Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Authentication posted in February 2020
Cryptographers Panel Tackles Espionage, Elections & Blockchain
News  |  2/26/2020  | 
Encryption experts gave insights into the Crypto AG revelations, delved into complexities of the "right to be forgotten," and more at RSA Conference.
7 Tips to Improve Your Employees' Mobile Security
Slideshows  |  2/24/2020  | 
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
Users Have Risky Security Habits, but Security Pros Aren't Much Better
News  |  2/19/2020  | 
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
Zero-Factor Authentication: Owning Our Data
Commentary  |  2/19/2020  | 
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Commentary  |  2/18/2020  | 
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
How Device-Aware 2FA Can Defeat Social Engineering Attacks
Commentary  |  2/3/2020  | 
While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here's why.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-4144
PUBLISHED: 2022-11-29
An out-of-bounds read flaw was found in the QXL display device emulation in QEMU. The qxl_phys2virt() function does not check the size of the structure pointed to by the guest physical address, potentially reading past the end of the bar space into adjacent pages. A malicious guest user could use th...
CVE-2022-4172
PUBLISHED: 2022-11-29
An integer overflow and buffer overflow issues were found in the ACPI Error Record Serialization Table (ERST) device of QEMU in the read_erst_record() and write_erst_record() functions. Both issues may allow the guest to overrun the host buffer allocated for the ERST memory device. A malicious guest...
CVE-2022-46150
PUBLISHED: 2022-11-29
Discourse is an open-source discussion platform. Prior to version 2.8.13 of the `stable` branch and version 2.9.0.beta14 of the `beta` and `tests-passed` branches, unauthorized users may learn of the existence of hidden tags and that they have been applied to topics that they have access to. This is...
CVE-2022-21126
PUBLISHED: 2022-11-29
The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.
CVE-2022-25848
PUBLISHED: 2022-11-29
This affects all versions of package static-dev-server. This is because when paths from users to the root directory are joined, the assets for the path accessed are relative to that of the root directory.