News & Commentary

Content tagged with Authentication posted in October 2014
Google Expands 2-Factor Authentication For Chrome, Gmail
Quick Hits  |  10/21/2014  | 
Google issues USB keys for Chrome users to log into Google accounts and any other websites that support FIDO universal two-factor authentication -- but it's no help to mobile users.
Berners-Lee Behind New Private Communications Network For Ultra-Privacy Conscious
Quick Hits  |  10/16/2014  | 
MeWe offers free, secure, and private communications.
Hundreds Of DropBox Logins For Sale On Pastebin
Quick Hits  |  10/14/2014  | 
Trader says he's got 7 million more where those came from, but Dropbox says the accounts were expired.
Stolen Medical Data Is Now A Hot Commodity
Commentary  |  10/14/2014  | 
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Heres why.
2 Tech Challenges Preventing Online Voting In US
News  |  10/9/2014  | 
A new report explains that online voting in the US is a matter of "if, not when," but problems of anonymity and verifiability must be solved first.
Poll: Employees Clueless About Social Engineering
Commentary  |  10/2/2014  | 
Not surprisingly, our latest poll confirms that threats stemming from criminals hacking humans are all too frequently ignored.
5 New Truths To Teach Your CIO About Identity
Commentary  |  10/1/2014  | 
When CIOs talk security they often use words like "firewall" and "antivirus." Heres why todays technology landscape needs a different vocabulary.


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.