News & Commentary

Content tagged with Authentication posted in November 2016
Cybersecurity User Training That Sticks: 3 Steps
Commentary  |  11/29/2016  | 
People are eager for common-sense advice that gives them control over their environment and helps them stay safe online.
WindTalker Attack Finds New Vulnerabilities in Wi-Fi Networks
News  |  11/21/2016  | 
White hat researchers show how hackers read keystrokes to potentially compromise cellphone and tablet users on public Wi-Fi and home networks.
Cyber Monday, Consumers & The Bottom Line Of A Data Breach
Commentary  |  11/18/2016  | 
Yes retailers can achieve ROI for their investments in cybersecurity during the upcoming holiday season - and for the rest of the year, too! Heres how.
Thinking Ahead: Cybersecurity In The Trump Era
News  |  11/18/2016  | 
In a panel held by the University of California Berkeley Center for Long-Term Cybersecurity and Bipartisan Policy Center, experts discuss challenges facing the incoming presidential administration.
China's Jinping Opens Tech Meet With Calls For 'Fair & Equitable' Internet
Quick Hits  |  11/18/2016  | 
The third Wuzhen World Internet Conference had a strong presence of US tech companies despite criticism of Chinas Internet laws.
Teenager Admits To TalkTalk Hack
Quick Hits  |  11/18/2016  | 
A 17-year-old boy exploited flaws in ISPs web pages to steal confidential data of 150,000 customers.
As Deadline Looms, 35 Percent Of Web Sites Still Rely On SHA-1
News  |  11/17/2016  | 
Over 60 million web sites are relying on a hashing algorithm that will be blocked by major browsers starting Jan 1.
NIST Releases Version of Cybersecurity Framework for Small Businesses
News  |  11/17/2016  | 
Researchers offer a step-by-step approach for covering the basics of cybersecurity.
Insider Threat: The Domestic Cyber Terrorist
Commentary  |  11/17/2016  | 
It is dangerously naive for business and government leaders to dismiss the risk of radicalized privileged users inside our critical industries.
8 Public Sources Holding 'Private' Information
Slideshows  |  11/17/2016  | 
Personal information used for nefarious purposes can be found all over the web from genealogy sites to public records and social media.
Adobe To Pay $1 Million Compensation In Data Breach Case
Quick Hits  |  11/17/2016  | 
Personal data of more than 500,000 consumers from 15 states were stolen in the 2013 breach of Adobe server.
The 7 Most Significant Government Data Breaches
Slideshows  |  11/15/2016  | 
Mega compromises at federal and state agencies over the past three years has compromised everything from personal data on millions to national security secrets.
Shoppers Up Their Online Security Game, Survey Says
News  |  11/10/2016  | 
While they check SSL certificates and liability policies more often, many remain wary of biometric authentication, Computop reports
Stay Vigilant To The Evolving Threat Of Social Engineering
Commentary  |  11/8/2016  | 
Even the most cyber-savvy individuals can easily get tripped up by a social engineering attack. But users can trip-up a threat simply by paying attention.
Is Fingerprint Authentication Making The Password Problem Worse?
Commentary  |  11/8/2016  | 
Problems emerge when users switch to a new phone.
Election 2016 & WikiLeaks: Bad, But Not Your Worst Nightmare
Commentary  |  11/4/2016  | 
John Podesta may be the poster child for poor user security practices but the real problem is rigid regulatory compliance frameworks that perpetuate ineffective perimeter defenses.
7 Reasons Consumers Dont Take Action on Cybersecurity
Slideshows  |  11/1/2016  | 
Security awareness is high but its hard to turn personal knowledge into effective practices.


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Compliance and Risk Management Officer, AvePoint, Inc,  8/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15601
PUBLISHED: 2018-08-21
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.
CVE-2018-15603
PUBLISHED: 2018-08-21
An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen.
CVE-2018-15598
PUBLISHED: 2018-08-21
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.
CVE-2018-15599
PUBLISHED: 2018-08-21
The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.
CVE-2018-0501
PUBLISHED: 2018-08-21
The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.