Endpoint //

Authentication

News & Commentary
Shifting Attacks Put Increasing ID Fraud Burden on Consumers
Robert Lemos, Technology Journalist/Data ResearcherNews
Card-present fraud is down, but attackers continue to find new strategies, and consumers are paying the price.
By Robert Lemos , 3/8/2019
Comment0 comments  |  Read  |  Post a Comment
Debunking 5 Myths About Zero Trust Security
Torsten George, Cybersecurity Evangelist at CentrifyCommentary
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
By Torsten George Cybersecurity Evangelist at Centrify, 3/7/2019
Comment0 comments  |  Read  |  Post a Comment
4 Ways At-Work Apps Are Vulnerable to Attack
Yoram Salinger, CEO of Perception PointCommentary
Collaboration applications make users and IT teams more efficient. But they come with an added cost: security.
By Yoram Salinger CEO of Perception Point, 3/7/2019
Comment3 comments  |  Read  |  Post a Comment
Fighting Alert Fatigue with Actionable Intelligence
Curtis Brazzell, Managing Security Consultant, PonduranceCommentary
By fine-tuning security system algorithms, analysts can make alerts intelligent and useful, not merely generators of noise.
By Curtis Brazzell Managing Security Consultant, Pondurance, 3/6/2019
Comment0 comments  |  Read  |  Post a Comment
Artificial Intelligence: The Terminator of Malware
Chris Rouland, Co-Founder and Chief Executive Officer at Phosphorus CybersecurityCommentary
Is it possible that the combination of AI, facial recognition, and the coalescence of global mass-hack data could lead us toward a Skynet-like future?
By Chris Rouland Co-Founder and Chief Executive Officer at Phosphorus Cybersecurity, 3/5/2019
Comment0 comments  |  Read  |  Post a Comment
Startup Armor Scientific Launches Multifactor Identity System
Robert Lemos, Technology Journalist/Data ResearcherNews
Company aims to replace usernames and passwords by combining GPS location, biometrics, and keys issued through a blockchain-based network.
By Robert Lemos Technology Journalist/Data Researcher, 3/4/2019
Comment0 comments  |  Read  |  Post a Comment
6 Tips for Getting the Most from Your VPN
Curtis Franklin Jr., Senior Editor at Dark Reading
VPNs are critical for information security. But simply having these cozy security tunnels in the toolkit isn't enough to keep an organization's data safe.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 2/22/2019
Comment4 comments  |  Read  |  Post a Comment
The Anatomy of a Lazy Phish
Jordan Shakhsheer, Information Security Engineer, Bluestone AnalyticsCommentary
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.
By Jordan Shakhsheer Information Security Engineer, Bluestone Analytics, 2/20/2019
Comment2 comments  |  Read  |  Post a Comment
6 Tax Season Tips for Security Pros
Steve Zurier, Freelance Writer
Here are some practical ways to keep your company safe as Uncle Sam comes calling.
By Steve Zurier Freelance Writer, 2/19/2019
Comment3 comments  |  Read  |  Post a Comment
70% of Consumers Want Biometrics in the Workplace
Steve Zurier, Freelance WriterNews
Speed, simplicity, and security underscore their desire, a new study shows.
By Steve Zurier Freelance Writer, 2/13/2019
Comment0 comments  |  Read  |  Post a Comment
4 Payment Security Trends for 2019
Ellen Richey, Vice Chairman and Chief Risk Officer, VisaCommentary
Visa's chief risk officer anticipates some positive changes ahead.
By Ellen Richey Vice Chairman and Chief Risk Officer, Visa, 2/7/2019
Comment0 comments  |  Read  |  Post a Comment
New Chrome Extension Takes Aim at Password Security
Steve Zurier, Freelance WriterNews
Google adds 'Password Checkup' feature that alerts users if their online credentials have been compromised.
By Steve Zurier Freelance Writer, 2/6/2019
Comment1 Comment  |  Read  |  Post a Comment
New Phishing Campaign Packs Triple Threat
Dark Reading Staff, Quick Hits
Attack threatens victims with three "deadly malware" infestations if they don't give up critical email account credentials.
By Dark Reading Staff , 1/24/2019
Comment0 comments  |  Read  |  Post a Comment
The Rx for HIPAA Compliance in the Cloud
Jason Polancich, CEO, MusubuCommentary
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
By Jason Polancich CEO, Musubu, 1/18/2019
Comment1 Comment  |  Read  |  Post a Comment
Online Fraud: Now a Major Application Layer Security Problem
Ting-Fang Yen, Research Scientist, DataVisor, Inc.Commentary
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
By Ting-Fang Yen Research Scientist, DataVisor, Inc., 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
US Judge: Police Can't Force Biometric Authentication
Dark Reading Staff, Quick Hits
Law enforcement cannot order individuals to unlock devices using facial or fingerprint scans, a California judge says.
By Dark Reading Staff , 1/15/2019
Comment9 comments  |  Read  |  Post a Comment
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.
By Eyal Benishti CEO & Founder of IRONSCALES, 1/14/2019
Comment1 Comment  |  Read  |  Post a Comment
Akamai Streamlines Identity Management with Janrain Acquisition
Dark Reading Staff, Quick Hits
Akamai plans to combine Janrain's Identity Cloud with its Intelligent Platform to improve identity management.
By Dark Reading Staff , 1/7/2019
Comment0 comments  |  Read  |  Post a Comment
Unpatched Kernel-Level Vuln in IBM Security Tool for Apple MacOS Revealed
Dark Reading Staff, Quick Hits
Researchers disclose signedness bug in driver used by IBM Trusteer Rapport endpoint security tool after IBM fails to deliver timely patch.
By Dark Reading Staff , 12/21/2018
Comment0 comments  |  Read  |  Post a Comment
Hackers Bypass Gmail, Yahoo 2FA at Scale
Dark Reading Staff, Quick Hits
A new Amnesty International report explains how cyberattackers are phishing second-factor authentication codes sent via SMS.
By Dark Reading Staff , 12/20/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
Cybercriminals Think Small to Earn Big
Dark Reading Staff 3/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: LOL  Hope this one wins
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.