News & Commentary

Content tagged with Authentication posted in August 2016
Intruders Pilfered Over 68 Million Passwords In 2012 Dropbox Breach
News  |  8/31/2016  | 
But all passwords were hashed and salted and no evidence they have been misused, company says.
Opera Forces Password Reset For 1.7 Million Users After Server Breach
News  |  8/30/2016  | 
Among those browser users affected are those who synced passwords to third-party sites.
How To Bullet Proof Your PAM Accounts: 7 Tips
Slideshows  |  8/26/2016  | 
Recent studies demonstrate the need for companies to focus more on their privileged users.
The Hidden Dangers Of 'Bring Your Own Body'
Commentary  |  8/26/2016  | 
The use of biometric data is on the rise, causing new security risks that must be assessed and addressed.
The Secret Behind the NSA Breach: Network Infrastructure Is the Next Target
Commentary  |  8/25/2016  | 
How the networking industry has fallen way behind in incorporating security measures to prevent exploits to ubiquitous routers, proxies, firewalls, and switches.
Darknet: Where Your Stolen Identity Goes to Live
Commentary  |  8/19/2016  | 
Almost everything is available on the Darknet -- drugs, weapons, and child pornography -- but where it really excels is as an educational channel for beginning identity thieves.
Attacker's Playbook Top 5 Is High On Passwords, Low On Malware
News  |  8/18/2016  | 
Report: Penetration testers' five most reliable methods of compromising targets include four different ways to use stolen credentials, but zero ways to exploit software.
User Ed: Patching People Vs Vulns
Commentary  |  8/17/2016  | 
How infosec can combine and adapt security education and security defenses to the way users actually do their jobs.
Dark Reading Radio: What Keeps IT Security Pros Awake at Night
Commentary  |  8/16/2016  | 
Join us for a wide-ranging discussion with (ISC) Chief Exec David Shearer on the most worrisome infosec trends and challenges.
Theory Vs Practice: Getting The Most Out Of Infosec
Commentary  |  8/10/2016  | 
Why being practical and operationally minded is the only way to build a successful security program.
Data Protection From The Inside Out
Commentary  |  8/8/2016  | 
Organizations must make fundamental changes in the way they approach data protection.
8 Alternatives to Selfie Authentication
Slideshows  |  8/4/2016  | 
How to definitively prove your identity? A variety of anatomical parts and functions may soon be able to vouch for you.
Hotel POS and Magstripe Cards Vulnerable to Attacks, Brute-Forcing
News  |  8/2/2016  | 
Researchers from Rapid7 at DefCon will demonstrate vulnerabilities that allow attackers to turn point-of-sale devices into keyboards
Crypto Malware: Responding To Machine-Timescale Breaches
Commentary  |  8/1/2016  | 
The game has changed again with hackers ability to steal your data at record speeds and cripple your organization before the first alert.


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Australian Teen Hacked Apple Network
Dark Reading Staff 8/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15504
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified-Since with a month greater than 11.
CVE-2018-15505
PUBLISHED: 2018-08-18
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']' character in an IPv6 a...
CVE-2018-15492
PUBLISHED: 2018-08-18
A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.
CVE-2018-15494
PUBLISHED: 2018-08-18
In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.
CVE-2018-15495
PUBLISHED: 2018-08-18
/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/passwd value.