Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations //

Identity & Access Management

News & Commentary
Younger Generations Drive Bulk of 2FA Adoption
Kelly Sheridan, Staff Editor, Dark ReadingNews
Use of two-factor authentication has nearly doubled in the past two years , pointing to a new wave of acceptance.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Only 53% of Security Pros Have Ownership of Workforce IAM
Dark Reading Staff, Quick Hits
Most practitioners report an increase in identities, but many don't have control over how those identities are protected from a range of attacks.
By Dark Reading Staff , 12/10/2019
Comment0 comments  |  Read  |  Post a Comment
Password-Cracking Teams Up in CrackQ Release
Robert Lemos, Contributing WriterNews
The open source platform aims to make password-cracking more manageable and efficient for red teams.
By Robert Lemos Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, OktaCommentary
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
By Diya Jolly Chief Product Officer, Okta, 12/4/2019
Comment2 comments  |  Read  |  Post a Comment
A Security Strategy That Centers on Humans, Not Bugs
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
By Andrea Little Limbago Chief Social Scientist, Virtru, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
5 Cybersecurity CISO Priorities for the Future
Paul Shomo, Cybersecurity AnalystCommentary
Seven chief information security officers share their pain points and two-year spending plans.
By Paul Shomo Cybersecurity Analyst, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading
The right password manager can help bring enterprise-class security to small businesses. Here are a half-dozen candidates to strengthen your access management.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/8/2019
Comment1 Comment  |  Read  |  Post a Comment
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESETCommentary
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
By Lysa Myers Security Researcher, ESET, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
Twitter Slip-Up Spills MFA Phone Numbers, Emails to Advertisers
Dark Reading Staff, Quick Hits
Email addresses and phone numbers provided to secure user accounts were accidentally shared with marketers.
By Dark Reading Staff , 10/9/2019
Comment0 comments  |  Read  |  Post a Comment
10 Steps to Assess SOC Maturity in SMBs
Andrew Houshian, Associate Director of SOC and Attestation Services at A-LIGNCommentary
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
By Andrew Houshian Associate Director of SOC and Attestation Services at A-LIGN, 10/7/2019
Comment0 comments  |  Read  |  Post a Comment
The Future of Account Security: A World Without Passwords?
Chris Roberts, Chief Security Strategist, Attivo NetworksCommentary
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
By Chris Roberts Chief Security Strategist, Attivo Networks, 9/25/2019
Comment4 comments  |  Read  |  Post a Comment
Never Forget Your Passwords Again!
Beyond the Edge, Dark Reading
You never know what those late-night infomercials are going to turn up.
By Beyond the Edge Dark Reading, 8/28/2019
Comment0 comments  |  Read  |  Post a Comment
IBM Announces Quantum Safe Encryption
Dark Reading Staff, Quick Hits
Techniques too tough for quantum computing solutions will be part of public cloud and tape storage encryption.
By Dark Reading Staff , 8/23/2019
Comment1 Comment  |  Read  |  Post a Comment
Who Gets Privileged Access & How to Enforce It
Tim Keeler, Founder and CEO, RemediantCommentary
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
By Tim Keeler Founder and CEO, Remediant, 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
BioStar 2 Leak Exposes 23GB Data, 1M Fingerprints
Dark Reading Staff, Quick Hits
Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users.
By Dark Reading Staff , 8/14/2019
Comment1 Comment  |  Read  |  Post a Comment
It's (Still) the Password, Stupid!
Sam Bocetta, Security AnalystCommentary
The best way to protect your identity in cyberspace is the simplest: Use a variety of strong passwords, and never, ever, use "123456" no matter how easy it is to type.
By Sam Bocetta Security Analyst, 8/9/2019
Comment3 comments  |  Read  |  Post a Comment
Mimecast Rejected Over 67 Billion Emails. Here's What It Learned
Steve Zurier, Contributing WriterNews
New research warns that security pros must guard against updates to older malware and more manipulative social-engineering techniques.
By Steve Zurier Contributing Writer, 8/6/2019
Comment3 comments  |  Read  |  Post a Comment
Fighting Back Against Mobile Fraudsters
DJ Murphy, Editor-in-Chief, Security Portfolio, at Reed ExhibitionsCommentary
The first step toward identifying and preventing mobile fraud threats is acknowledging that mobile security requires a unique solution.
By DJ Murphy Editor-in-Chief, Security Portfolio, at Reed Exhibitions, 8/5/2019
Comment0 comments  |  Read  |  Post a Comment
Capital One: What We Should Learn This Time
Kelly Sheridan, Staff Editor, Dark ReadingNews
Where Capital One went wrong, what the bank did right, and more key takeaways from the latest mega-breach.
By Kelly Sheridan Staff Editor, Dark Reading, 8/2/2019
Comment2 comments  |  Read  |  Post a Comment
Black Hat: A Summer Break from the Mundane and Controllable
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Enjoy the respite from the security tasks that await you back at home. Then prepare yourself for the uphill battles to come. Here's how.
By John B. Dickson CISSP, Principal, Denim Group, 8/2/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by debrajohansen
Current Conversations thanks
In reply to: thanks
Post Your Own Reply
More Conversations
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Lessons from the NSA: Know Your Assets
Robert Lemos, Contributing Writer,  12/12/2019
4 Tips to Run Fast in the Face of Digital Transformation
Shane Buckley, President & Chief Operating Officer, Gigamon,  12/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19797
PUBLISHED: 2019-12-15
read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds write.
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.