Operations //

Identity & Access Management

News & Commentary
Risky Business: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 10/19/2018
Comment1 Comment  |  Read  |  Post a Comment
4 Ways to Fight the Email Security Threat
Asaf Cidon, Vice President, Content Security Services, at Barracuda NetworksCommentary
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
By Asaf Cidon Vice President, Content Security Services, at Barracuda Networks, 10/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Google Adds New Identity, Security Tools to Cloud Platform
Kelly Sheridan, Staff Editor, Dark ReadingNews
A wave of cloud news includes new tools for identity and access management and policies for stronger controls on cloud resources.
By Kelly Sheridan Staff Editor, Dark Reading, 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
Lessons Learned from the Facebook Breach: Why Logic Errors Are So Hard to Catch
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
By ensuring that each layer of protection scours an application for unintended uses, you can find the flaws before the bad guys do.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 10/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Richard Ford, Chief Scientist, ForcepointCommentary
Technology such as Apple's device trust score that decides "you" is not you is a good thing. But only if it works well.
By Richard Ford Chief Scientist, Forcepoint, 10/5/2018
Comment0 comments  |  Read  |  Post a Comment
How Data Security Improves When You Engage Employees in the Process
Robert E. Crossler, Assistant Professor of Information Systems, Washington State UniversityCommentary
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
By Robert E. Crossler Assistant Professor of Information Systems, Washington State University, 9/28/2018
Comment6 comments  |  Read  |  Post a Comment
The Cloud Security Conundrum: Assets vs. Infrastructure
Andrew Williams, Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, CoalfireCommentary
The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?
By Andrew Williams Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, Coalfire, 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
6 Security Training Hacks to Increase Cyber IQ Org-Wide
Ericka Chickowski, Contributing Writer, Dark Reading
Move beyond generic, annual security awareness training with these important tips.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin SystemsCommentary
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
By Mukul Kumar & Anupam Sahai CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018
Comment6 comments  |  Read  |  Post a Comment
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, YubicoCommentary
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
By John Fontana Standards & Identity Analyst, Yubico, 9/19/2018
Comment5 comments  |  Read  |  Post a Comment
The Top 5 Security Threats & Mitigations for Industrial Networks
Barak Perelman, CEO, IndegyCommentary
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
By Barak Perelman CEO, Indegy, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
New Study Details Business Benefits of Biometrics
Dark Reading Staff, Quick Hits
Biometric authentication can be good for security and for business, according to a new study from Goode Intelligence
By Dark Reading Staff , 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Machine Identities Need Protection, Too
Dark Reading Staff, Quick Hits
A new study shows that device identities need a level of protection that they're not getting from most organizations.
By Dark Reading Staff , 8/31/2018
Comment0 comments  |  Read  |  Post a Comment
4 Benefits of a World with Less Privacy
Reg Harnish, CEO, GreyCastle SecurityCommentary
The privacy issue is a problem for a lot of people. I see it differently.
By Reg Harnish CEO, GreyCastle Security, 8/30/2018
Comment5 comments  |  Read  |  Post a Comment
How One Companys Cybersecurity Problem Becomes Another's Fraud Problem
Curtis Jordan, Lead Security Engineer, TruSTARCommentary
The solution: When security teams see something in cyberspace, they need to say something.
By Curtis Jordan Lead Security Engineer, TruSTAR, 8/29/2018
Comment8 comments  |  Read  |  Post a Comment
A False Sense of Security
Steve Durbin, Managing Director of the Information Security ForumCommentary
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
By Steve Durbin Managing Director of the Information Security Forum, 8/24/2018
Comment1 Comment  |  Read  |  Post a Comment
The Votes Are In: Election Security Matters
Todd Weller, Chief Strategy Officer at Bandura CyberCommentary
Three ways to make sure that Election Day tallies are true.
By Todd Weller Chief Strategy Officer at Bandura Cyber, 8/22/2018
Comment1 Comment  |  Read  |  Post a Comment
How to Gauge the Effectiveness of Security Awareness Programs
Ira Winkler, CISSP, President, Secure MentemCommentary
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
By Ira Winkler CISSP, President, Secure Mentem, 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
Make a Wish: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 8/18/2018
Comment0 comments  |  Read  |  Post a Comment
The 5 Challenges of Detecting Fileless Malware Attacks
Travis Rosiek, Chief Technology and Strategy Officer, BluVector Commentary
Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.
By Travis Rosiek Chief Technology and Strategy Officer, BluVector , 8/17/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by Williamastro
Current Conversations Nice
In reply to: Thanks for sharing
Post Your Own Reply
More Conversations
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.