Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Authentication
Page 1 / 2   >   >>
10 Tips for Maintaining Information Security During Layoffs
Slideshows  |  6/2/2020  | 
Insider cyber threats are always an issue during layoffs -- but with record numbers of home office workers heading for the unemployment line, it's never been harder to maintain cybersecurity during offboarding.
Americans Care About Security But Don't Follow Through
Quick Hits  |  5/26/2020  | 
Most Americans say they're very concerned about online security but still behave in insecure ways, according to a new survey.
Identit Comes Out of Stealth
Quick Hits  |  5/14/2020  | 
Startup emerges with three-factor, no-password authentication.
Microsoft Identity VP Shares How and Why to Ditch Passwords
News  |  5/7/2020  | 
Passwords are on their way out, says Joy Chik, who offers guidance for businesses hoping to shift away from them.
Zoom Acquires Keybase, Plans for End-to-End Encrypted Chats
Quick Hits  |  5/7/2020  | 
The company's first acquisition to date is part of a 90-day plan to improve security in its video communications platform.
Pandemic Could Accelerate Passwordless Authentication
News  |  5/7/2020  | 
As we celebrate another World Password Day, security pros are hopeful that when we move out of the stay-at-home period, companies will continue to focus on digital technologies and ditching passwords.
Breach Hits GoDaddy SSH Customers
Quick Hits  |  5/5/2020  | 
The October 2019 breach left some customer data open to hacking eyes.
Best Practices for Managing a Remote SOC
News  |  5/1/2020  | 
Experts share what it takes to get your security analysts effectively countering threats from their home offices.
Industrial Networks' Newest Threat: Remote Users
Commentary  |  5/1/2020  | 
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.
The Rise of Deepfakes and What That Means for Identity Fraud
Commentary  |  4/30/2020  | 
Convincing deepfakes are a real concern, but there are ways of fighting back.
7 Secure Remote Access Services for Today's Enterprise Needs
Slideshows  |  4/29/2020  | 
Secure remote access is a "must" for enterprise computing today, and there are options for you to explore in the dynamic current environment.
Increased Credential Threats in the Age of Uncertainty
Commentary  |  4/28/2020  | 
Three things your company should do to protect credentials during the coronavirus pandemic.
Terahash Buys L0phtCrack in Password Merger
Quick Hits  |  4/21/2020  | 
The acquisition brings password cracking and password auditing capabilities together in a single company.
BEC, Domain Jacking Help Criminals Disrupt Cash Transfers
Commentary  |  4/8/2020  | 
The two hacking methods occur independently but are being used in concert to steal funds that are part of online payments and transactions.
FBI Warns of BEC Dangers
Quick Hits  |  4/6/2020  | 
A new PSA warns of attacks launched against users of two popular cloud-based email systems.
Why Humans Are Phishing's Weakest Link
Commentary  |  4/6/2020  | 
And it's not just because they click when they shouldn't... they also leave a trail of clues and details that make them easy to spoof
Active Directory Attacks Hit the Mainstream
Commentary  |  4/1/2020  | 
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
Five Indicted on Romance and Lottery Fraud Charges
Quick Hits  |  3/16/2020  | 
Fraudsters allegedly targeted elderly victims, ultimately wringing more than $4 million from their bank accounts.
How Microsoft Disabled Legacy Authentication Across the Company
News  |  3/9/2020  | 
The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.
Avoiding the Perils of Electronic Communications
Commentary  |  3/3/2020  | 
Twitter, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.
Cryptographers Panel Tackles Espionage, Elections & Blockchain
News  |  2/26/2020  | 
Encryption experts gave insights into the Crypto AG revelations, delved into complexities of the "right to be forgotten," and more at RSA Conference.
7 Tips to Improve Your Employees' Mobile Security
Slideshows  |  2/24/2020  | 
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
Users Have Risky Security Habits, but Security Pros Aren't Much Better
News  |  2/19/2020  | 
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
Zero-Factor Authentication: Owning Our Data
Commentary  |  2/19/2020  | 
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Commentary  |  2/18/2020  | 
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
How Device-Aware 2FA Can Defeat Social Engineering Attacks
Commentary  |  2/3/2020  | 
While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here's why.
Weathering the Privacy Storm from GDPR to CCPA & PDPA
Commentary  |  1/23/2020  | 
A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
Commentary  |  1/22/2020  | 
They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.
ADP Users Hit with Phishing Scam Ahead of Tax Season
Quick Hits  |  1/17/2020  | 
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
Active Directory Needs an Update: Here's Why
Commentary  |  1/16/2020  | 
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.
Google Lets iPhone Users Turn Device into Security Key
News  |  1/15/2020  | 
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
Commentary  |  1/2/2020  | 
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
The Night Before 'Breachmas'
Commentary  |  12/24/2019  | 
What does identity management have to do with Charles Dickens' classic 'A Christmas Carol'? A lot more than you think.
IoT Security: How Far We've Come, How Far We Have to Go
News  |  12/24/2019  | 
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
Ambiguity Around CCPA Will Lead to a Slow Start in 2020
Commentary  |  12/20/2019  | 
But longer term, compliance to California's new privacy law represents an opportunity for companies to increase customer trust and market share.
Google Cloud External Key Manager Now in Beta
Quick Hits  |  12/19/2019  | 
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
How a Password-Free World Could Have Prevented the Biggest Breaches of 2019
Commentary  |  12/19/2019  | 
If history has taught us anything, it's that hackers can (and will) compromise passwords. Innovation in authentication technology is poised to change that in the coming year.
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Commentary  |  12/18/2019  | 
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
'Password' Falls in the Ranks of Favorite Bad Passwords
News  |  12/18/2019  | 
Facebook, Google named worst password breach offenders.
7 Tips to Keep Your Family Safe Online Over the Holidays
Slideshows  |  12/17/2019  | 
Security experts offer key cyber advice for family members.
Google Chrome Now Automatically Alerts Users on Compromised Passwords
Quick Hits  |  12/11/2019  | 
A series of security enhancements seek to protect users from phishing and warn them when credentials have been compromised.
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Quick Hits  |  12/5/2019  | 
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
(Literally) Put a Ring on It: Protecting Biometric Fingerprints
Quick Hits  |  12/4/2019  | 
Kaspersky creates a prototype ring you can wear on your finger for authentication.
Navigating Security in the Cloud
Commentary  |  12/4/2019  | 
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
Time to Warn Users About Black Friday & Cyber Monday Scams
Commentary  |  11/25/2019  | 
Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.
Why Multifactor Authentication Is Now a Hacker Target
Commentary  |  11/20/2019  | 
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Commentary  |  11/19/2019  | 
A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.
A Security Strategy That Centers on Humans, Not Bugs
Commentary  |  11/19/2019  | 
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
Windows Hello for Business Opens Door to New Attack Vectors
News  |  11/18/2019  | 
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
The Myths of Multifactor Authentication
Commentary  |  11/12/2019  | 
Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What's holding them back?
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/1/2020
Stay-at-Home Orders Coincide With Massive DNS Surge
Robert Lemos, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20811
PUBLISHED: 2020-06-03
An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_add_kobject() and netdev_queue_add_kobject() in net/core/net-sysfs.c, a reference count is mishandled, aka CID-a3e23f719f5c.
CVE-2019-20812
PUBLISHED: 2020-06-03
An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067.
CVE-2020-13776
PUBLISHED: 2020-06-03
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
CVE-2019-20810
PUBLISHED: 2020-06-03
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.
CVE-2020-4026
PUBLISHED: 2020-06-03
The CustomAppsRestResource list resource in Atlassian Navigator Links before version 3.3.23, from version 4.0.0 before version 4.3.7, from version 5.0.0 before 5.0.1, and from version 5.1.0 before 5.1.1 allows remote attackers to enumerate all linked applications, including those that are restricted...