Endpoint //

Authentication

News & Commentary
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360Commentary
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
By Shay Colson CISSP, Senior Manager, CyberClarity360, 11/13/2018
Comment0 comments  |  Read  |  Post a Comment
Guilty Plea Made in Massive International Cell Phone Fraud Case
Dark Reading Staff, Quick Hits
A former West Palm Beach resident is the fifth defendant to plead guilty in a case involving thousands of victims.
By Dark Reading Staff , 11/9/2018
Comment0 comments  |  Read  |  Post a Comment
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance WriterNews
Researchers say companies need to rethink their password training and take a more holistic approach to security.
By Steve Zurier Freelance Writer, 11/7/2018
Comment1 Comment  |  Read  |  Post a Comment
Where Is the Consumer Outrage about Data Breaches?
Richard Ford, Chief Scientist, ForcepointCommentary
Facebook, Equifax, Cambridge Analytica Why do breaches of incomprehensible magnitude lead to a quick recovery for the businesses that lost or abused the data and such little lasting impact for the people whose information is stolen.
By Richard Ford Chief Scientist, Forcepoint, 11/1/2018
Comment4 comments  |  Read  |  Post a Comment
FIFA Reveals Second Hack
Dark Reading Staff, Quick Hits
Successful phishing campaign leads attackers to confidential information of world soccer's governing body.
By Dark Reading Staff , 11/1/2018
Comment0 comments  |  Read  |  Post a Comment
Companies Fall Short on 2FA
Dark Reading Staff, Quick Hits
New research ranks organizations based on whether they offer two-factor authentication.
By Dark Reading Staff , 10/30/2018
Comment0 comments  |  Read  |  Post a Comment
The Case for MarDevSecOps
Jim Kaskade, CEO, JanrainCommentary
Why security must lead the integration of marketing into the collaborative security and development model in the cloud.
By Jim Kaskade CEO, Janrain, 10/30/2018
Comment11 comments  |  Read  |  Post a Comment
10 Steps for Creating Strong Customer Authentication
Marco Lafrentz, VP of ICMS and CPaaS Business Line at tyntecCommentary
Between usability goals and security/regulatory pressures, setting up customer-facing security is difficult. These steps and best practices can help.
By Marco Lafrentz VP of ICMS and CPaaS Business Line at tyntec, 10/30/2018
Comment0 comments  |  Read  |  Post a Comment
Securing Severless: Defend or Attack?
Caleb Sima, Founder, Badkode VenturesCommentary
The best way to protect your cloud infrastructure is to pay attention to the fundamentals of application security, identity access management roles, and follow configuration best-practices.
By Caleb Sima Founder, Badkode Ventures, 10/25/2018
Comment0 comments  |  Read  |  Post a Comment
Gartner Experts Highlight Tech Trends And Their Security Risks
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Security must be built into systems and applications from the beginning of the design process, they agreed.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/22/2018
Comment0 comments  |  Read  |  Post a Comment
Risky Business: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 10/19/2018
Comment2 comments  |  Read  |  Post a Comment
Window Snyder Shares Her Plans for Intel Security
Kelly Sheridan, Staff Editor, Dark ReadingNews
The security leader, known for her role in securing Microsoft, Apple, and Mozilla, discusses her new gig and what she's working on now.
By Kelly Sheridan Staff Editor, Dark Reading, 10/11/2018
Comment1 Comment  |  Read  |  Post a Comment
Not All Multifactor Authentication Is Created Equal
Alexandre Cagnoni, Director of Authentication at WatchGuard TechnologiesCommentary
Users should be aware of the strengths and weaknesses of the various MFA methods.
By Alexandre Cagnoni Director of Authentication at WatchGuard Technologies, 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Richard Ford, Chief Scientist, ForcepointCommentary
Technology such as Apple's device trust score that decides "you" is not you is a good thing. But only if it works well.
By Richard Ford Chief Scientist, Forcepoint, 10/5/2018
Comment0 comments  |  Read  |  Post a Comment
California Enacts First-in-Nation IoT Security Law
Dark Reading Staff, Quick Hits
The new law requires some form of authentication for most connected devices.
By Dark Reading Staff , 10/1/2018
Comment0 comments  |  Read  |  Post a Comment
FBI IC3 Warns of RDP Vulnerability
Dark Reading Staff, Quick Hits
Government agencies remind users that RDP can be used for malicious purposes by criminal actors.
By Dark Reading Staff , 9/28/2018
Comment0 comments  |  Read  |  Post a Comment
The Cloud Security Conundrum: Assets vs. Infrastructure
Andrew Williams, Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, CoalfireCommentary
The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?
By Andrew Williams Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, Coalfire, 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
Account Takeover Attacks Become a Phishing Fave
Dark Reading Staff, Quick Hits
More than three-quarters of ATOs resulted in a phishing email, a new report shows.
By Dark Reading Staff , 9/20/2018
Comment0 comments  |  Read  |  Post a Comment
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, YubicoCommentary
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
By John Fontana Standards & Identity Analyst, Yubico, 9/19/2018
Comment5 comments  |  Read  |  Post a Comment
The Top 5 Security Threats & Mitigations for Industrial Networks
Barak Perelman, CEO, IndegyCommentary
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
By Barak Perelman CEO, Indegy, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Microsoft President: Governments Must Cooperate on Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/8/2018
5 Reasons Why Threat Intelligence Doesn't Work
Jonathan Zhang, CEO/Founder of WhoisXML API and TIP,  11/7/2018
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance Writer,  11/7/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-2491
PUBLISHED: 2018-11-13
When opening a deep link URL in SAP Fiori Client with log level set to "Debug", the client application logs the URL to the log file. If this URL contains malicious JavaScript code it can eventually run inside the built-in log viewer of the application in case user opens the viewer and taps...
CVE-2018-2473
PUBLISHED: 2018-11-13
SAP BusinessObjects Business Intelligence Platform Server, versions 4.1 and 4.2, when using Web Intelligence Richclient 3 tiers mode gateway allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service.
CVE-2018-2476
PUBLISHED: 2018-11-13
Due to insufficient URL Validation in forums in SAP NetWeaver versions 7.30, 7.31, 7.40, an attacker can redirect users to a malicious site.
CVE-2018-2477
PUBLISHED: 2018-11-13
Knowledge Management (XMLForms) in SAP NetWeaver, versions 7.30, 7.31, 7.40 and 7.50 does not sufficiently validate an XML document accepted from an untrusted source.
CVE-2018-2478
PUBLISHED: 2018-11-13
An attacker can use specially crafted inputs to execute commands on the host of a TREX / BWA installation, SAP Basis, versions: 7.0 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40 and 7.50 to 7.53. Not all commands are possible, only those that can be executed by the <sid>adm user. The commands execut...