Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

News & Commentary
Google Workspace Adds Client-Side Encryption
Dark Reading Staff, Quick Hits
Users given control over encryption keys, Google says.
By Dark Reading Staff , 6/14/2021
Comment0 comments  |  Read  |  Post a Comment
Secure Access Trade-offs for DevSecOps Teams
Ev Kontsevoy, CEO of TeleportCommentary
Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.
By Ev Kontsevoy CEO of Teleport, 6/11/2021
Comment0 comments  |  Read  |  Post a Comment
Colonial Pipeline CEO: Ransomware Attack Started via Pilfered 'Legacy' VPN Account
Dark Reading Staff, Quick Hits
No multifactor authentication was attached to the stolen VPN password used by the attackers, Colonial Pipeline president & CEO Joseph Blount told a Senate committee today.
By Dark Reading Staff , 6/8/2021
Comment0 comments  |  Read  |  Post a Comment
'Have I Been Pwned' Code Base Now Open Source
Dark Reading Staff, Quick Hits
Founder Troy Hunt also announces the platform will receive compromised passwords the FBI finds in its investigations.
By Dark Reading Staff , 5/27/2021
Comment0 comments  |  Read  |  Post a Comment
Axis Fosters Work-From-Home Momentum with Zero Trust Network Access
Terry Sweeney, Contributing EditorCommentary
SPONSORED: Watch now -- VPN and VDI, while still useful, lack the hardened security required to keep users secure. That's created an opening for Zero Trust network access.
By Terry Sweeney Contributing Editor, 5/25/2021
Comment0 comments  |  Read  |  Post a Comment
Google Chrome Makes It Easier to Update Compromised Passwords
Dark Reading Staff, Quick Hits
A new capability will use Google's Duplex technology to alert people when their passwords are compromised and help change them.
By Dark Reading Staff , 5/19/2021
Comment0 comments  |  Read  |  Post a Comment
How to Mitigate Against Domain Credential Theft
Zur Ulianitzky & Yaron Shani, Head of Security Research , XM Cyber / Senior Cybersecurity Researcher, XM CyberCommentary
Attackers routinely reuse stolen domain credentials. Here are some ways to thwart their access.
By Zur Ulianitzky & Yaron Shani Head of Security Research , XM Cyber / Senior Cybersecurity Researcher, XM Cyber, 5/18/2021
Comment0 comments  |  Read  |  Post a Comment
Hashes, Salts, and Rainbow Tables: Confessions of a Password Cracker
Keira Stevens, Manager of Human intelligence, SpyCloudCommentary
Understanding a few basics about how password crackers think and behave could help you keep your users safer.
By Keira Stevens Manager of Human intelligence, SpyCloud, 5/12/2021
Comment0 comments  |  Read  |  Post a Comment
Why You Should Be Prepared to Pay a Ransom
Christopher Muffat, CEO and founderCommentary
Companies that claim they'll never pay up in a ransomware attack are more likely to get caught flat-footed.
By Christopher Muffat CEO and founder, 5/12/2021
Comment1 Comment  |  Read  |  Post a Comment
Cartoon Caption Winner: Greetings, Earthlings
John Klossner, CartoonistCommentary
And the winner of Dark Reading's April cartoon caption contest is ...
By John Klossner Cartoonist, 5/11/2021
Comment0 comments  |  Read  |  Post a Comment
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSecCommentary
Web scraping attacks, like Facebook's recent data leak, can easily lead to more significant breaches.
By Rob Simon Principal Security Consultant at TrustedSec, 5/7/2021
Comment0 comments  |  Read  |  Post a Comment
Google Plans to Automatically Enable Two-Factor Authentication
Dark Reading Staff, Quick Hits
The company plans to automatically enroll users in two-step verification if their accounts are properly configured.
By Dark Reading Staff , 5/6/2021
Comment0 comments  |  Read  |  Post a Comment
Newer Generic Top-Level Domains a Security 'Nuisance'
Jai Vijayan, Contributing WriterNews
Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use.
By Jai Vijayan Contributing Writer, 5/4/2021
Comment0 comments  |  Read  |  Post a Comment
Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat
Jai Vijayan, Contributing WriterNews
New research shows how threat actors can steal and decrypt signing certificates so SAML tokens can be forged.
By Jai Vijayan Contributing Writer, 4/28/2021
Comment0 comments  |  Read  |  Post a Comment
Pandemic Drives Greater Need for Endpoint Security
Dark Reading Staff, Quick Hits
Endpoint security has changed. Can your security plan keep up?
By Dark Reading Staff , 4/16/2021
Comment0 comments  |  Read  |  Post a Comment
Security Gaps in IoT Access Control Threaten Devices and Users
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
By Kelly Sheridan Staff Editor, Dark Reading, 4/16/2021
Comment0 comments  |  Read  |  Post a Comment
8 Security & Privacy Apps to Share With Family and Friends
Kelly Sheridan, Staff Editor, Dark Reading
Mobile apps to recommend to the people in your life who want to improve their online security and privacy.
By Kelly Sheridan Staff Editor, Dark Reading, 4/9/2021
Comment0 comments  |  Read  |  Post a Comment
NFT Thefts Reveal Security Risks in Coupling Private Keys & Digital Assets
Pratik Savla, Lead Security Engineer at VenafiCommentary
Compromised NFT accounts highlight security concerns inherent in the design of centralized systems.
By Pratik Savla Lead Security Engineer at Venafi, 4/6/2021
Comment0 comments  |  Read  |  Post a Comment
How Us Shady Geeks Put Others Off Security
Dr. Sauvik Das, Assistant Professor of Interactive Computing, Georgia TechCommentary
Early adopters of security and privacy tools may be perceived by others as paranoid, which, in turn, may repel non-experts from protecting themselves online.
By Dr. Sauvik Das Assistant Professor of Interactive Computing, Georgia Tech, 3/19/2021
Comment0 comments  |  Read  |  Post a Comment
Facebook Expands Security Key Support to iOS & Android
Kelly Sheridan, Staff Editor, Dark ReadingNews
Facebook's announcement arrives the same week Twitter enabled support for multiple security keys on user accounts.
By Kelly Sheridan Staff Editor, Dark Reading, 3/18/2021
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-33818
PUBLISHED: 2021-06-18
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
CVE-2021-33820
PUBLISHED: 2021-06-18
An issue was discovered in UniFi Protect G3 FLEX Camera Version UVC.v4.30.0.67.Attacker could send a huge amount of TCP SYN packet to make web service's resource exhausted. Then the web server is denial-of-service.
CVE-2021-33822
PUBLISHED: 2021-06-18
An issue was discovered on 4GEE ROUTER HH70VB Version HH70_E1_02.00_22. Attackers can use slowhttptest tool to send incomplete HTTP request, which could make server keep waiting for the packet to finish the connection, until its resource exhausted. Then the web server is denial-of-service.
CVE-2020-18442
PUBLISHED: 2021-06-18
Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a denial of service via the return value "zzip_file_read" in the function "unzzip_cat_file".
CVE-2021-3604
PUBLISHED: 2021-06-18
Secure 8 (Evalos) does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database.