Endpoint // Authentication
News & Commentary
As Malware Surges, U.S. Remains Biggest Source of Attacks
Jai Vijayan, Freelance writerNews
The country leads others in malicious IP, URLs and phishing sites.
By Jai Vijayan Freelance writer, 4/24/2015
Comment6 comments  |  Read  |  Post a Comment
Behavioral Biometrics On The Rise At RSA Conference
Sara Peters, Senior Editor at Dark ReadingNews
Harder to spoof and easier on users, behavioral biometrics may be bigger than passwords soon.
By Sara Peters Senior Editor at Dark Reading, 4/23/2015
Comment3 comments  |  Read  |  Post a Comment
The Good & Bad Of BYOD
Michele Chubirka, Security ArchitectCommentary
BYOD has very little to do with technology and everything to do with security, organizational politics, and human psychology.
By Michele Chubirka Security Architect, 4/3/2015
Comment4 comments  |  Read  |  Post a Comment
Google Spat With Chinese Firm Highlights Digital Certificate Security Challenges
Jai Vijayan, Freelance writerNews
Chrome will no longer trust certs issued by CNNIC following recent snafu, and Mozilla Firefox will revoke certs issued by the Chinese authority before April 1.
By Jai Vijayan Freelance writer, 4/3/2015
Comment1 Comment  |  Read  |  Post a Comment
Salesforce Acquires Mobile Authentication Specialist Toopher
Nathan Eddy, Freelance WriterNews
Salesforce is looking to add to its identity and access management offering by acquiring start-up Toopher. Financial details were not disclosed.
By Nathan Eddy Freelance Writer, 4/2/2015
Comment0 comments  |  Read  |  Post a Comment
Dance Of The 'Next-Gen' CISO
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Classical ballerina-turned hacker-turned CISO Justine Bone talks old-school hacking, biometric authentication, coding in stilettos, Kristin Wiig -- and finishing her kids' leftover mac and cheese.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/1/2015
Comment0 comments  |  Read  |  Post a Comment
British Airways The Latest Loyalty Program Breach Victim
Sara Peters, Senior Editor at Dark ReadingNews
Who needs to steal credit cards when you can get airfare and luxury items for free?
By Sara Peters Senior Editor at Dark Reading, 3/30/2015
Comment1 Comment  |  Read  |  Post a Comment
SSL/TLS Suffers 'Bar Mitzvah Attack'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/26/2015
Comment3 comments  |  Read  |  Post a Comment
The Internet Of Bring-Your-Own Things
David Lindner, Global Practice Manager, Mobile Application Security Services, Aspect SecurityCommentary
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.
By David Lindner Global Practice Manager, Mobile Application Security Services, Aspect Security, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
New Secure Online Check-Out Tech Goes For Less Friction, More Biometrics
Sara Peters, Senior Editor at Dark ReadingNews
BioCatch, Zumigo, and Alibaba release tools to help merchants avoid those pesky charge-back costs.
By Sara Peters Senior Editor at Dark Reading, 3/24/2015
Comment2 comments  |  Read  |  Post a Comment
Worst Sports-Related Passwords
Sara Peters, Senior Editor at Dark ReadingNews
March Madness and Spring Training underway. NFL draft and NBA playoffs soon to come. Your users may be even more tempted than ever to create some of these bad sports-related passwords
By Sara Peters Senior Editor at Dark Reading, 3/23/2015
Comment18 comments  |  Read  |  Post a Comment
Microsoft Warns Of Phony Windows Live Digital Certificate
Dark Reading Staff, Quick Hits
Unauathorized SSL certificate for 'live.fi' could be used for man-in-the-middle, phishing attacks, Microsoft says.
By Dark Reading Staff , 3/17/2015
Comment0 comments  |  Read  |  Post a Comment
Yahoo's One-Time Passwords Have Security Experts Divided
Sara Peters, Senior Editor at Dark ReadingNews
Better protection from keyloggers, but you'd better not lose your phone, Yahoo users.
By Sara Peters Senior Editor at Dark Reading, 3/16/2015
Comment7 comments  |  Read  |  Post a Comment
Apple Pay Fraud Gives Us A New Reason To Hate Data Breaches And SSNs
Sara Peters, Senior Editor at Dark ReadingNews
There may already be millions of dollars in losses, but you can't blame Apple for this one.
By Sara Peters Senior Editor at Dark Reading, 3/4/2015
Comment16 comments  |  Read  |  Post a Comment
A Building Code For Internet of Things Security, Privacy
Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering InstituteCommentary
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015
Comment6 comments  |  Read  |  Post a Comment
Mobile Security By The Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Rounding up the latest research on mobile malware and security practices.
By Ericka Chickowski , 3/2/2015
Comment3 comments  |  Read  |  Post a Comment
Video: Net Neutrality, Celebrity Geek Hobbies, Secure Payments
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds delves into the FCCs net neutrality vote, reveals secret nerdy hobbies of the stars, and checks the state of secure payment systems.
By Andrew Conry Murray Director of Content & Community, Interop, 2/27/2015
Comment2 comments  |  Read  |  Post a Comment
How To Reduce Spam & Phishing With DMARC
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015
Comment7 comments  |  Read  |  Post a Comment
7 Things You Should Know About Secure Payment Technology
Sara Peters, Senior Editor at Dark Reading
Despite the existence of EMV and Apple Pay, we're a long way from true payment security, especially in the US.
By Sara Peters Senior Editor at Dark Reading, 2/24/2015
Comment14 comments  |  Read  |  Post a Comment
Video: Zombie Cookies, IT Budgets & Twitter Hacks
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at zombie cookies, your 2015 IT budget, the rise of open source storage, and more.
By Andrew Conry Murray Director of Content & Community, Interop, 1/16/2015
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1774
Published: 2015-04-28
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.

CVE-2015-1863
Published: 2015-04-28
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.

CVE-2015-3340
Published: 2015-04-28
Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_getdomaininfolist request.

CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.