News & Commentary

Latest Content tagged with Authentication
Page 1 / 2   >   >>
Empathy: The Next Killer App for Cybersecurity?
Commentary  |  11/13/2018  | 
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
Guilty Plea Made in Massive International Cell Phone Fraud Case
Quick Hits  |  11/9/2018  | 
A former West Palm Beach resident is the fifth defendant to plead guilty in a case involving thousands of victims.
Why Password Management and Security Strategies Fall Short
News  |  11/7/2018  | 
Researchers say companies need to rethink their password training and take a more holistic approach to security.
Where Is the Consumer Outrage about Data Breaches?
Commentary  |  11/1/2018  | 
Facebook, Equifax, Cambridge Analytica Why do breaches of incomprehensible magnitude lead to a quick recovery for the businesses that lost or abused the data and such little lasting impact for the people whose information is stolen.
FIFA Reveals Second Hack
Quick Hits  |  11/1/2018  | 
Successful phishing campaign leads attackers to confidential information of world soccer's governing body.
Companies Fall Short on 2FA
Quick Hits  |  10/30/2018  | 
New research ranks organizations based on whether they offer two-factor authentication.
The Case for MarDevSecOps
Commentary  |  10/30/2018  | 
Why security must lead the integration of marketing into the collaborative security and development model in the cloud.
10 Steps for Creating Strong Customer Authentication
Commentary  |  10/30/2018  | 
Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help.
Securing Severless: Defend or Attack?
Commentary  |  10/25/2018  | 
The best way to protect your cloud infrastructure is to pay attention to the fundamentals of application security, identity access management roles, and follow configuration best-practices.
Gartner Experts Highlight Tech Trends And Their Security Risks
News  |  10/22/2018  | 
Security must be built into systems and applications from the beginning of the design process, they agreed.
Risky Business: Dark Reading Caption Contest Winners
Commentary  |  10/19/2018  | 
Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...
Window Snyder Shares Her Plans for Intel Security
News  |  10/11/2018  | 
The security leader, known for her role in securing Microsoft, Apple, and Mozilla, discusses her new gig and what she's working on now.
Not All Multifactor Authentication Is Created Equal
Commentary  |  10/11/2018  | 
Users should be aware of the strengths and weaknesses of the various MFA methods.
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Commentary  |  10/5/2018  | 
Technology such as Apple's device trust score that decides "you" is not you is a good thing. But only if it works well.
California Enacts First-in-Nation IoT Security Law
Quick Hits  |  10/1/2018  | 
The new law requires some form of authentication for most connected devices.
FBI IC3 Warns of RDP Vulnerability
Quick Hits  |  9/28/2018  | 
Government agencies remind users that RDP can be used for malicious purposes by criminal actors.
The Cloud Security Conundrum: Assets vs. Infrastructure
Commentary  |  9/25/2018  | 
The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?
Account Takeover Attacks Become a Phishing Fave
Quick Hits  |  9/20/2018  | 
More than three-quarters of ATOs resulted in a phishing email, a new report shows.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
Commentary  |  9/19/2018  | 
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
The Top 5 Security Threats & Mitigations for Industrial Networks
Commentary  |  9/18/2018  | 
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
IoT Threats Triple Since 2017
Quick Hits  |  9/18/2018  | 
Rapidly evolving malware is posing an ever-greater threat to the IoT and business users of the Internet.
Military, Government Users Just as Bad About Password Hygiene as Civilians
News  |  9/14/2018  | 
New report comes out just as group of US senators chastise Secretary of State Mike Pompeo for not using multifactor authentication.
4 Trends Giving CISOs Sleepless Nights
Commentary  |  9/12/2018  | 
IoT attacks, budget shortfalls, and the skills gap are among the problems keeping security pros up at night.
4 Practical Measures to Improve Election Security Now
Commentary  |  9/11/2018  | 
It's more critical than ever for states to protect our democratic system and voting infrastructure from foreign cyber espionage.
Authentication Grows Up
News  |  9/4/2018  | 
Which forms of multi-factor authentication (MFA) are working, which are not, and where industry watchers think the market is headed.
How to Gauge the Effectiveness of Security Awareness Programs
Commentary  |  8/21/2018  | 
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Shadow IT: Every Company's 3 Hidden Security Risks
Commentary  |  8/7/2018  | 
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
IT Managers: Are You Keeping Up with Social-Engineering Attacks?
Commentary  |  8/6/2018  | 
Increasingly sophisticated threats require a mix of people, processes, and technology safeguards.
Is SMS 2FA Enough Login Protection?
News  |  8/3/2018  | 
Experts say Reddit breach offers a prime example of the risks of depending on one-time passwords sent via text.
London Calling with New Strategies to Stop Ransomware
Commentary  |  7/23/2018  | 
The new London Protocol from the Certificate Authority Security Council/Browser Forum aims to minimize the possibility of phishing activity on high-value identity websites.
Beyond Passwords: Why Your Company Should Rethink Authentication
Commentary  |  7/19/2018  | 
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
Bomgar Acquires Avecto
Quick Hits  |  7/10/2018  | 
Purchase adds layers to privileged access management system.
Reactive or Proactive? Making the Case for New Kill Chains
Commentary  |  7/6/2018  | 
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
Consumers Rank Security High in Payment Decisions
Quick Hits  |  7/3/2018  | 
Security is a top priority when it comes to making decisions on payment methods and technologies.
iOS 12 2FA Feature May Carry Bank Fraud Risk
Quick Hits  |  7/2/2018  | 
Making two-factor authentication faster could also make it less secure.
10 Tips for More Secure Mobile Devices
Slideshows  |  6/27/2018  | 
Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.
Secure Code: You Are the Solution to Open Sources Biggest Problem
Commentary  |  6/25/2018  | 
Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.
Inside a SamSam Ransomware Attack
Commentary  |  6/20/2018  | 
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
3 Tips for Driving User Buy-in to Security Policies
Commentary  |  6/18/2018  | 
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Survey Shows Florida at the Bottom for Consumer Cybersecurity
News  |  6/6/2018  | 
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
Fortinet Completes Bradford Networks Purchase
Quick Hits  |  6/4/2018  | 
NAC and security firm added to Fortinet's portfolio.
5 Tips for Protecting SOHO Routers Against the VPNFilter Malware
Slideshows  |  6/2/2018  | 
Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.
The Good News about Cross-Domain Identity Management
Commentary  |  5/31/2018  | 
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
Commentary  |  5/31/2018  | 
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
6 Ways Third Parties Can Trip Up Your Security
Slideshows  |  5/29/2018  | 
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
More Than Half of Users Reuse Passwords
News  |  5/24/2018  | 
Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.
What Should Post-Quantum Cryptography Look Like?
News  |  5/23/2018  | 
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
Commentary  |  5/22/2018  | 
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
How to Hang Up on Fraud
Commentary  |  5/18/2018  | 
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
California Teen Arrested for Phishing Teachers to Change Grades
Quick Hits  |  5/17/2018  | 
The student faces 14 felony counts for using a phishing campaign to steal teachers' credentials and alter students' grades.
Page 1 / 2   >   >>


Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19279
PUBLISHED: 2018-11-14
PRIMX ZoneCentral before 6.1.2236 on Windows sometimes leaks the plaintext of NTFS files. On non-SSD devices, this is limited to a 5-second window and file sizes less than 600 bytes. The effect on SSD devices may be greater.
CVE-2018-19280
PUBLISHED: 2018-11-14
Centreon 3.4.x has XSS via the resource name or macro expression of a poller macro.
CVE-2018-19281
PUBLISHED: 2018-11-14
Centreon 3.4.x allows SNMP trap SQL Injection.
CVE-2018-17960
PUBLISHED: 2018-11-14
CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste.
CVE-2018-19278
PUBLISHED: 2018-11-14
Buffer overflow in DNS SRV and NAPTR lookups in Digium Asterisk 15.x before 15.6.2 and 16.x before 16.0.1 allows remote attackers to crash Asterisk via a specially crafted DNS SRV or NAPTR response, because a buffer size is supposed to match an expanded length but actually matches a compressed lengt...