Operations // Identity & Access Management
News & Commentary
New Patent Eliminates Passwords
Commentary, Commentary
Patented technology from TextPower verifies your identity while simplifying website logins; introduces SnapID™ that replaces usernames and passwords
By Commentary , 1/28/2015
Comment0 comments  |  Read  |  Post a Comment
WiIl Millennials Be The Death Of Data Security?
Chris Rouland, Founder & CEO, BastilleCommentary
Millennials, notoriously promiscuous with data and devices, this year will become the largest generation in the workforce. Is your security team prepared?
By Chris Rouland Founder & CEO, Bastille, 1/27/2015
Comment13 comments  |  Read  |  Post a Comment
'123456' & 'Password' Are The 2 Most Common Passwords, Again
Sara Peters, Senior Editor at Dark ReadingQuick Hits
New entrants to the top 25 show that bad password creators are fans of sports, superheroes, dragons, and NSFW numeral combos.
By Sara Peters Senior Editor at Dark Reading, 1/20/2015
Comment3 comments  |  Read  |  Post a Comment
Why North Korea Hacks
Mike Walls, Managing Director Security Operations & Analysis, EdgeWaveCommentary
The motivation behind Democratic People’s Republic of Korea hacking is rooted in a mix of retribution, paranoia, and the immature behavior of an erratic leader.
By Mike Walls Managing Director Security Operations & Analysis, EdgeWave, 1/15/2015
Comment10 comments  |  Read  |  Post a Comment
US CENTCOM Twitter Hijack 'Purely' Vandalism
Sara Peters, Senior Editor at Dark ReadingNews
Though not a real data breach, nor attributable to ISIS, the incident serves as a reminder to security professionals about the risks of sharing account credentials.
By Sara Peters Senior Editor at Dark Reading, 1/13/2015
Comment4 comments  |  Read  |  Post a Comment
How NOT To Be The Next Sony: Defending Against Destructive Attacks
Sara Peters, Senior Editor at Dark ReadingNews
When an attacker wants nothing more than to bring ruin upon your business, you can't treat them like just any other criminal.
By Sara Peters Senior Editor at Dark Reading, 1/8/2015
Comment12 comments  |  Read  |  Post a Comment
Dear Cyber Criminals: We’re Not Letting Our Guard Down in 2015
Sergio Galindo, GM, GFI SoftwareCommentary
Next year, you’ll keep exploiting vulnerabilities, and we’ll make sure our systems are patched, our antivirus is up to date, and our people are too smart to click the links you send them.
By Sergio Galindo GM, GFI Software, 12/31/2014
Comment5 comments  |  Read  |  Post a Comment
4 Infosec Resolutions For The New Year
Lysa Myers, Security Researcher, ESETCommentary
Don’t look in the crystal ball, look in the mirror to protect data and defend against threats in 2015.
By Lysa Myers Security Researcher, ESET, 12/30/2014
Comment9 comments  |  Read  |  Post a Comment
Why Digital Forensics In Incident Response Matters More Now
Craig Carpenter, President & COO, Resolution1 SecurityCommentary
By understanding what happened, when, how, and why, security teams can prevent similar breaches from occurring in the future.
By Craig Carpenter President & COO, Resolution1 Security, 12/24/2014
Comment6 comments  |  Read  |  Post a Comment
2014: The Year of Privilege Vulnerabilities
Marc Maiffret, CTO, BeyondTrustCommentary
Of the 30 critical-rated Microsoft Security Bulletins this year, 24 involved vulnerabilities where the age-old best practice of "least privilege" could limit the impact of malware and raise the bar of difficulty for attackers.
By Marc Maiffret CTO, BeyondTrust, 12/16/2014
Comment0 comments  |  Read  |  Post a Comment
Universal Multi-Factor Authentication Steps Closer To The Mainstream
Sara Peters, Senior Editor at Dark ReadingNews
The FIDO Alliance today finalized two universal authentication standards and one of its founding members, Nok Nok Labs, closed on $8.5 million of financing.
By Sara Peters Senior Editor at Dark Reading, 12/9/2014
Comment0 comments  |  Read  |  Post a Comment
Internet Of Things: 3 Holiday Gifts That Will Keep CISOs Up At Night
Chris Rouland, Founder & CEO, BastilleCommentary
If you think BYOD policies will protect your infrastructure from the January influx of mobile hotspots, fitness trackers, and Bluetooth, think again.
By Chris Rouland Founder & CEO, Bastille, 12/9/2014
Comment7 comments  |  Read  |  Post a Comment
Moving Beyond 2-Factor Authentication With ‘Context’
Keith Graham, CTO, SecureAuthCommentary
2FA isn’t cheap or infallible -- in more ways than two.
By Keith Graham CTO, SecureAuth, 12/5/2014
Comment11 comments  |  Read  |  Post a Comment
Endpoint Security Makes Quantum Shift
Michael A. Davis, Contributing EditorNews
We can't stop every attack, so we need a new mantra: Detect and respond. Here are the essential tools, skills, and processes.
By Michael A. Davis Contributing Editor, 12/3/2014
Comment2 comments  |  Read  |  Post a Comment
The Week When Attackers Started Winning The War On Trust
Kevin Bocek, VP Security Strategy & Threat Intelligence, VenafiCommentary
The misuse of keys and certificates is not exotic or hypothetical. It’s a real threat that could undermine most, if not all, critical security controls, as recent headlines strongly show.
By Kevin Bocek VP Security Strategy & Threat Intelligence, Venafi, 11/21/2014
Comment1 Comment  |  Read  |  Post a Comment
New Citadel Attack Targets Password Managers
Jai Vijayan, Freelance writerNews
IBM researchers have found signs that the prolific data steal Trojan is now being used to attack widely used password managers.
By Jai Vijayan Freelance writer, 11/20/2014
Comment4 comments  |  Read  |  Post a Comment
Killing Passwords: Don’t Get A-Twitter Over ‘Digits’
Dave Kearns, Analyst, Kuppinger-ColeCommentary
Twitter’s new service that eliminates passwords for authentication actually makes your mobile device less secure.
By Dave Kearns Analyst, Kuppinger-Cole, 11/19/2014
Comment5 comments  |  Read  |  Post a Comment
The Enemy Who Is Us: DoD Puts Contractors On Notice For Insider Threats
Adam Firestone, President & GM, Kaspersky Government Security SolutionsCommentary
New rule requires US government contractors to gather and report information on insider threat activity on classified networks.
By Adam Firestone President & GM, Kaspersky Government Security Solutions, 11/13/2014
Comment5 comments  |  Read  |  Post a Comment
Stop Trusting Signed Malware: 3 Steps
Paul Drapeau, Principal Security Researcher, ConferCommentary
Cybercriminals who manipulate valid signatures and certificates to get malware into an organization is a more common tactic than you think.
By Paul Drapeau Principal Security Researcher, Confer, 11/7/2014
Comment0 comments  |  Read  |  Post a Comment
iOS 8 Vs. Android: How Secure Is Your Data?
Adam Ely, COO, BlueboxCommentary
With iOS 8, the lines between iOS and Android are blurring. No longer is iOS the heavily fortified environment and Android the wide-open one.
By Adam Ely COO, Bluebox, 11/5/2014
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1375
Published: 2015-01-28
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

CVE-2015-1376
Published: 2015-01-28
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.

CVE-2015-1419
Published: 2015-01-28
Unspecified vulnerability in vsftp 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

CVE-2014-5211
Published: 2015-01-27
Stack-based buffer overflow in the Attachmate Reflection FTP Client before 14.1.433 allows remote FTP servers to execute arbitrary code via a large PWD response.

CVE-2014-8154
Published: 2015-01-27
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overf...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
If you’re a security professional, you’ve probably been asked many questions about the December attack on Sony. On Jan. 21 at 1pm eastern, you can join a special, one-hour Dark Reading Radio discussion devoted to the Sony hack and the issues that may arise from it.