Zurier, Freelance WriterNews
Survey reports that the number of fraud victims topped 16 million consumers last year, and much of that crime has moved online.
By Steve Zurier Freelance Writer, 2/6/2018
Comment0 comments  |  Read  |  Post a Comment
Lieberman Software Acquired by Bomgar
Dark Reading Staff, Quick Hits
Deal combines privileged access management products, technologies.
By Dark Reading Staff , 2/1/2018
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Least-Privilege Function Goes Live
Dark Reading Staff, Quick Hits
Custom Roles for Cloud IAM now available in production from Google.
By Dark Reading Staff , 1/31/2018
Comment0 comments  |  Read  |  Post a Comment
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Corey Nachreiner, Chief Technology Officer, WatchGuard TechnologiesCommentary
Authentication security methods are getting better all the time, but they are still not infallible.
By Corey Nachreiner Chief Technology Officer, WatchGuard Technologies, 1/31/2018
Comment0 comments  |  Read  |  Post a Comment
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
Steve Zurier, Freelance WriterNews
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
By Steve Zurier Freelance Writer, 1/31/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Tips for Building a Data Privacy Culture
Steve Zurier, Freelance Writer
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
By Steve Zurier Freelance Writer, 1/26/2018
Comment0 comments  |  Read  |  Post a Comment
New Voice MFA Tool Uses Machine Learning
Dark Reading Staff, Quick Hits
Pindrop claims its new multi-factor authentication solution that uses the "Deep Voice" engine could save call centers up to $1 per call.
By Dark Reading Staff , 1/25/2018
Comment0 comments  |  Read  |  Post a Comment
Facebook Buys Identity Verification Firm
Dark Reading Staff, Quick Hits
Facebook has purchased startup Confirm, which uses pattern analysis to confirm identities.
By Dark Reading Staff , 1/25/2018
Comment6 comments  |  Read  |  Post a Comment
GDPR: Ready or Not, Here It Comes
Danelle Au, VP Strategy, SafeBreachCommentary
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
By Danelle Au VP Strategy, SafeBreach, 1/24/2018
Comment0 comments  |  Read  |  Post a Comment
One Identity Acquires Balabit
Dark Reading Staff, Quick Hits
Union expands One Identity's privileged access management and analytics offerings.
By Dark Reading Staff , 1/17/2018
Comment1 Comment  |  Read  |  Post a Comment
1 in 9 Online Accounts Created in 2017 Was Fraudulent
Dark Reading Staff, Quick Hits
Account takeovers hot, stolen credit cards not.
By Dark Reading Staff , 1/16/2018
Comment0 comments  |  Read  |  Post a Comment
6 Tips to Protect Against Technical Support Fraud
Steve Zurier, Freelance Writer
Just when youre having fun over the holidays and not paying attention, you can be hit with a tech support scam. Here's how to stay safe into the new year.
By Steve Zurier Freelance Writer, 12/27/2017
Comment2 comments  |  Read  |  Post a Comment
Oracle Product Rollout Underscores Need for Trust in the Cloud
Kelly Sheridan, Associate Editor, Dark ReadingNews
Oracle updates its Identity SOC and management cloud with security tools to verify and manage users trusted with access to cloud-based data and applications.
By Kelly Sheridan Associate Editor, Dark Reading, 12/11/2017
Comment1 Comment  |  Read  |  Post a Comment
Gartner: IT Security Spending to Reach $96 Billion in 2018
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Identity access management and security services to drive worldwide spending growth.
By Dawn Kawamoto Associate Editor, Dark Reading, 12/8/2017
Comment0 comments  |  Read  |  Post a Comment
We're Still Not Ready for GDPR? What is Wrong With Us?
Sara Peters, Senior Editor at Dark ReadingCommentary
The canary in the coalmine died 12 years ago, the law went into effect 19 months ago, but many organizations still won't be ready for the new privacy regulations when enforcement begins in May.
By Sara Peters Senior Editor at Dark Reading, 11/17/2017
Comment1 Comment  |  Read  |  Post a Comment
Who Am I? Best Practices for Next-Gen Authentication
Seth Ruden, Senior Fraud Consultant, ACI WorldwideCommentary
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.
By Seth Ruden Senior Fraud Consultant, ACI Worldwide, 11/15/2017
Comment0 comments  |  Read  |  Post a Comment
Inhospitable: Hospitality & Dinings Worst Breaches in 2017
Ericka Chickowski, Contributing Writer, Dark Reading
Hotels and restaurants are in the criminal crosshairs this year.
By Ericka Chickowski Contributing Writer, Dark Reading, 11/8/2017
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by aumickmanuela
Current Conversations Thanks  a lot for sharing )
In reply to: Thank you
Post Your Own Reply
More Conversations
One in Three SOC Analysts Now Job-Hunting
Kelly Jackson Higgins, Executive Editor at Dark Reading,  2/12/2018
Encrypted Attacks Continue to Dog Perimeter Defenses
Ericka Chickowski, Contributing Writer, Dark Reading,  2/14/2018
Can Android for Work Redefine Enterprise Mobile Security?
Satish Shetty, CEO, Codeproof Technologies,  2/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: One agent too many was installed on Bob's desktop.
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.