News & Commentary

Content tagged with Authentication posted in March 2018
Phantom Secure 'Uncrackable Phone' Execs Indicted for RICO Crimes
Quick Hits  |  3/16/2018  | 
Executives of Phantom Secure have been indicted on federal RICO charges for encrypting communications among criminals.
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Commentary  |  3/15/2018  | 
The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.
Segmentation: The Neglected (Yet Essential) Control
Commentary  |  3/14/2018  | 
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
Medical Apps Come Packaged with Hardcoded Credentials
News  |  3/14/2018  | 
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Commentary  |  3/12/2018  | 
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
DevSecOps: The Importance of Building Security from the Beginning
Commentary  |  3/9/2018  | 
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
Privilege Abuse Attacks: 4 Common Scenarios
Commentary  |  3/7/2018  | 
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
Identity Management: Where It Stands, Where It's Going
News  |  3/6/2018  | 
How companies are changing the approach to identity management as people become increasingly digital.
What Enterprises Can Learn from Medical Device Security
Commentary  |  3/1/2018  | 
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.


'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12716
PUBLISHED: 2018-06-25
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its l...
CVE-2018-12705
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have XSS via the SSID (it is validated only on the client side).
CVE-2018-12706
PUBLISHED: 2018-06-24
DIGISOL DG-BR4000NG devices have a Buffer Overflow via a long Authorization HTTP header.
CVE-2018-12714
PUBLISHED: 2018-06-24
An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial o...
CVE-2018-12713
PUBLISHED: 2018-06-24
GIMP through 2.10.2 makes g_get_tmp_dir calls to establish temporary filenames, which may result in a filename that already exists, as demonstrated by the gimp_write_and_read_file function in app/tests/test-xcf.c. This might be leveraged by attackers to overwrite files or read file content that was ...