Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

News & Commentary
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading
New data shows humans still struggle with password creation and management.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/28/2020
Comment1 Comment  |  Read  |  Post a Comment
How to Increase Voter Turnout & Reduce Fraud
Husayn Kassai, Co-Founder and CEO, OnfidoCommentary
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
By Husayn Kassai Co-Founder and CEO, Onfido, 10/28/2020
Comment0 comments  |  Read  |  Post a Comment
Neural Networks Help Users Pick More-Secure Passwords
Robert Lemos, Contributing WriterNews
Typically, blocklists are used to prevent users from picking easily guessable patterns, but a small neural network can do the same job and suggests that complex password requirements are not necessary.
By Robert Lemos Contributing Writer, 10/26/2020
Comment0 comments  |  Read  |  Post a Comment
Credential-Stuffing Attacks Plague Loyalty Programs
Ericka Chickowski, Contributing WriterNews
But that's not the only type of web attack cybercriminals have been profiting from.
By Ericka Chickowski Contributing Writer, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat ResearcherCommentary
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
By David Pearson Principal Threat Researcher, 10/21/2020
Comment2 comments  |  Read  |  Post a Comment
Businesses Rethink Endpoint Security for 2021
Kelly Sheridan, Staff Editor, Dark ReadingNews
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
By Kelly Sheridan Staff Editor, Dark Reading, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Building the Human Firewall
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Online Voting Is Coming, but How Secure Will It Be?
Brad Brooks, CEO of OneLoginCommentary
It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.
By Brad Brooks CEO of OneLogin, 10/13/2020
Comment0 comments  |  Read  |  Post a Comment
Why MSPs Are Hacker Targets, and What To Do About It
John Hammond, Senior Security Researcher at HuntressCommentary
Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.
By John Hammond Senior Security Researcher at Huntress, 10/9/2020
Comment0 comments  |  Read  |  Post a Comment
'Father of Identity Theft' Sentenced to 207 Months
Dark Reading Staff, Quick Hits
James Jackson was convicted of mail fraud, aggravated identity theft, access device fraud, and theft of mail last year.
By Dark Reading Staff , 10/2/2020
Comment0 comments  |  Read  |  Post a Comment
MFA-Minded Attackers Continue to Figure Out Workarounds
Robert Lemos, Contributing WriterNews
While MFA can improve overall security posture, it's not a "silver bullet" -- and hacks continue.
By Robert Lemos Contributing Writer, 9/28/2020
Comment0 comments  |  Read  |  Post a Comment
Research Finds Nearly 800,000 Access Keys Exposed Online
Dark Reading Staff, Quick Hits
The keys were primarily for access to databases and cloud services.
By Dark Reading Staff , 9/15/2020
Comment0 comments  |  Read  |  Post a Comment
Zoom Brings Two-Factor Authentication to All Users
Dark Reading Staff, Quick Hits
This marks the latest step Zoom has taken to improve user security as more employees work from home.
By Dark Reading Staff , 9/10/2020
Comment0 comments  |  Read  |  Post a Comment
7 Cybersecurity Priorities for Government Agencies & Political Campaigns
Dan Blum, Cybersecurity & Risk Management StrategistCommentary
As election season ramps up, organizations engaged in the process must strengthen security to prevent chaos and disorder from carrying the day. Here's how.
By Dan Blum Cybersecurity & Risk Management Strategist, 9/9/2020
Comment0 comments  |  Read  |  Post a Comment
Top 5 Identity-Centric Security Imperatives for Newly Minted Remote Workers
Morey Haber, CTO and CISO, BeyondTrustCommentary
In the wake of COVID-19, today's remote workforce is here to stay, at least for the foreseeable future. And with it, an increase in identity-related security incidents.
By Morey Haber CTO and CISO, BeyondTrust, 9/9/2020
Comment0 comments  |  Read  |  Post a Comment
Don't Forget Cybersecurity on Your Back-to-School List
Jeff Wilbur, Senior Director, Online Trust, the Internet SocietyCommentary
School systems don't seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.
By Jeff Wilbur Senior Director, Online Trust, the Internet Society, 9/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Deep Fake: Setting the Stage for Next-Gen Social Engineering
Jon Mendoza, CISO, TechnologentCommentary
Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.
By Jon Mendoza CISO, Technologent, 8/26/2020
Comment2 comments  |  Read  |  Post a Comment
Twitter Hack: The Spotlight that Insider Threats Need
Shareth Ben, Executive Director, Field Engineering, SecuronixCommentary
The high profile attack should spur serious board-level conversations around the importance of insider threat prevention.
By Shareth Ben Executive Director, Field Engineering, Securonix, 8/20/2020
Comment2 comments  |  Read  |  Post a Comment
Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It
Dark Reading Staff, News
Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks theyve detected, and suggest mitigations as businesses rely more heavily on the cloud.
By Dark Reading Staff , 8/6/2020
Comment0 comments  |  Read  |  Post a Comment
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Alex Artamonov, System Engineer & Cybersecurity Specialist, Infinitely VirtualCommentary
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
By Alex Artamonov System Engineer & Cybersecurity Specialist, Infinitely Virtual, 7/27/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/27/2020
Chinese Attackers' Favorite Flaws Prove Global Threats, Research Shows
Kelly Sheridan, Staff Editor, Dark Reading,  10/27/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27742
PUBLISHED: 2020-10-28
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926&qu...
CVE-2020-27980
PUBLISHED: 2020-10-28
Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users.
CVE-2020-24990
PUBLISHED: 2020-10-28
An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version.
CVE-2020-25204
PUBLISHED: 2020-10-28
The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver. The purpose of this broadcast receiver is to show an in-game push notification to the player. However, the applicatio...
CVE-2020-27739
PUBLISHED: 2020-10-28
A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users' sessions. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread.