Operations //

Identity & Access Management

News & Commentary
3 Tips for Driving User Buy-in to Security Policies
Marc Laliberte, Information Security Threat Analyst, WatchGuard TechnologiesCommentary
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
By Marc Laliberte Information Security Threat Analyst, WatchGuard Technologies, 6/18/2018
Comment0 comments  |  Read  |  Post a Comment
Dark Reading Launches Second INsecurity Conference
Tim Wilson, Editor in Chief, Dark Reading, News
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
By Tim Wilson, Editor in Chief, Dark Reading , 6/5/2018
Comment0 comments  |  Read  |  Post a Comment
Fortinet Completes Bradford Networks Purchase
Dark Reading Staff, Quick Hits
5 Tips for Protecting SOHO Routers Against the VPNFilter Malware
Steve Zurier, Freelance Writer
Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.
By Steve Zurier Freelance Writer, 6/2/2018
Comment2 comments  |  Read  |  Post a Comment
The Good News about Cross-Domain Identity Management
Rich Chetwynd, Head of Developer Experience, OneLoginCommentary
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
By Rich Chetwynd Head of Developer Experience, OneLogin, 5/31/2018
Comment2 comments  |  Read  |  Post a Comment
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
Christy Wyatt, CEO, Dtex SystemsCommentary
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
By Christy Wyatt CEO, Dtex Systems, 5/31/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Security Investments You May Be Wasting
Kelly Sheridan, Staff Editor, Dark Reading
Not all tools and services provide the same value. Some relatively low-cost practices have a major payoff while some of the most expensive tools make little difference.
By Kelly Sheridan Staff Editor, Dark Reading, 5/31/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways Third Parties Can Trip Up Your Security
Jai Vijayan, Freelance writer
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
By Jai Vijayan Freelance writer, 5/29/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
Sara Peters, Senior Editor at Dark ReadingNews
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
By Sara Peters Senior Editor at Dark Reading, 5/25/2018
Comment12 comments  |  Read  |  Post a Comment
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
Marc French, Senior VP, Chief Trust Officer & Data Protection Officer, MimecastCommentary
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
By Marc French Senior VP, Chief Trust Officer & Data Protection Officer, Mimecast, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
6 Enterprise Password Managers That Lighten the Load for Security
Steve Zurier, Freelance Writer
EPMs offer the familiar password wallet with more substantial administrative management and multiple deployment models.
By Steve Zurier Freelance Writer, 5/3/2018
Comment2 comments  |  Read  |  Post a Comment
Spring Clean Your Security Systems: 6 Places to Start
Corey Nachreiner, Chief Technology Officer, WatchGuard TechnologiesCommentary
The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?
By Corey Nachreiner Chief Technology Officer, WatchGuard Technologies, 5/2/2018
Comment1 Comment  |  Read  |  Post a Comment
'Zero Login:' The Rise of Invisible Identity
Sarah Squire, Senior Technical Architect at Ping IdentityCommentary
Will new authentication technologies that recognize users on the basis of their behaviors finally mean the death of the despised password?
By Sarah Squire Senior Technical Architect at Ping Identity, 4/27/2018
Comment1 Comment  |  Read  |  Post a Comment
12 Trends Shaping Identity Management
Sara Peters, Senior Editor at Dark Reading
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
By Sara Peters Senior Editor at Dark Reading, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.
By Marc Wilczek Digital Strategist & CIO Advisor, 4/25/2018
Comment6 comments  |  Read  |  Post a Comment
Biometrics Are Coming & So Are Security Concerns
Michael Fauscette, Chief Research Officier at G2 CrowdCommentary
Could these advanced technologies be putting user data at risk?
By Michael Fauscette Chief Research Officier at G2 Crowd, 4/20/2018
Comment1 Comment  |  Read  |  Post a Comment
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
By Steve Zurier Freelance Writer, 4/17/2018
Comment4 comments  |  Read  |  Post a Comment
20 Ways to Increase the Efficiency of the Incident Response Workflow
Joshua Goldfarb, Co-founder & Chief Product Officer, IDRRA Commentary
Despite all the good intentions of some great security teams, we are still living in a "cut-and-paste" incident management world.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDRRA , 4/10/2018
Comment0 comments  |  Read  |  Post a Comment
Protect Yourself from Online Fraud This Tax Season
Robert Block, Senior VP of Identity Strategy at SecureAuth and Core SecurityCommentary
Use these tips to stay safe online during everyone's least-favorite time of the year.
By Robert Block Senior VP of Identity Strategy at SecureAuth and Core Security, 4/6/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by CleanShine
Current Conversations Good
In reply to: thanks
Post Your Own Reply
More Conversations
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10617
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length heap buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application t...
CVE-2018-10621
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior utilizes a fixed-length stack buffer where a value larger than the buffer can be read from a .dpa file into the buffer, causing the buffer to be overwritten. This may allow remote code execution or cause the application ...
CVE-2018-10623
PUBLISHED: 2018-06-18
Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote co...
CVE-2015-4664
PUBLISHED: 2018-06-18
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
CVE-2018-9021
PUBLISHED: 2018-06-18
An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests.