Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Content tagged with Authentication posted in March 2015
British Airways The Latest Loyalty Program Breach Victim
News  |  3/30/2015  | 
Who needs to steal credit cards when you can get airfare and luxury items for free?
SSL/TLS Suffers 'Bar Mitzvah Attack'
News  |  3/26/2015  | 
Researcher at Black Hat Asia shows how attackers could abuse a known-weak crypto algorithm to steal credentials and other data from encrypted communications.
The Internet Of Bring-Your-Own Things
Commentary  |  3/25/2015  | 
Devices and interconnected systems are finding a foothold not only in our homes but in mainstream organizations. Here are three tips to mitigate the risk.
New Secure Online Check-Out Tech Goes For Less Friction, More Biometrics
News  |  3/24/2015  | 
BioCatch, Zumigo, and Alibaba release tools to help merchants avoid those pesky charge-back costs.
Worst Sports-Related Passwords
News  |  3/23/2015  | 
March Madness and Spring Training underway. NFL draft and NBA playoffs soon to come. Your users may be even more tempted than ever to create some of these bad sports-related passwords
Microsoft Warns Of Phony Windows Live Digital Certificate
Quick Hits  |  3/17/2015  | 
Unauathorized SSL certificate for 'live.fi' could be used for man-in-the-middle, phishing attacks, Microsoft says.
Yahoo's One-Time Passwords Have Security Experts Divided
News  |  3/16/2015  | 
Better protection from keyloggers, but you'd better not lose your phone, Yahoo users.
Apple Pay Fraud Gives Us A New Reason To Hate Data Breaches And SSNs
News  |  3/4/2015  | 
There may already be millions of dollars in losses, but you can't blame Apple for this one.
A Building Code For Internet of Things Security, Privacy
Commentary  |  3/4/2015  | 
In the fast-emerging IoT, medical device safety is reaching a critical juncture. Here are three challenges InfoSec professionals should begin to think about now.
Mobile Security By The Numbers
Slideshows  |  3/2/2015  | 
Rounding up the latest research on mobile malware and security practices.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-4271
PUBLISHED: 2022-12-02
Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to 1.16.4.
CVE-2022-43272
PUBLISHED: 2022-12-02
DCMTK v3.6.7 was discovered to contain a memory leak via the T_ASC_Association object.
CVE-2022-45480
PUBLISHED: 2022-12-02
PC Keyboard WiFi & Bluetooth allows an attacker (in a man-in-the-middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2022-45482
PUBLISHED: 2022-12-02
Lazy Mouse server enforces weak password requirements and doesn't implement rate limiting, allowing remote unauthenticated users to easily and quickly brute force the PIN and execute arbitrary commands. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-45483
PUBLISHED: 2022-12-02
Lazy Mouse allows an attacker (in a man in the middle position between the server and a connected device) to see all data (including keypresses) in cleartext. CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N