Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Authentication
Page 1 / 2   >   >>
Weathering the Privacy Storm from GDPR to CCPA & PDPA
Commentary  |  1/23/2020  | 
A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
Commentary  |  1/22/2020  | 
They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.
ADP Users Hit with Phishing Scam Ahead of Tax Season
Quick Hits  |  1/17/2020  | 
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
Active Directory Needs an Update: Here's Why
Commentary  |  1/16/2020  | 
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.
Google Lets iPhone Users Turn Device into Security Key
News  |  1/15/2020  | 
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
Commentary  |  1/2/2020  | 
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
The Night Before 'Breachmas'
Commentary  |  12/24/2019  | 
What does identity management have to do with Charles Dickens' classic 'A Christmas Carol'? A lot more than you think.
IoT Security: How Far We've Come, How Far We Have to Go
News  |  12/24/2019  | 
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
Ambiguity Around CCPA Will Lead to a Slow Start in 2020
Commentary  |  12/20/2019  | 
But longer term, compliance to California's new privacy law represents an opportunity for companies to increase customer trust and market share.
Google Cloud External Key Manager Now in Beta
Quick Hits  |  12/19/2019  | 
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
How a Password-Free World Could Have Prevented the Biggest Breaches of 2019
Commentary  |  12/19/2019  | 
If history has taught us anything, it's that hackers can (and will) compromise passwords. Innovation in authentication technology is poised to change that in the coming year.
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Commentary  |  12/18/2019  | 
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
'Password' Falls in the Ranks of Favorite Bad Passwords
News  |  12/18/2019  | 
Facebook, Google named worst password breach offenders.
7 Tips to Keep Your Family Safe Online Over the Holidays
Slideshows  |  12/17/2019  | 
Security experts offer key cyber advice for family members.
Google Chrome Now Automatically Alerts Users on Compromised Passwords
Quick Hits  |  12/11/2019  | 
A series of security enhancements seek to protect users from phishing and warn them when credentials have been compromised.
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Quick Hits  |  12/5/2019  | 
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
(Literally) Put a Ring on It: Protecting Biometric Fingerprints
Quick Hits  |  12/4/2019  | 
Kaspersky creates a prototype ring you can wear on your finger for authentication.
Navigating Security in the Cloud
Commentary  |  12/4/2019  | 
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
Time to Warn Users About Black Friday & Cyber Monday Scams
Commentary  |  11/25/2019  | 
Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.
Why Multifactor Authentication Is Now a Hacker Target
Commentary  |  11/20/2019  | 
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Commentary  |  11/19/2019  | 
A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.
A Security Strategy That Centers on Humans, Not Bugs
Commentary  |  11/19/2019  | 
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
Windows Hello for Business Opens Door to New Attack Vectors
News  |  11/18/2019  | 
Researchers exploring Windows Hello for Business found an Active Directory backdoor and other attack vectors that could lead to privilege escalation.
The Myths of Multifactor Authentication
Commentary  |  11/12/2019  | 
Organizations without MFA are wide open to attack when employees fall for phishing scams or share passwords. What's holding them back?
Report: 2020 Presidential Campaigns Still Vulnerable to Web Attacks
Commentary  |  10/23/2019  | 
Nine out of 12 Democratic candidates have yet to enable DNSSEC, a simple set of extensions that stops most targeted domain-based attacks.
8 Tips for More Secure Mobile Computing
Slideshows  |  10/23/2019  | 
Mobile devices are a huge part of enterprise IT. Here's what to advise their users to do to keep their devices and critical business data best protected.
A Realistic Threat Model for the Masses
Commentary  |  10/9/2019  | 
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
The Future of Account Security: A World Without Passwords?
Commentary  |  9/25/2019  | 
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
The Fight Against Synthetic Identity Fraud
Commentary  |  9/12/2019  | 
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
@jack Got Hacked: Twitter CEO's Tweets Hijacked
Quick Hits  |  8/30/2019  | 
Twitter CEO Jack Dorsey's Twitter account was, apparently, hijacked for roughly 20 minutes and used for a racist rant.
6 Ways Airlines and Hotels Can Keep Their Networks Secure
Slideshows  |  8/27/2019  | 
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
5 Identity Challenges Facing Todays IT Teams
Commentary  |  8/22/2019  | 
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
BioStar 2 Leak Exposes 23GB Data, 1M Fingerprints
Quick Hits  |  8/14/2019  | 
Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users.
2019 Pwnie Award Winners (And Those Who Wish They Weren't)
Slideshows  |  8/13/2019  | 
This year's round-up includes awards into two new categories: most under-hyped research and epic achievement.
More Focus on Security as Payment Technologies Proliferate
News  |  8/12/2019  | 
Banks and merchants are expanding their payment offerings but continue to be wary of the potential fraud risk.
State Farm Reports Credential-Stuffing Attack
Quick Hits  |  8/9/2019  | 
The insurer has informed customers a third party used a list of user IDs and passwords to attempt access into online accounts.
It's (Still) the Password, Stupid!
Commentary  |  8/9/2019  | 
The best way to protect your identity in cyberspace is the simplest: Use a variety of strong passwords, and never, ever, use "123456" no matter how easy it is to type.
Researchers Show Vulnerabilities in Facial Recognition
News  |  8/7/2019  | 
The algorithms that check for a user's 'liveness' have blind spots that can lead to vulnerabilities.
Mimecast Rejected Over 67 Billion Emails. Here's What It Learned
News  |  8/6/2019  | 
New research warns that security pros must guard against updates to older malware and more manipulative social-engineering techniques.
Demystifying New FIDO Standards & Innovations
Commentary  |  8/1/2019  | 
Staying on top of the latest cybersecurity risks and preferred attack methods can feel impossible, but standards like FIDO2 are designed to help relieve the burden.
Google Cloud Debuts New Security Capabilities
Quick Hits  |  7/31/2019  | 
Updates include Advanced Protection Program for the enterprise and general availability of password vaulted apps in Cloud Identity and G Suite.
More Companies Don't Rely on Passwords Alone Anymore
News  |  7/31/2019  | 
New research shows how enterprises are adding additional layers of authentication.
8 Free Tools to Be Showcased at Black Hat and DEF CON
Slideshows  |  7/31/2019  | 
Expect a full slate of enterprise-class open source tools to take the spotlight when security researchers share their bounties with the community at large.
Transforming 'Tangible Security' into a Competitive Advantage
Commentary  |  7/30/2019  | 
Today's consumers want to see and touch security. Meeting this demand will be a win-win for everyone, from users to vendors to security teams.
A Password Management Report Card
Commentary  |  7/17/2019  | 
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.
Security Snapshot: OS, Authentication, Browser & Cloud Trends
News  |  7/16/2019  | 
New research shows cloud apps are climbing, SMS authentication is falling, Chrome is the enterprise browser favorite, and Android leads outdated devices.
Symantec Builds Out Cloud Portfolio to Enforce 'Zero Trust'
Quick Hits  |  7/16/2019  | 
New additions to its Integrated Cyber Defense Platform aim to give businesses greater control over access to cloud resources and applications.
Competing Priorities Mean Security Risks for Small Businesses
Quick Hits  |  7/12/2019  | 
Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks.
Organizations Are Adapting Authentication for Cloud Applications
News  |  7/9/2019  | 
Companies see the changing demands of cloud identity management but are mixed in their responses to those demands.
Intelligent Authentication Market Grows to Meet Demand
News  |  7/5/2019  | 
Confidence in user identity is critical to prevent fraud and theft, and companies are looking for new ways to get the necessary assurance.
Page 1 / 2   >   >>


7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...