Endpoint // Authentication
News & Commentary
New Citadel Attack Targets Password Managers
Jai Vijayan, Freelance writerNews
IBM researchers have found signs that the prolific data steal Trojan is now being used to attack widely used password managers.
By Jai Vijayan Freelance writer, 11/20/2014
Comment0 comments  |  Read  |  Post a Comment
Killing Passwords: Dont Get A-Twitter Over Digits
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitters new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment4 comments  |  Read  |  Post a Comment
Microsoft Issues Emergency Patch Amid Targeted Attacks
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Windows Kerberos authentication bug "critical."
By Kelly Jackson Higgins Executive Editor at Dark Reading, 11/18/2014
Comment2 comments  |  Read  |  Post a Comment
Is Security Awareness Training Really Worth It?
Fahmida Y. Rashid, News
Experts weigh in on the value of end-user security training, and how to make education more effective.
By Fahmida Y. Rashid , 11/18/2014
Comment9 comments  |  Read  |  Post a Comment
Stop Trusting Signed Malware: 3 Steps
Paul Drapeau, Principal Security Researcher, ConferCommentary
Cybercriminals who manipulate valid signatures and certificates to get malware into an organization is a more common tactic than you think.
By Paul Drapeau Principal Security Researcher, Confer, 11/7/2014
Comment0 comments  |  Read  |  Post a Comment
New Malware Targets iOS, OS X
Eric Zeman, News
WireLurker infects iPhones and iPads via USB cable when attached to Macs.
By Eric Zeman , 11/6/2014
Comment4 comments  |  Read  |  Post a Comment
Google Expands 2-Factor Authentication For Chrome, Gmail
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Google issues USB keys for Chrome users to log into Google accounts and any other websites that support FIDO universal two-factor authentication -- but it's no help to mobile users.
By Sara Peters Senior Editor at Dark Reading, 10/21/2014
Comment6 comments  |  Read  |  Post a Comment
Internet Of Things Will Turn Networks Inside-Out
Patrick Hubbard, Head Geek & Senior Technical Product Marketing Manager, SolarWindsCommentary
If IoT is ever going to work, networks will have to grant access to devices that we'd refuse outright today.
By Patrick Hubbard Head Geek & Senior Technical Product Marketing Manager, SolarWinds, 10/20/2014
Comment2 comments  |  Read  |  Post a Comment
Berners-Lee Behind New Private Communications Network For Ultra-Privacy Conscious
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
MeWe offers free, secure, and private communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/16/2014
Comment1 Comment  |  Read  |  Post a Comment
Hundreds Of DropBox Logins For Sale On Pastebin
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Trader says he's got 7 million more where those came from, but Dropbox says the accounts were expired.
By Sara Peters Senior Editor at Dark Reading, 10/14/2014
Comment0 comments  |  Read  |  Post a Comment
Stolen Medical Data Is Now A Hot Commodity
Lysa Myers, Security Researcher, ESETCommentary
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Heres why.
By Lysa Myers Security Researcher, ESET, 10/14/2014
Comment5 comments  |  Read  |  Post a Comment
2 Tech Challenges Preventing Online Voting In US
Sara Peters, Senior Editor at Dark ReadingNews
A new report explains that online voting in the US is a matter of "if, not when," but problems of anonymity and verifiability must be solved first.
By Sara Peters Senior Editor at Dark Reading, 10/9/2014
Comment7 comments  |  Read  |  Post a Comment
Poll: Employees Clueless About Social Engineering
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Not surprisingly, our latest poll confirms that threats stemming from criminals hacking humans are all too frequently ignored.
By Marilyn Cohodas Community Editor, Dark Reading, 10/2/2014
Comment5 comments  |  Read  |  Post a Comment
5 New Truths To Teach Your CIO About Identity
Patrick Harding, Commentary
When CIOs talk security they often use words like "firewall" and "antivirus." Heres why todays technology landscape needs a different vocabulary.
By Patrick Harding , 10/1/2014
Comment0 comments  |  Read  |  Post a Comment
7 Reasons To Love Passwords
Sara Peters, Senior Editor at Dark Reading
Passwords are often ridiculed, but there are some reasons they should be your nearest and dearest authentication factor.
By Sara Peters Senior Editor at Dark Reading, 9/17/2014
Comment12 comments  |  Read  |  Post a Comment
DR Radio: A Grown-Up Conversation About Passwords
Sara Peters, Senior Editor at Dark ReadingCommentary
Cormac Herley of Microsoft Research will challenge everything you think you know about password management.
By Sara Peters Senior Editor at Dark Reading, 9/16/2014
Comment7 comments  |  Read  |  Post a Comment
Why Email Is Worth Saving
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is.
By Daniel Ingevaldson CTO, Easy Solutions, 9/12/2014
Comment16 comments  |  Read  |  Post a Comment
Apple Pay Ups Payment Security But PoS Threats Remain
Sara Peters, Senior Editor at Dark ReadingNews
Apple's new contactless payment tech will not stop point-of-sale breaches like Home Depot and UPS, but it could make those breaches less valuable to attackers.
By Sara Peters Senior Editor at Dark Reading, 9/10/2014
Comment23 comments  |  Read  |  Post a Comment
UK Reconsidering Biometrics
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Parliament is looking for answers about biometrics' privacy, security, future uses, and whether or not legislation is ready for what comes next.
By Sara Peters Senior Editor at Dark Reading, 8/12/2014
Comment4 comments  |  Read  |  Post a Comment
6 Biometric Factors That Are Working Today
Marilyn Cohodas, Community Editor, Dark Reading
From fingerprints to wearable ECG monitors, there are real options in the market that may relegate the despised password to the dustbin of history.
By Marilyn Cohodas Community Editor, Dark Reading, 8/12/2014
Comment23 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2382
Published: 2014-11-20
The DfDiskLo.sys driver in Faronics Deep Freeze Standard and Enterprise 8.10 and earlier allows local administrators to cause a denial of service (crash) and execute arbitrary code via a crafted IOCTL request that writes to arbitrary memory locations, related to the IofCallDriver function.

CVE-2014-3625
Published: 2014-11-20
Directory traversal vulnerability in Pivitol Spring Framework 3.0.4 through 3.2.x before 3.2.12, 4.0.x before 4.0.8, and 4.1.x before 4.1.2 allows remote attackers to read arbitrary files via unspecified vectors, related to static resource handling.

CVE-2014-7194
Published: 2014-11-20
TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File Transfer Command Center before 7.2.4, Slingshot before 1.9.3, and Vault before 1.1.1 allow remote attackers to obtain sensitive information or modify data by leveraging agent access.

CVE-2014-7195
Published: 2014-11-20
Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before 6.0.2 and 6.5.x before 6.5.2, Spotfire Deployment Kit 6.0.x before 6.0.2 and 6.5.x before 6.5.2, and Silver Fabric Enabler for Spotfire Web Player before 1.6.1 allows remote authenticated users to obtain sensitive information via u...

CVE-2014-8000
Published: 2014-11-20
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enumerate user accounts via a series of requests, aka Bug ID CSCur63497.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?