News & Commentary

Content tagged with Authentication posted in February 2016
Security Lessons From My Doctor
Commentary  |  2/25/2016  | 
Why its hard to change risky habits like weak passwords and heavy smoking, even when advice is clear.
Anatomy Of An Account Takeover Attack
Commentary  |  2/23/2016  | 
How organized crime rings are amassing bot armies for password-cracking attacks on personal accounts in retail, financial, gaming, and other consumer-facing services.
FAQ: Heres What You Need To Know About The Apple, FBI Dispute
News  |  2/23/2016  | 
The case marks a watershed moment in the debate over national security interests and privacy rights.
Today's New Payment Card Security In A Nutshell
Commentary  |  2/17/2016  | 
Businesses taking their time rolling out EMV card-compatible terminals are putting their data security and financial well-being at risk.
Name That Toon: Dark Reading Caption Contest
Commentary  |  2/13/2016  | 
Take part in our brand new cartoon caption contest. Join the fun and maybe you'll win a prize.
5 Reveals About Today's Attack M.O.s From Skype Spying Malware
News  |  2/11/2016  | 
T9000 backdoor is built with many of today's cybercriminal tricks up its sleeves.
Over 100,000 E-File PINs Fraudulently Accessed In Automated Attack On IRS App
News  |  2/10/2016  | 
Personal data stolen from other sources was used in attack agency says
Heres How To Protect Against A Ransomware Attack
News  |  2/4/2016  | 
Recovering data encrypted by a ransomware attack is next to impossible, so prevention offers the better approach.


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11771
PUBLISHED: 2018-08-16
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream,...
CVE-2018-1715
PUBLISHED: 2018-08-16
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 14700...
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.