Advertise

News & Commentary

Content tagged with Authentication posted in March 2016

View Content By Month

'FBiOS' Case Heading For A New Firestorm

Commentary | 3/30/2016 |

1 comment

The surprise developments in the FBI v Apple case offer little reason to celebrate for encryption and privacy advocates.

From NY To Bangladesh: Inside An Inexcusable Cyber Heist

Commentary | 3/29/2016 |

Post a comment

A spelling error was the tipoff to last month’s multimillion-dollar digital bank heist. But could multifactor authentication have prevented it in the first place?

Think Risk When You Talk About Application Security Today

Commentary | 3/23/2016 |

Post a comment

Security from a risk-based perspective puts the focus on component failures and provides robust security for the ultimate target of most attacks -- company, customer and personal data.

Sextortion, Hacking, Gets Former State Dept. Employee 57 Months In Prison

Quick Hits | 3/22/2016 |

3 comments

Embassy worker targeted young women and started campaign with phishing, social engineering.

Thycotic Offers Free Privileged Account Security Software

Quick Hits | 3/22/2016 |

1 comment

Secret Server Free tool available now.

Beyond Back Doors: Recalibrating The Encryption Policy Debate

Commentary | 3/17/2016 |

Post a comment

Three compelling reasons why access to back doors should not be the intelligence and law enforcement community’s main policy thrust in the fight against terrorism.

Home Depot To Pay $19.5 Million In Data Breach Settlement

Quick Hits | 3/17/2016 |

Post a comment

Home improvement chain agrees to pay for out-of-pocket losses incurred by US shoppers from 2014 data breach, and promises to improve its payment systems' data security.

Forgot My Password: Caption Contest Winners Announced

Commentary | 3/8/2016 |

2 comments

Sticky notes, clouds and authentication jokes. And the winning caption is...

Why Marrying Infosec & Info Governance Boosts Security Capabilities

Commentary | 3/4/2016 |

Post a comment

In today’s data centric world, security pros need to know where sensitive data is supposed to be, not just where it actually is now.

IoT Security Checklist: Get Ahead Of The Curve

Commentary | 3/3/2016 |

2 comments

The security industry needs to take a Consumer Reports approach to Internet of Things product safety, including rigorous development practices and both physical and digital testing.

‘X,' ‘Zz’ Top List Of Password Guesses Attackers Try When Breaking Into Systems

News | 3/1/2016 |

1 comment

Year-long study of credential-scanning data suggests many high-risk systems protected by weak credentials, Rapid7 says.

View Content by Month

[close this box]

Editors' Choice

Enterprises Remain Riddled With Overprivileged Users -- and Attackers Know It

Robert Lemos, Contributing Writer, 4/1/2021

Inside the Ransomware Campaigns Targeting Exchange Servers

Kelly Sheridan, Staff Editor, Dark Reading, 4/2/2021

Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain

Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia, 3/30/2021

Live Events

Webinars

Cybersecurity Risk Management FREE Event 4/22

Earn (ISC)2 CPEs at Interop Digital, April 29

More Informa Tech Live Events

White Papers

What Elite Threat Hunters See That Others Miss: Case Study

How to Optimize Your Windows 10 Defense Strategy

The Dark Side of SD-WAN

Top Threats to Cloud Computing: The Egregious 11

Identify Threats 82% Faster: The Value of Threat Intelligence with DomainTools

More White Papers

Cartoon

Post a Comment

Cartoon Archive

Current Issue

2021 Top Enterprise IT Trends

We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Battle for the Endpoint

How to build a new cyber strategy for 2021 and beyond.

Download Now!

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

The Malware Threat Landscape

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-9667
PUBLISHED: 2021-04-16

Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to to plant custom binaries and execute them with System permissions. Exploitation of this issue requires user interaction.

CVE-2020-9668
PUBLISHED: 2021-04-16

Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.

CVE-2020-9681
PUBLISHED: 2021-04-16

Adobe Genuine Service version 6.6 (and earlier) is affected by an Uncontrolled Search Path element vulnerability. An authenticated attacker could exploit this to rewrite the file of the administrator, which may lead to elevated permissions. Exploitation of this issue requires user interaction.

CVE-2021-26830
PUBLISHED: 2021-04-16

SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.

CVE-2021-29443
PUBLISHED: 2021-04-16

jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFailed` would be throw...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]