Endpoint // Authentication
News & Commentary
Blockchain & The Battle To Secure Digital Identities
Xavier Larduinat, Manager for Innovation, GemaltoCommentaryy
This emerging technology is a promising way to verify transactions without compromising your digital identity.
By Xavier Larduinat Manager for Innovation, Gemalto, 10/25/2016
Comment0 comments  |  Read  |  Post a Comment
Deleting Emails Original Sin: An Historical Perspective
Alexander Garca-Tobar, ValiMail CEO & co-founderCommentaryy
Can DMARC do for email security what SSL certificates did for e-commerce?
By Alexander Garca-Tobar ValiMail CEO & co-founder, 10/24/2016
Comment1 Comment  |  Read  |  Post a Comment
Flipping Security Awareness Training
Stan Black, CSO, CitrixCommentaryy
Threats can be minimized when teams understand business goals and objectives. These four tips can help turn things around.
By Stan Black CSO, Citrix, 10/21/2016
Comment0 comments  |  Read  |  Post a Comment
Database Breaches: An Alarming Lack Of Preparedness
John Moynihan, President, Minuteman GovernanceCommentaryy
It's no secret that databases are fertile ground for malicious activities. Here's how a seven-step process for monitoring known harbingers of an imminent attack can help reduce the risk.
By John Moynihan President, Minuteman Governance, 10/10/2016
Comment3 comments  |  Read  |  Post a Comment
FBI Seeking Access To Another Locked iPhone
Dark Reading Staff, Quick Hits
Bureau 'in the process of assessing our legal and technical options' to access passcode-locked iPhone of Dahir Adan.
By Dark Reading Staff , 10/7/2016
Comment0 comments  |  Read  |  Post a Comment
NIST Study: User 'Security Fatigue' Adding to Online Risk
Terry Sweeney, Contributing EditorNews
Decision-making overload with passwords, certificates, software updates frustrates users
By Terry Sweeney Contributing Editor, 10/4/2016
Comment0 comments  |  Read  |  Post a Comment
5 Ways To Lock Down Your Login
Steve Zurier, Freelance Writer
New public awareness campaign inspired by the White House calls for users to think more carefully about stronger authentication.
By Steve Zurier Freelance Writer, 10/4/2016
Comment0 comments  |  Read  |  Post a Comment
6 Ways To Prepare For The EUs GDPR
Jai Vijayan, Freelance writerNews
In less than 20 months, all US companies doing business in the EU will face new consumer privacy requirements. Heres how to prepare for them.
By Jai Vijayan Freelance writer, 9/30/2016
Comment1 Comment  |  Read  |  Post a Comment
The Real Reasons Why Users Stink At Passwords
Terry Sweeney, Contributing EditorNews
Personality, denial, and authentication-overload are big factors, new study finds.
By Terry Sweeney Contributing Editor, 9/28/2016
Comment14 comments  |  Read  |  Post a Comment
5 Best Practices For Winning the IoT Security Arms Race
Mark Benson & Brian Ericson, Exosite CTO & Software EngineerCommentaryy
By focusing on a pragmatic approach to security, its possible to develop IoT solutions that will reduce future risk without breaking the bank.
By Mark Benson, CTO, and Brian Ericson, , 9/27/2016
Comment0 comments  |  Read  |  Post a Comment
7 New Rules For IoT Safety & Vuln Disclosure
Lysa Myers, Security Researcher, ESETCommentaryy
In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
By Lysa Myers Security Researcher, ESET, 9/24/2016
Comment0 comments  |  Read  |  Post a Comment
Google Chrome To Flag Non-HTTPS Logins, Credit Card Info 'Not Secure'
Terry Sweeney, Contributing EditorNews
The move is part of a larger Google push to lock down Web traffic using encryption between the browser and Web server.
By Terry Sweeney Contributing Editor, 9/15/2016
Comment0 comments  |  Read  |  Post a Comment
Data Manipulation: An Imminent Threat
John Moynihan, President, Minuteman GovernanceCommentaryy
Critical industries are largely unprepared for a potential wave of destructive attacks.
By John Moynihan President, Minuteman Governance, 9/12/2016
Comment2 comments  |  Read  |  Post a Comment
Multi-Factor IT Authentication Hampers Progress, Say 47% US Companies
Dark Reading Staff, Quick Hits
IS Decisions survey finds organizations are looking for alternate to multi-factor verification, which they believe takes up time and slows productivity.
By Dark Reading Staff , 9/9/2016
Comment3 comments  |  Read  |  Post a Comment
RSA's Yoran Says Firm's Mission Remains Unchanged In Dell-EMC Merger
Jai Vijayan, Freelance writerNews
RSA remains in full charge of its destiny, RSA president Amit Yoran says.
By Jai Vijayan Freelance writer, 9/8/2016
Comment1 Comment  |  Read  |  Post a Comment
Intruders Pilfered Over 68 Million Passwords In 2012 Dropbox Breach
Jai Vijayan, Freelance writerNews
But all passwords were hashed and salted and no evidence they have been misused, company says.
By Jai Vijayan Freelance writer, 8/31/2016
Comment2 comments  |  Read  |  Post a Comment
Opera Forces Password Reset For 1.7 Million Users After Server Breach
Jai Vijayan, Freelance writerNews
Among those browser users affected are those who synced passwords to third-party sites.
By Jai Vijayan Freelance writer, 8/30/2016
Comment1 Comment  |  Read  |  Post a Comment
How To Bullet Proof Your PAM Accounts: 7 Tips
Steve Zurier, Freelance Writer
Recent studies demonstrate the need for companies to focus more on their privileged users.
By Steve Zurier Freelance Writer, 8/26/2016
Comment0 comments  |  Read  |  Post a Comment
The Hidden Dangers Of 'Bring Your Own Body'
Kon Leong, CEO/Co-founder, ZL TechnologiesCommentaryy
The use of biometric data is on the rise, causing new security risks that must be assessed and addressed.
By Kon Leong CEO/Co-founder, ZL Technologies, 8/26/2016
Comment7 comments  |  Read  |  Post a Comment
The Secret Behind the NSA Breach: Network Infrastructure Is the Next Target
Yoni Allon, Research Team Leader, LightCyberCommentaryy
How the networking industry has fallen way behind in incorporating security measures to prevent exploits to ubiquitous routers, proxies, firewalls, and switches.
By Yoni Allon Research Team Leader, LightCyber, 8/25/2016
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.