Operations // Identity & Access Management
News & Commentary
Encryption: A Backdoor For One Is A Backdoor For All
Joe Levy, Chief Technology Officer, SophosCommentary
We need legislation that allows law enforcement to find criminals and terrorists without eroding our security and privacy.
By Joe Levy Chief Technology Officer, Sophos, 10/14/2016
Comment0 comments  |  Read  |  Post a Comment
Database Breaches: An Alarming Lack Of Preparedness
John Moynihan, President, Minuteman GovernanceCommentary
It's no secret that databases are fertile ground for malicious activities. Here's how a seven-step process for monitoring known harbingers of an imminent attack can help reduce the risk.
By John Moynihan President, Minuteman Governance, 10/10/2016
Comment3 comments  |  Read  |  Post a Comment
FBI Seeking Access To Another Locked iPhone
Dark Reading Staff, Quick Hits
Bureau 'in the process of assessing our legal and technical options' to access passcode-locked iPhone of Dahir Adan.
By Dark Reading Staff , 10/7/2016
Comment0 comments  |  Read  |  Post a Comment
NIST Study: User 'Security Fatigue' Adding to Online Risk
Terry Sweeney, Contributing EditorNews
Decision-making overload with passwords, certificates, software updates frustrates users
By Terry Sweeney Contributing Editor, 10/4/2016
Comment0 comments  |  Read  |  Post a Comment
5 Ways To Lock Down Your Login
Steve Zurier, Freelance Writer
New public awareness campaign inspired by the White House calls for users to think more carefully about stronger authentication.
By Steve Zurier Freelance Writer, 10/4/2016
Comment0 comments  |  Read  |  Post a Comment
6 Ways To Prepare For The EUs GDPR
Jai Vijayan, Freelance writerNews
In less than 20 months, all US companies doing business in the EU will face new consumer privacy requirements. Heres how to prepare for them.
By Jai Vijayan Freelance writer, 9/30/2016
Comment1 Comment  |  Read  |  Post a Comment
Hacking The Polls: Where US Voting Processes Fall Short
Jeff Schilling, Chief of Operations and Security, ArmorCommentary
The patchwork of 50 decentralized state electoral systems threatens to disrupt our national election through ransomware attacks, hijacked voter registration rolls, and altered voting results.
By Jeff Schilling Chief of Operations and Security, Armor, 9/28/2016
Comment5 comments  |  Read  |  Post a Comment
5 Best Practices For Winning the IoT Security Arms Race
Mark Benson & Brian Ericson, Exosite CTO & Software EngineerCommentary
By focusing on a pragmatic approach to security, its possible to develop IoT solutions that will reduce future risk without breaking the bank.
By Mark Benson, CTO, and Brian Ericson, , 9/27/2016
Comment0 comments  |  Read  |  Post a Comment
7 New Rules For IoT Safety & Vuln Disclosure
Lysa Myers, Security Researcher, ESETCommentary
In the Internet of Things, even the lowliest smart device can be used for a malicious purpose. Manufacturers take heed!
By Lysa Myers Security Researcher, ESET, 9/24/2016
Comment0 comments  |  Read  |  Post a Comment
Snowden: Hollywood Highlights 2 Persistent Privacy Threats
Will Ackerly, Co-Founder & CTO, VirtruCommentary
Oliver Stones movie shows us that while most of us have nothing to hide, we all have information worth protecting both technically and constitutionally.
By Will Ackerly Co-Founder & CTO, Virtru, 9/22/2016
Comment12 comments  |  Read  |  Post a Comment
Data Manipulation: An Imminent Threat
John Moynihan, President, Minuteman GovernanceCommentary
Critical industries are largely unprepared for a potential wave of destructive attacks.
By John Moynihan President, Minuteman Governance, 9/12/2016
Comment2 comments  |  Read  |  Post a Comment
Multi-Factor IT Authentication Hampers Progress, Say 47% US Companies
Dark Reading Staff, Quick Hits
IS Decisions survey finds organizations are looking for alternate to multi-factor verification, which they believe takes up time and slows productivity.
By Dark Reading Staff , 9/9/2016
Comment3 comments  |  Read  |  Post a Comment
8 Security Categories Healthcare Providers Need to Improve On
Steve Zurier, Freelance Writer
A new survey by HIMSS finds that many providers dont even cover the basics of IT security.
By Steve Zurier Freelance Writer, 9/6/2016
Comment3 comments  |  Read  |  Post a Comment
How To Bullet Proof Your PAM Accounts: 7 Tips
Steve Zurier, Freelance Writer
Recent studies demonstrate the need for companies to focus more on their privileged users.
By Steve Zurier Freelance Writer, 8/26/2016
Comment0 comments  |  Read  |  Post a Comment
Darknet: Where Your Stolen Identity Goes to Live
Itay Glick, CEO & Co-founder, VotiroCommentary
Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.
By Itay Glick CEO & Co-founder, Votiro, 8/19/2016
Comment2 comments  |  Read  |  Post a Comment
User Ed: Patching People Vs Vulns
Lysa Myers, Security Researcher, ESETCommentary
How infosec can combine and adapt security education and security defenses to the way users actually do their jobs.
By Lysa Myers Security Researcher, ESET, 8/17/2016
Comment0 comments  |  Read  |  Post a Comment
Organizations Still Give Employees More Access Than They Need
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Ponemon study shows that access to proprietary information remains on the rise.
By Ericka Chickowski Contributing Writer, Dark Reading, 8/9/2016
Comment1 Comment  |  Read  |  Post a Comment
Data Protection From The Inside Out
Dan Frank, Deloitte Advisory Principal, Cyber Risk ServicesCommentary
Organizations must make fundamental changes in the way they approach data protection.
By Dan Frank Deloitte Advisory Principal, Cyber Risk Services, 8/8/2016
Comment1 Comment  |  Read  |  Post a Comment
8 Alternatives to Selfie Authentication
Terry Sweeney, Contributing Editor
How to definitively prove your identity? A variety of anatomical parts and functions may soon be able to vouch for you.
By Terry Sweeney Contributing Editor, 8/4/2016
Comment1 Comment  |  Read  |  Post a Comment
Crypto Malware: Responding To Machine-Timescale Breaches
Simon Crosby, Co-founder & CTO, BromiumCommentary
The game has changed again with hackers ability to steal your data at record speeds and cripple your organization before the first alert.
By Simon Crosby Co-founder & CTO, Bromium, 8/1/2016
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.