News & Commentary

Content tagged with Authentication posted in January 2018
Google Cloud Least-Privilege Function Goes Live
Quick Hits  |  1/31/2018  | 
Custom Roles for Cloud IAM now available in production from Google.
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Commentary  |  1/31/2018  | 
Authentication security methods are getting better all the time, but they are still not infallible.
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
News  |  1/31/2018  | 
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
6 Tips for Building a Data Privacy Culture
Slideshows  |  1/26/2018  | 
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
New Voice MFA Tool Uses Machine Learning
Quick Hits  |  1/25/2018  | 
Pindrop claims its new multi-factor authentication solution that uses the "Deep Voice" engine could save call centers up to $1 per call.
Less than 10% of Gmail Users Employ Two-Factor Authentication
Quick Hits  |  1/23/2018  | 
Google software engineer reveals lack of user adoption for stronger authentication.
One Identity Acquires Balabit
Quick Hits  |  1/17/2018  | 
Union expands One Identity's privileged access management and analytics offerings.


New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Cracking 2FA: How It's Done and How to Stay Safe
Kelly Sheridan, Staff Editor, Dark Reading,  5/17/2018
What Israel's Elite Defense Force Unit 8200 Can Teach Security about Diversity
Lital Asher-Dotan, Senior Director, Security Research and Content, Cybereason,  5/21/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Shhh!  They're watching... And you have a laptop?  
Current Issue
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10000
PUBLISHED: 2018-05-24
In MuPDF 1.12.0 and earlier, multiple use of uninitialized value bugs in the PDF parser could allow an attacker to cause a denial of service (crash) or influence program flow via a crafted file.
CVE-2018-10001
PUBLISHED: 2018-05-24
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization vulnerability in OpenFlow handshake: The DPID (DataPath IDentifier) in the features_reply message are inherently trusted by the controller. that can result in Denial of Service, Unauthorized Access, Network Instabil...
CVE-2018-10001
PUBLISHED: 2018-05-24
The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed ...
CVE-2018-10003
PUBLISHED: 2018-05-24
curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerab...
CVE-2018-10003
PUBLISHED: 2018-05-24
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been...