Endpoint // Authentication
News & Commentary
Apple Pay Fraud Gives Us A New Reason To Hate Data Breaches And SSNs
Sara Peters, Senior Editor at Dark ReadingNews
There may already be millions of dollars in losses, but you can't blame Apple for this one.
By Sara Peters Senior Editor at Dark Reading, 3/4/2015
Comment14 comments  |  Read  |  Post a Comment
A Building Code For Internet of Things Security, Privacy
Greg Shannon, Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering InstituteCommentary
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
By Greg Shannon Ph.D., chair, IEEE Cybersecurity Initiative & Chief Scientist, CERT Division, Carnegie Mellon University Software Engineering Institute, 3/4/2015
Comment2 comments  |  Read  |  Post a Comment
Mobile Security By The Numbers
Ericka Chickowski, Contributing Writer, Dark Reading
Rounding up the latest research on mobile malware and security practices.
By Ericka Chickowski , 3/2/2015
Comment0 comments  |  Read  |  Post a Comment
Video: Net Neutrality, Celebrity Geek Hobbies, Secure Payments
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds delves into the FCCs net neutrality vote, reveals secret nerdy hobbies of the stars, and checks the state of secure payment systems.
By Andrew Conry Murray Director of Content & Community, Interop, 2/27/2015
Comment2 comments  |  Read  |  Post a Comment
How To Reduce Spam & Phishing With DMARC
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.
By Daniel Ingevaldson CTO, Easy Solutions, 2/26/2015
Comment7 comments  |  Read  |  Post a Comment
7 Things You Should Know About Secure Payment Technology
Sara Peters, Senior Editor at Dark Reading
Despite the existence of EMV and Apple Pay, we're a long way from true payment security, especially in the US.
By Sara Peters Senior Editor at Dark Reading, 2/24/2015
Comment14 comments  |  Read  |  Post a Comment
Video: Zombie Cookies, IT Budgets & Twitter Hacks
Andrew Conry Murray, Director of Content & Community, InteropCommentary
This Week In 60 Seconds looks at zombie cookies, your 2015 IT budget, the rise of open source storage, and more.
By Andrew Conry Murray Director of Content & Community, Interop, 1/16/2015
Comment0 comments  |  Read  |  Post a Comment
US CENTCOM Twitter Hijack 'Purely' Vandalism
Sara Peters, Senior Editor at Dark ReadingNews
Though not a real data breach, nor attributable to ISIS, the incident serves as a reminder to security professionals about the risks of sharing account credentials.
By Sara Peters Senior Editor at Dark Reading, 1/13/2015
Comment4 comments  |  Read  |  Post a Comment
'Skeleton Key' Malware Bypasses Active Directory
Sara Peters, Senior Editor at Dark ReadingNews
Malware lets an attacker log in as any user, without needing to know or change the user's password, and doesn't raise any IDS alarms.
By Sara Peters Senior Editor at Dark Reading, 1/12/2015
Comment0 comments  |  Read  |  Post a Comment
A 2014 Lookback: Predictions vs. Reality
TK Keanini, CTO, LancopeCommentary
It was a tumultuous year for cyber security, but it drove the adoption of incident response plans and two-factor authentication.
By TK Keanini CTO, Lancope, 12/29/2014
Comment5 comments  |  Read  |  Post a Comment
How PCI DSS 3.0 Can Help Stop Data Breaches
Troy Leach and Christopher Strand, Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9Commentary
New Payment Card Industry security standards that took effect January 1 aim to replace checkmark mindsets with business as usual processes. Here are three examples.
By Troy Leach and Christopher Strand Chief Technology Officer, PCI Security Standards Council & Senior Director of Compliance, Bit9, 12/23/2014
Comment9 comments  |  Read  |  Post a Comment
Universal Multi-Factor Authentication Steps Closer To The Mainstream
Sara Peters, Senior Editor at Dark ReadingNews
The FIDO Alliance today finalized two universal authentication standards and one of its founding members, Nok Nok Labs, closed on $8.5 million of financing.
By Sara Peters Senior Editor at Dark Reading, 12/9/2014
Comment0 comments  |  Read  |  Post a Comment
Poll: The Perimeter Has Shattered!
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
The traditional corporate network perimeter is not dead, but its amorphous shape is something new and indescribable.
By Marilyn Cohodas Community Editor, Dark Reading, 12/8/2014
Comment9 comments  |  Read  |  Post a Comment
Moving Beyond 2-Factor Authentication With Context
Keith Graham, CTO, SecureAuthCommentary
2FA isnt cheap or infallible -- in more ways than two.
By Keith Graham CTO, SecureAuth, 12/5/2014
Comment11 comments  |  Read  |  Post a Comment
Ultra-Private Messaging Spreads To Apple Mac, Windows, Linux Desktops
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Wickr's secure mobile messaging app expands to the desktop amid explosion in encryption activity.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/4/2014
Comment0 comments  |  Read  |  Post a Comment
New TLS/SSL Version Ready In 2015
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
One of the first steps in making encryption the norm across the Net is an update to the protocol itself and a set of best-practices for using encryption in applications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/4/2014
Comment2 comments  |  Read  |  Post a Comment
Endpoint Security Makes Quantum Shift
Michael A. Davis, Contributing EditorNews
We can't stop every attack, so we need a new mantra: Detect and respond. Here are the essential tools, skills, and processes.
By Michael A. Davis Contributing Editor, 12/3/2014
Comment2 comments  |  Read  |  Post a Comment
Leveraging The Kill Chain For Awesome
Sean Mason, VP, Incident Response, Resolution1 SecurityCommentary
There are good reasons the Kill Chain is being used by some of the most successful information security teams around. Here are three.
By Sean Mason VP, Incident Response, Resolution1 Security, 12/2/2014
Comment1 Comment  |  Read  |  Post a Comment
Q&A: Internet Encryption As The New Normal
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Internet Architecture Board chairman Russ Housley explains what the IAB's game-changing statement about encryption means for the future of the Net.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 12/1/2014
Comment6 comments  |  Read  |  Post a Comment
The Week When Attackers Started Winning The War On Trust
Kevin Bocek, VP Security Strategy & Threat Intelligence, VenafiCommentary
The misuse of keys and certificates is not exotic or hypothetical. Its a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
By Kevin Bocek VP Security Strategy & Threat Intelligence, Venafi, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9688
Published: 2015-03-05
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.

CVE-2015-2214
Published: 2015-03-05
NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php.

CVE-2015-2215
Published: 2015-03-05
Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters.

CVE-2015-2216
Published: 2015-03-05
SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter.

CVE-2015-2218
Published: 2015-03-05
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a w...

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industrys professional organizations about how security pros can get more involved with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.