Endpoint // Authentication
News & Commentary
In The Cyber Realm, Lets Be Knights Not Blacksmiths
Jeff Schilling, CSO, FirehostCommentary
Why the Internet of Things is our chance to finally get information security right.
By Jeff Schilling CSO, Firehost, 7/2/2015
Comment2 comments  |  Read  |  Post a Comment
Why China Wants Your Sensitive Data
Adam Meyers, VP of Intelligence, CrowdStrikeCommentary
Since May 2014, the Chinese government has been amassing a 'Facebook for human intelligence.' Here's what it's doing with the info.
By Adam Meyers VP of Intelligence, CrowdStrike, 6/24/2015
Comment17 comments  |  Read  |  Post a Comment
Password Manager LastPass Hacked
Dark Reading Staff, Quick Hits
LastPass says user account email addresses, password reminders, server per user salts, and authentication hashes compromised.
By Dark Reading Staff , 6/16/2015
Comment8 comments  |  Read  |  Post a Comment
Apple Adds 6-Digit Passcodes And A Splash Of 2FA To iOS9
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Unknown devices must be confirmed with verification codes.
By Sara Peters Senior Editor at Dark Reading, 6/11/2015
Comment0 comments  |  Read  |  Post a Comment
7 Critical Criteria for Data Encryption In The Cloud
Ron Zalkind, CTO & Co-founder, CloudLockCommentary
Encrypting the huge number of data files stored in a public cloud today is like bubble-wrapping an entire house. Better to focus on the fragile items that matter.
By Ron Zalkind CTO & Co-founder, CloudLock, 6/8/2015
Comment1 Comment  |  Read  |  Post a Comment
IRS Breach Exposes 100,000 Taxpayers' Tax Returns, Other Data
Dark Reading Staff, Quick Hits
Online 'Get Transcript' service accessed from February to mid-May.
By Dark Reading Staff , 5/26/2015
Comment6 comments  |  Read  |  Post a Comment
Google: Account Recovery Security Questions Not Very Secure
Jai Vijayan, Freelance writerNews
An analysis of millions of answers to security questions show many are predictable and easily guessable, says Google.
By Jai Vijayan Freelance writer, 5/22/2015
Comment2 comments  |  Read  |  Post a Comment
5 Signs Credentials In Your Network Are Being Compromised
Idan Tendler, CEO, FortscaleCommentary
Where should you start to keep ahead of attackers using insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios.
By Idan Tendler CEO, Fortscale, 5/20/2015
Comment1 Comment  |  Read  |  Post a Comment
Protecting The Data Lifecycle From Network To Cloud
Gerry Grealish, CMO, PerspecsysCommentary
Enterprises are pushing more sensitive and regulated data into the public cloud than ever before. But the journey carries many new risks.
By Gerry Grealish CMO, Perspecsys, 5/12/2015
Comment0 comments  |  Read  |  Post a Comment
Bringing Tokenization To Secure Payments & Beyond
Sara Peters, Senior Editor at Dark ReadingNews
HYPR aims to do for everything else what ApplePay has done for payments
By Sara Peters Senior Editor at Dark Reading, 4/28/2015
Comment5 comments  |  Read  |  Post a Comment
As Malware Surges, U.S. Remains Biggest Source of Attacks
Jai Vijayan, Freelance writerNews
The country leads others in malicious IP, URLs and phishing sites.
By Jai Vijayan Freelance writer, 4/24/2015
Comment7 comments  |  Read  |  Post a Comment
Behavioral Biometrics On The Rise At RSA Conference
Sara Peters, Senior Editor at Dark ReadingNews
Harder to spoof and easier on users, behavioral biometrics may be bigger than passwords soon.
By Sara Peters Senior Editor at Dark Reading, 4/23/2015
Comment3 comments  |  Read  |  Post a Comment
The Good & Bad Of BYOD
Michele Chubirka, Security ArchitectCommentary
BYOD has very little to do with technology and everything to do with security, organizational politics, and human psychology.
By Michele Chubirka Security Architect, 4/3/2015
Comment4 comments  |  Read  |  Post a Comment
Google Spat With Chinese Firm Highlights Digital Certificate Security Challenges
Jai Vijayan, Freelance writerNews
Chrome will no longer trust certs issued by CNNIC following recent snafu, and Mozilla Firefox will revoke certs issued by the Chinese authority before April 1.
By Jai Vijayan Freelance writer, 4/3/2015
Comment1 Comment  |  Read  |  Post a Comment
Salesforce Acquires Mobile Authentication Specialist Toopher
Nathan Eddy, Freelance WriterNews
Salesforce is looking to add to its identity and access management offering by acquiring start-up Toopher. Financial details were not disclosed.
By Nathan Eddy Freelance Writer, 4/2/2015
Comment0 comments  |  Read  |  Post a Comment
Dance Of The 'Next-Gen' CISO
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Security Pro File: Classical ballerina-turned hacker-turned CISO Justine Bone talks old-school hacking, biometric authentication, coding in stilettos, Kristin Wiig -- and finishing her kids' leftover mac and cheese.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 4/1/2015
Comment0 comments  |  Read  |  Post a Comment
British Airways The Latest Loyalty Program Breach Victim
Sara Peters, Senior Editor at Dark ReadingNews
Who needs to steal credit cards when you can get airfare and luxury items for free?
By Sara Peters Senior Editor at Dark Reading, 3/30/2015
Comment1 Comment  |  Read  |  Post a Comment
SSL/TLS Suffers 'Bar Mitzvah Attack'
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 3/26/2015
Comment3 comments  |  Read  |  Post a Comment
The Internet Of Bring-Your-Own Things
David Lindner, Global Practice Manager, Mobile Application Security Services, Aspect SecurityCommentary
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.
By David Lindner Global Practice Manager, Mobile Application Security Services, Aspect Security, 3/25/2015
Comment1 Comment  |  Read  |  Post a Comment
New Secure Online Check-Out Tech Goes For Less Friction, More Biometrics
Sara Peters, Senior Editor at Dark ReadingNews
BioCatch, Zumigo, and Alibaba release tools to help merchants avoid those pesky charge-back costs.
By Sara Peters Senior Editor at Dark Reading, 3/24/2015
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3653
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

CVE-2014-9737
Published: 2015-07-06
Open redirect vulnerability in the Language Switcher Dropdown module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a block.

CVE-2014-9738
Published: 2015-07-06
Multiple cross-site scripting (XSS) vulnerabilities in the Tournament module 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via an (1) account username, a (2) node title, or a (3) team entity title.

CVE-2014-9739
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the Node Field module 7.x-2.x before 7.x-2.45 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors involving internal fields.

CVE-2014-9740
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the Rules Link module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer rules links" permission to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in the (1) question and (2...

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report