Endpoint // Authentication
News & Commentary
Internet Of Things & The Platform Of Parenthood
Don Bailey, Founder & CEO, Lab Mouse SecurityCommentary
A new fathers musings on the problems with securing embedded systems, and why there are so few incentives for architecting trustworthy IoT technology from the ground up.
By Don Bailey Founder & CEO, Lab Mouse Security, 6/23/2016
Comment9 comments  |  Read  |  Post a Comment
Phishing, Whaling & The Surprising Importance Of Privileged Users
Joseph Opacki, VP, Threat Research, PhishLabsCommentary
By bagging a privileged user early on, attackers can move from entry point to mission accomplished in no time at all.
By Joseph Opacki VP, Threat Research, PhishLabs, 6/21/2016
Comment1 Comment  |  Read  |  Post a Comment
5 Tips For Staying Cyber-Secure On Your Summer Vacation
Emily Johnson, Associate Editor, UBM AmericasNews
Stick with mobile payment apps and carrier networks when traveling. And don't broadcast your plans or locations via social media.
By Emily Johnson Associate Editor, UBM Americas, 6/20/2016
Comment2 comments  |  Read  |  Post a Comment
Pretty Good Passwords: Cartoon Caption Contest Winners
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Sticky notes, multi-factor authentication, password reuse and Donald Trump. And the winner is...
By Marilyn Cohodas Community Editor, Dark Reading, 6/16/2016
Comment1 Comment  |  Read  |  Post a Comment
Self-Service Password Reset & Social Engineering: A Match Made In Hell
Jackson Shaw, Senior Director, Product Management, Dell SecurityCommentary
A sad tale of how hackers compromised a CEOs corporate account by trolling Facebook and LInkedin for answers to six common authentication questions. (And how to avoid that happening to you)
By Jackson Shaw Senior Director, Product Management, Dell Security, 6/13/2016
Comment9 comments  |  Read  |  Post a Comment
Twitter Says Its Servers Were Not Breached
Dark Reading Staff, Quick Hits
Account details leaked are from other hacked websites, claims the social media tool.
By Dark Reading Staff , 6/13/2016
Comment0 comments  |  Read  |  Post a Comment
Microsegmentation & The Need For An Intelligent Attack Surface
Doug Gourlay,  Corporate VP, Skyport SystemsCommentary
There is a fundamental difference in the security posture and technology for protecting the White House versus a Social Security office in California. So, too, for the critical apps and systems that are likely targets in your enterprise.
By Doug Gourlay Corporate VP, Skyport Systems, 6/7/2016
Comment0 comments  |  Read  |  Post a Comment
Poor Airport Security Practices Just Dont Fly
Joe Schorr, Director of Advanced Security Solutions, BomgarCommentary
Five lessons learned the hard way by the Tampa International Airport about bringing third parties into a security environment.
By Joe Schorr Director of Advanced Security Solutions, Bomgar, 5/24/2016
Comment0 comments  |  Read  |  Post a Comment
Google To Eliminate Passwords For Android Apps
Dark Reading Staff, Quick Hits
Project Abacus, in last stage of trial, will employ secure biometrics to unlock devices.
By Dark Reading Staff , 5/24/2016
Comment7 comments  |  Read  |  Post a Comment
Enterprises Must Consider Privacy Concern For Biometrics
Ericka Chickowski, Contributing Writer, Dark ReadingNews
On-server storage and processing of biometric authentication presents a host of regulatory and corporate responsibility issues.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/12/2016
Comment3 comments  |  Read  |  Post a Comment
British Law Enforcement Agency Loses Bid To Get Passwords From Hacker Lauri Love
Dark Reading Staff, Quick Hits
Judge says National Crime Agency should use normal police powers -- not civil action -- to access information, allegedly hacked from US Army, NASA and US Federal Reserve networks.
By Dark Reading Staff , 5/11/2016
Comment0 comments  |  Read  |  Post a Comment
PCI DSS 3.2: Making the Move to MFA
Emma Sutcliffe, Senior Director, Data Security Standards, PCI Security Standards CouncilCommentary
PCI DSS has always required that any untrusted, remote access into the cardholder data environment use multi-factor authentication. Now version 3.2 takes it one step further.
By Emma Sutcliffe Senior Director, Data Security Standards, PCI Security Standards Council, 5/9/2016
Comment3 comments  |  Read  |  Post a Comment
Silicon & Artificial Intelligence: The Foundation of Next Gen Data Security
Mark Papermaster, SVP & CTO, AMDCommentary
Why new challenges like real-time, always-on authentication and access control can only be met by a combination of smart hardware and software.
By Mark Papermaster SVP & CTO, AMD, 5/5/2016
Comment0 comments  |  Read  |  Post a Comment
10 Biggest Mega Breaches Of The Past 10 Years
Ericka Chickowski, Contributing Writer, Dark Reading
These data breaches from Dark Reading's 10-year history boggle the mind in terms of scale and fallout.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/3/2016
Comment0 comments  |  Read  |  Post a Comment
8 Microsoft Office 365 Security Tips To Reduce Data Loss
Sean Martin, CISSP | President, imsmartin
Even with a slew of new security tools and compliance guidance, there are still things you can do to protect this critical business system.
By Sean Martin CISSP | President, imsmartin, 5/2/2016
Comment0 comments  |  Read  |  Post a Comment
Device Advice: Keeping Fraudsters From Consumer Info
Gasan Awad, VP, Identity & Fraud Product Management, EquifaxCommentary
Data breaches are the first stop for criminals with intentions to steal personally identifiable information. These tips show how to fight fraud while optimizing the customer experience.
By Gasan Awad VP, Identity & Fraud Product Management, Equifax, 4/19/2016
Comment0 comments  |  Read  |  Post a Comment
Privacy Debate: Apple & Google Today; AWS or Azure Tomorrow?
Kennet Westby, Founding Partner, President & COO, CoalfireCommentary
Why the recent fight over mobile phone security and encryption is moving to the cloud.
By Kennet Westby Founding Partner, President & COO, Coalfire, 4/18/2016
Comment1 Comment  |  Read  |  Post a Comment
9 Years Prison, $1.7 Million Fine For Malicious Insider
Sara Peters, Senior Editor at Dark ReadingNews
Former IT engineer stung for destructive attack on law firm.
By Sara Peters Senior Editor at Dark Reading, 4/18/2016
Comment3 comments  |  Read  |  Post a Comment
150 Biometric, Two-Factor Authentication Products Now FIDO-Certified
Dark Reading Staff, Quick Hits
The Fast IDentity Online (FIDO) Alliance hits a new milestone.
By Dark Reading Staff , 4/6/2016
Comment0 comments  |  Read  |  Post a Comment
'FBiOS' Case Heading For A New Firestorm
Jonathan Braverman, Legal and Compliance Officer, CymmetriaCommentary
The surprise developments in the FBI v Apple case offer little reason to celebrate for encryption and privacy advocates.
By Jonathan Braverman Legal and Compliance Officer, Cymmetria, 3/30/2016
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How To Build An Effective Defense Against Ransomware
A compendium of Dark Reading´s best recent coverage of ransomware attacks, as well as best practices for defending your enterprise against them.
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Tim Wilson speaks to two experts on vulnerability research independent consultant Jeremiah Grossman and Black Duck Softwares Mike Pittenger about the latest wave of vulnerabilities being exploited by online attackers