Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Authentication
Page 1 / 2   >   >>
Credential-Stuffing Attacks Plague Loyalty Programs
News  |  10/22/2020  | 
But that's not the only type of web attack cybercriminals have been profiting from.
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Commentary  |  10/21/2020  | 
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
Businesses Rethink Endpoint Security for 2021
News  |  10/20/2020  | 
The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?
Building the Human Firewall
Commentary  |  10/20/2020  | 
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
Online Voting Is Coming, but How Secure Will It Be?
Commentary  |  10/13/2020  | 
It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.
Why MSPs Are Hacker Targets, and What To Do About It
Commentary  |  10/9/2020  | 
Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.
'Father of Identity Theft' Sentenced to 207 Months
Quick Hits  |  10/2/2020  | 
James Jackson was convicted of mail fraud, aggravated identity theft, access device fraud, and theft of mail last year.
MFA-Minded Attackers Continue to Figure Out Workarounds
News  |  9/28/2020  | 
While MFA can improve overall security posture, it's not a "silver bullet" -- and hacks continue.
Research Finds Nearly 800,000 Access Keys Exposed Online
Quick Hits  |  9/15/2020  | 
The keys were primarily for access to databases and cloud services.
Zoom Brings Two-Factor Authentication to All Users
Quick Hits  |  9/10/2020  | 
This marks the latest step Zoom has taken to improve user security as more employees work from home.
7 Cybersecurity Priorities for Government Agencies & Political Campaigns
Commentary  |  9/9/2020  | 
As election season ramps up, organizations engaged in the process must strengthen security to prevent chaos and disorder from carrying the day. Here's how.
Top 5 Identity-Centric Security Imperatives for Newly Minted Remote Workers
Commentary  |  9/9/2020  | 
In the wake of COVID-19, today's remote workforce is here to stay, at least for the foreseeable future. And with it, an increase in identity-related security incidents.
Don't Forget Cybersecurity on Your Back-to-School List
Commentary  |  9/2/2020  | 
School systems don't seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.
Deep Fake: Setting the Stage for Next-Gen Social Engineering
Commentary  |  8/26/2020  | 
Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.
Twitter Hack: The Spotlight that Insider Threats Need
Commentary  |  8/20/2020  | 
The high profile attack should spur serious board-level conversations around the importance of insider threat prevention.
Office 365's Vast Attack Surface & All the Ways You Don't Know You're Being Exploited Through It
News  |  8/6/2020  | 
Mandiant incident response managers Josh Madeley and Doug Bienstock describe how thoroughly Microsoft 365 (formerly known as Office 365) extends into corporate networks, describe both sophisticated and simple attacks theyve detected, and suggest mitigations as businesses rely more heavily on the cloud.
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Commentary  |  7/27/2020  | 
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
Back to Basics with Cloud Permissions Management
Commentary  |  6/23/2020  | 
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
3 Things Wilderness Survival Can Teach Us About Email Security
Commentary  |  6/17/2020  | 
It's a short hop from shows like 'Naked and Afraid' and 'Alone' to your email server and how you secure it
The Telehealth Attack Surface
Commentary  |  6/10/2020  | 
Amid the surge in digital healthcare stemming from the coronavirus pandemic, security is taking a backseat to usability.
CSO's Guide to 'Employee-First' Security Operations During COVID-19 & Beyond
Commentary  |  6/9/2020  | 
As the work-at-home environment continues to inform new ways of doing business, it's important that security teams remain flexible and ready for change.
What Government Contractors Need to Know About NIST, DFARS Password Reqs
Commentary  |  6/3/2020  | 
Organizations that fail to comply with these rules can get hit with backbreaking fines and class-action lawsuits.
Americans Care About Security But Don't Follow Through
Quick Hits  |  5/26/2020  | 
Most Americans say they're very concerned about online security but still behave in insecure ways, according to a new survey.
Identit Comes Out of Stealth
Quick Hits  |  5/14/2020  | 
Startup emerges with three-factor, no-password authentication.
Microsoft Identity VP Shares How and Why to Ditch Passwords
News  |  5/7/2020  | 
Passwords are on their way out, says Joy Chik, who offers guidance for businesses hoping to shift away from them.
Zoom Acquires Keybase, Plans for End-to-End Encrypted Chats
Quick Hits  |  5/7/2020  | 
The company's first acquisition to date is part of a 90-day plan to improve security in its video communications platform.
Pandemic Could Accelerate Passwordless Authentication
News  |  5/7/2020  | 
As we celebrate another World Password Day, security pros are hopeful that when we move out of the stay-at-home period, companies will continue to focus on digital technologies and ditching passwords.
Breach Hits GoDaddy SSH Customers
Quick Hits  |  5/5/2020  | 
The October 2019 breach left some customer data open to hacking eyes.
Best Practices for Managing a Remote SOC
News  |  5/1/2020  | 
Experts share what it takes to get your security analysts effectively countering threats from their home offices.
Industrial Networks' Newest Threat: Remote Users
Commentary  |  5/1/2020  | 
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.
The Rise of Deepfakes and What That Means for Identity Fraud
Commentary  |  4/30/2020  | 
Convincing deepfakes are a real concern, but there are ways of fighting back.
7 Secure Remote Access Services for Today's Enterprise Needs
Slideshows  |  4/29/2020  | 
Secure remote access is a "must" for enterprise computing today, and there are options for you to explore in the dynamic current environment.
Increased Credential Threats in the Age of Uncertainty
Commentary  |  4/28/2020  | 
Three things your company should do to protect credentials during the coronavirus pandemic.
Terahash Buys L0phtCrack in Password Merger
Quick Hits  |  4/21/2020  | 
The acquisition brings password cracking and password auditing capabilities together in a single company.
BEC, Domain Jacking Help Criminals Disrupt Cash Transfers
Commentary  |  4/8/2020  | 
The two hacking methods occur independently but are being used in concert to steal funds that are part of online payments and transactions.
FBI Warns of BEC Dangers
Quick Hits  |  4/6/2020  | 
A new PSA warns of attacks launched against users of two popular cloud-based email systems.
Why Humans Are Phishing's Weakest Link
Commentary  |  4/6/2020  | 
And it's not just because they click when they shouldn't... they also leave a trail of clues and details that make them easy to spoof
Active Directory Attacks Hit the Mainstream
Commentary  |  4/1/2020  | 
Understanding the limitations of authentication protocols, especially as enterprises link authentication to cloud services to Active Directory, is essential for security teams in the modern federated enterprise.
Five Indicted on Romance and Lottery Fraud Charges
Quick Hits  |  3/16/2020  | 
Fraudsters allegedly targeted elderly victims, ultimately wringing more than $4 million from their bank accounts.
How Microsoft Disabled Legacy Authentication Across the Company
News  |  3/9/2020  | 
The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.
Avoiding the Perils of Electronic Communications
Commentary  |  3/3/2020  | 
Twitter, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.
Cryptographers Panel Tackles Espionage, Elections & Blockchain
News  |  2/26/2020  | 
Encryption experts gave insights into the Crypto AG revelations, delved into complexities of the "right to be forgotten," and more at RSA Conference.
7 Tips to Improve Your Employees' Mobile Security
Slideshows  |  2/24/2020  | 
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
Users Have Risky Security Habits, but Security Pros Aren't Much Better
News  |  2/19/2020  | 
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
Zero-Factor Authentication: Owning Our Data
Commentary  |  2/19/2020  | 
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Commentary  |  2/18/2020  | 
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
How Device-Aware 2FA Can Defeat Social Engineering Attacks
Commentary  |  2/3/2020  | 
While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here's why.
Weathering the Privacy Storm from GDPR to CCPA & PDPA
Commentary  |  1/23/2020  | 
A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
Commentary  |  1/22/2020  | 
They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.
ADP Users Hit with Phishing Scam Ahead of Tax Season
Quick Hits  |  1/17/2020  | 
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.