News & Commentary

Content tagged with Authentication posted in May 2017
The Case for Disclosing Insider Breaches
Commentary  |  5/31/2017  | 
Too often organizations try to sweep intentional, accidental or negligent employee theft of data under the rug. Heres why they shouldnt.
Deconstructing the 2016 Yahoo Security Breach
Commentary  |  5/19/2017  | 
One good thing about disasters is that we can learn from them and avoid repeating the same mistakes. Here are five lessons that the Yahoo breach should have taught us.
The Fundamental Flaw in TCP/IP: Connecting Everything
Commentary  |  5/17/2017  | 
Almost 30 years after its inception, it's time to fix the engine that both fuels the modern day Internet and is the root cause of its most vexing security challenges.
Your Grandma Could Be the Next Ransomware Millionaire
Commentary  |  5/15/2017  | 
Today's as-a-service technology has democratized ransomware, offering practically anyone with a computer and an Internet connection an easy way to get in on the game.
SSA Plans Stronger Website Authentication
Quick Hits  |  5/11/2017  | 
Starting in June 2017, the US Social Security Administration will require a more secure login process for SSA.gov.
Shining a Light on Securitys Grey Areas: Process, People, Technology
Commentary  |  5/9/2017  | 
The changing distributed and mobile business landscape brings with it new security and privacy risks. Heres how to meet the challenge.
Backdoors: When Good Intentions Go Bad
Commentary  |  5/5/2017  | 
Requiring encrypted applications to provide backdoors for law enforcement will weaken security for everyone.
Google Docs Phishing Scam a Game Changer
News  |  5/4/2017  | 
Experts expect copycats that take advantage of passive authentication from third-party applications using standards such as OAuth.
Why OAuth Phishing Poses A New Threat to Users
Commentary  |  5/4/2017  | 
Credential phishing lets attackers gain back-end access to email accounts, and yesterday's Google Docs scam raises the risk to a new level.
Striving For Improvement on World Password Day
News  |  5/2/2017  | 
Consumer hygiene and poor authentication practices create toxic combo.


Valentine's Emails Laced with Gandcrab Ransomware
Kelly Sheridan, Staff Editor, Dark Reading,  2/14/2019
High Stress Levels Impacting CISOs Physically, Mentally
Jai Vijayan, Freelance writer,  2/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8419
PUBLISHED: 2019-02-17
VNote 2.2 has XSS via a new text note.
CVE-2019-8421
PUBLISHED: 2019-02-17
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
CVE-2019-8422
PUBLISHED: 2019-02-17
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
CVE-2019-7649
PUBLISHED: 2019-02-17
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
CVE-2019-8418
PUBLISHED: 2019-02-17
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.