Operations // Identity & Access Management
News & Commentary
The Week When Attackers Started Winning The War On Trust
Kevin Bocek, VP Security Strategy & Threat Intelligence, VenafiCommentary
The misuse of keys and certificates is not exotic or hypothetical. Itís a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
By Kevin Bocek VP Security Strategy & Threat Intelligence, Venafi, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
New Citadel Attack Targets Password Managers
Jai Vijayan, Freelance writerNews
IBM researchers have found signs that the prolific data steal Trojan is now being used to attack widely used password managers.
By Jai Vijayan Freelance writer, 11/20/2014
Comment3 comments  |  Read  |  Post a Comment
Killing Passwords: Donít Get A-Twitter Over ĎDigitsí
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitterís new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
The Enemy Who Is Us: DoD Puts Contractors On Notice For Insider Threats
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
New rule requires US government contractors to gather and report information on insider threat activity on classified networks.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
Stop Trusting Signed Malware: 3 Steps
Paul Drapeau, Principal Security Researcher, ConferCommentary
Cybercriminals who manipulate valid signatures and certificates to get malware into an organization is a more common tactic than you think.
By Paul Drapeau Principal Security Researcher, Confer, 11/7/2014
Comment0 comments  |  Read  |  Post a Comment
iOS 8 Vs. Android: How Secure Is Your Data?
Adam Ely, COO, BlueboxCommentary
With iOS 8, the lines between iOS and Android are blurring. No longer is iOS the heavily fortified environment and Android the wide-open one.
By Adam Ely COO, Bluebox, 11/5/2014
Comment4 comments  |  Read  |  Post a Comment
Welcome To My Cyber Security Nightmare
TK Keanini, CTO, LancopeCommentary
Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night.
By TK Keanini CTO, Lancope, 10/30/2014
Comment5 comments  |  Read  |  Post a Comment
Insider Threats: Breaching The Human Barrier
Christopher Hadnagy, Founder & CEO, Social-Engineer, Inc.Commentary
A company can spend all the money it has on technical solutions to protect the perimeter and still not prevent the attack that comes from within.
By Christopher Hadnagy Founder & CEO, Social-Engineer, Inc., 10/20/2014
Comment5 comments  |  Read  |  Post a Comment
Stolen Medical Data Is Now A Hot Commodity
Lysa Myers, Security Researcher, ESETCommentary
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Hereís why.
By Lysa Myers Security Researcher, ESET, 10/14/2014
Comment5 comments  |  Read  |  Post a Comment
2 Tech Challenges Preventing Online Voting In US
Sara Peters, Senior Editor at Dark ReadingNews
A new report explains that online voting in the US is a matter of "if, not when," but problems of anonymity and verifiability must be solved first.
By Sara Peters Senior Editor at Dark Reading, 10/9/2014
Comment7 comments  |  Read  |  Post a Comment
How Retail Can Win Back Consumer Trust
Dan Ross, CEO & President, PromisecCommentary
Customer loyalty to their favorite brands is all about trust, which today has everything to do with security and privacy.
By Dan Ross CEO & President, Promisec, 10/9/2014
Comment1 Comment  |  Read  |  Post a Comment
Good Job, Facebook: The Intersection Of Privacy, Identity & Security
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Birth names and legal names arenít always the names people are best known by, concedes Facebook in the wake of a real-name policy usage flap.
By Dave Kearns Analyst, Kuppinger-Cole, 10/8/2014
Comment4 comments  |  Read  |  Post a Comment
5 New Truths To Teach Your CIO About Identity
Patrick Harding, Commentary
When CIOs talk security they often use words like "firewall" and "antivirus." Hereís why todayís technology landscape needs a different vocabulary.
By Patrick Harding , 10/1/2014
Comment0 comments  |  Read  |  Post a Comment
Hacking Hackers: Taking Matters Into Private Hands
Becca Lipman, Senior EditorNews
Private groups are fighting back against foreign sources of malware and credit fraud. But methodologies put these digital crusaders and their employers at serious legal risk.
By Becca Lipman Senior Editor, 9/23/2014
Comment0 comments  |  Read  |  Post a Comment
7 Reasons To Love Passwords
Sara Peters, Senior Editor at Dark Reading
Passwords are often ridiculed, but there are some reasons they should be your nearest and dearest authentication factor.
By Sara Peters Senior Editor at Dark Reading, 9/17/2014
Comment12 comments  |  Read  |  Post a Comment
In Defense Of Passwords
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Long live the password (as long as you use it correctly along with something else).
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 9/16/2014
Comment12 comments  |  Read  |  Post a Comment
5 Myths: Why We Are All Data Security Risks
Lance Cottrell, Chief Scientist, NtrepidCommentary
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
By Lance Cottrell Chief Scientist, Ntrepid, 9/15/2014
Comment13 comments  |  Read  |  Post a Comment
Why Email Is Worth Saving
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is.
By Daniel Ingevaldson CTO, Easy Solutions, 9/12/2014
Comment16 comments  |  Read  |  Post a Comment
Google: No Breach In Latest Online Dump Of Credentials
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
The online leak of some 5 million username and password combinations consisted of mostly stale or older credentials that don't actually work, Google says.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/11/2014
Comment3 comments  |  Read  |  Post a Comment
Celeb Hack: Is Apple Telling All It Knows?
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Did Apple have a system-wide data breach? No. Was it complicit through an appalling security lapse by not defending against brute force attacks? Youíre darn tootin'!
By Dave Kearns Analyst, Kuppinger-Cole, 9/3/2014
Comment14 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7178
Published: 2014-11-28
Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function.

CVE-2014-7850
Published: 2014-11-28
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.

CVE-2014-8423
Published: 2014-11-28
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.

CVE-2014-8424
Published: 2014-11-28
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.

CVE-2014-8425
Published: 2014-11-28
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?