News & Commentary
Latest Content tagged with Authentication
|
Uber Paid Hackers $100K to Conceal 2016 Data Breach
The ride-sharing company has confirmed an October 2016 data breach that compromised 57 million accounts.
Who Am I? Best Practices for Next-Gen Authentication
By their very nature, antiquated, static identifiers like Social Security numbers and dates of birth are worse than passwords.
Inhospitable: Hospitality & Dining’s Worst Breaches in 2017
Hotels and restaurants are in the criminal crosshairs this year.
How Law Firms Can Make Information Security a Higher Priority
Lawyers always have been responsible for protecting their clients' information, but that was a lot easier to do when everything was on paper. Here are four best practices to follow.
Hiring Outside the Box in Cybersecurity
Candidates without years of experience can still be great hires, as long as they are ready, willing, and able.
How I Infiltrated a Fortune 500 Company with Social Engineering
Getting into the company proved surprisingly easy during a contest. Find out how to make your company better prepared for real-world attacks.
10 Mistakes End Users Make That Drive Security Managers Crazy
Here's a list of common, inadvertent missteps end users make that can expose company data.
Why Data Breach Stats Get It Wrong
It's not the size of the stolen data dump that is important. It's the window between the date of the breach and the date of discovery that represents the biggest threat.
Advanced Analytics + Frictionless Security: What CISOS Need to Know
Advances in analytics technologies promise to make identity management smarter and more transparent to users. But the process is neither straightforward nor easy.
What's Next after the SEC 'Insider Trading' Breach?
Last month's hack of the Securities and Exchange Commission may prove to be the most high-profile corporate gatekeeper attack to date. But it definitely won't be the last.
Game Change: Meet the Mach37 Fall Startups
CEOs describe how they think their fledgling ventures will revolutionize user training, privacy, identity management and embedded system security.
Banks Start Broad Use of Blockchain, as JP Morgan, IBM Lead Way
Two major players announced cross-border payment networks built on blockchain technologies Monday, and more financial services will follow soon, despite opinions about Bitcoin.
Google Bolsters Security for Select Groups
Business leaders, political campaign teams, journalists, and other high-risk groups will receive advanced email and account protection.
How Systematic Lying Can Improve Your Security
No, you don't have to tell websites your mother's actual maiden name.
SecureAuth to Merge with Core Security
K1 Investment Management, which owns Core Security, plans to acquire the identity management and authentication company for more than $200 million.
How Apple's New Facial Recognition Technology Will Change Enterprise Security
Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.
Workplace IoT Puts Companies on Notice for Smarter Security
Blacklisting every "thing" in sight and banning connections to the corporate network may sound tempting, but it's not a realistic strategy.
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.
Risky Business: Why Enterprises Can’t Abdicate Cloud Security
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
The Lazy Habits of Phishing Attackers
Most hackers who phish accounts do little to hide their tracks or even mine all of the data they can from phished accounts, mostly because they can afford to be lazy.
4 Steps to Securing Citizen-Developed Apps
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
AWS S3 Breaches: What to Do & Why
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
The High Costs of GDPR Compliance
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
Avoiding the Dark Side of AI-Driven Security Awareness
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
WannaCry Blame Game: Why Delayed Patching is Not the Problem
While post mortems about patching, updating, and backups have some value, the best preventative security controls are increased understanding and knowledge.
WannaCry? You’re Not Alone: The 5 Stages of Security Grief
As breach after breach hits the news, security professionals cope with the classic experiences of denial, anger, bargaining, depression, and acceptance.
Climbing the Security Maturity Ladder in Cloud
These five steps will insure that you achieve the broadest coverage for onboarding your most sensitive workloads.
Why Compromised Identities Are IT’s Fault
The eternal battle between IT and security is the source of the problem.
DNS Is Still the Achilles’ Heel of the Internet
Domain Name Services is too important to do without, so we better make sure it’s reliable and incorruptible
The Case for Disclosing Insider Breaches
Too often organizations try to sweep intentional, accidental or negligent employee theft of data under the rug. Here’s why they shouldn’t.
Deconstructing the 2016 Yahoo Security Breach
One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.
The Fundamental Flaw in TCP/IP: Connecting Everything
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
Your Grandma Could Be the Next Ransomware Millionaire
Today's as-a-service technology has democratized ransomware, offering practically anyone with a computer and an Internet connection an easy way to get in on the game.
SSA Plans Stronger Website Authentication
Starting in June 2017, the US Social Security Administration will require a more secure login process for SSA.gov.
Shining a Light on Security’s Grey Areas: Process, People, Technology
The changing distributed and mobile business landscape brings with it new security and privacy risks. Here’s how to meet the challenge.
Backdoors: When Good Intentions Go Bad
Requiring encrypted applications to provide backdoors for law enforcement will weaken security for everyone.
Google Docs Phishing Scam a Game Changer
Experts expect copycats that take advantage of passive authentication from third-party applications using standards such as OAuth.
Why OAuth Phishing Poses A New Threat to Users
Credential phishing lets attackers gain back-end access to email accounts, and yesterday's Google Docs scam raises the risk to a new level.
Striving For Improvement on World Password Day
Consumer hygiene and poor authentication practices create toxic combo.
Kill Chain & the Internet of Things
IoT “things” such as security cameras, smart thermostats and wearables are particularly easy targets for kill chain intruders, but a layered approach to security can help thwart an attack.
Google Won't Trust Symantec and Neither Should You
As bad as this controversy is for Symantec, the real damage will befall the company and individual web sites deemed untrustworthy by a Chrome browser on the basis of a rejected Symantec certificate.
‘Intrusion Suppression:' Transforming Castles into Prisons
How building cybersecurity structures that decrease adversaries’ dwell time can reduce the damage from a cyberattack.
6 New Security Startups Named to MACH37 Spring Cohort
The companies selected this year include technical talent that draws from Silicon Valley to Hungary and Western Europe.
Health Savings Account Fraud: The Rapidly Growing Threat
As income tax season comes to a close, financially-motivated cybercriminals are honing new tactics for monetizing medical PII.
OSX.Dok: New & Sophisticated Mac Malware Strikes
Phishing-deployed malware can capture account credentials for any website users log into.
FAFSA Tool Taken Offline After Breach Report
Personal data of 100,000 taxpayers compromised after IRS’ students financial aid tool hacked.
Tax Deadline Leads to Heightened Phishing Email Activities
IRS warns tax professionals to watch out for phishing email scams attempting to steal user credentials.
The Business of Security: How your Organization Is Changing beneath You
And why it’s your job to change with it and ‘skate where the puck is headed.’
Privacy Babel: Making Sense of Global Privacy Regulations
Countries around the world are making their own privacy laws. How can a global company possibly keep up?
|
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
![[Strategic Security Report] Navigating the Threat Intelligence Maze](https://dsimg.ubm-us.net/asset/393933/543593/DR_ThreatConnect_Report.png)
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-11354
PUBLISHED: 2018-05-22
PUBLISHED: 2018-05-22
PUBLISHED: 2018-05-22
PUBLISHED: 2018-05-22
PUBLISHED: 2018-05-22
From DHS/US-CERT's National Vulnerability Database CVE-2018-11354
PUBLISHED: 2018-05-22
In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.
CVE-2018-11355PUBLISHED: 2018-05-22
In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.
CVE-2018-11356PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in an SRV record.
CVE-2018-11357PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.
CVE-2018-11358PUBLISHED: 2018-05-22
In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet prevented certain cleanup.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This