Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Identity & Access Management
Page 1 / 2   >   >>
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Commentary  |  9/16/2020  | 
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
Cybersecurity Bounces Back, but Talent Still Absent
Commentary  |  9/16/2020  | 
While the demand for cybersecurity talent rebounds, organizations will need to focus on cyber-enabled roles to fill immediate skills gaps.
Taking Security With You in the WFH Era: What to Do Next
Commentary  |  9/15/2020  | 
As many organizations pivot to working from home, here are some considerations for prioritizing the new security protocols.
Zoom Brings Two-Factor Authentication to All Users
Quick Hits  |  9/10/2020  | 
This marks the latest step Zoom has taken to improve user security as more employees work from home.
Top 5 Identity-Centric Security Imperatives for Newly Minted Remote Workers
Commentary  |  9/9/2020  | 
In the wake of COVID-19, today's remote workforce is here to stay, at least for the foreseeable future. And with it, an increase in identity-related security incidents.
Post-COVID-19 Security Spending Update
Slideshows  |  9/8/2020  | 
Security spending growth will slow in 2020, but purse strings are looser than for other areas of IT.
Don't Forget Cybersecurity on Your Back-to-School List
Commentary  |  9/2/2020  | 
School systems don't seem like attractive targets, but they house lots of sensitive data, such as contact information, grades, health records, and more.
Deep Fake: Setting the Stage for Next-Gen Social Engineering
Commentary  |  8/26/2020  | 
Humans are susceptible to normalcy bias, which may leave us vulnerable to disinformation that reinforces our beliefs.
Newly Patched Alexa Flaws a Red Flag for Home Workers
News  |  8/19/2020  | 
Alexa could serve as an entry point to home and corporate networks. Security experts point to the need for manufacturers to work closely with enterprise security teams to spot and shut down IoT device flaws.
Is Edtech the Greatest APT?
News  |  8/11/2020  | 
Educational technology is critical but can come at huge costs to student and teacher privacy and security. Are those costs too high?
EU-US Privacy Shield Dissolution: What Happens Next?
Commentary  |  8/11/2020  | 
In a world that isn't private by design, security and liability implications for US-based cloud companies are huge.
Gamifying Password Training Shows Security Benefits
News  |  8/10/2020  | 
When picking passwords, users often fall back on certain insecure patterns, but good habits can be learned using simple games, a group of researchers find.
Attack of the Clone: Next-Gen Social Engineering
News  |  8/5/2020  | 
NeoEYED CTO Tamaghna Basu tells us how he created an AI bot to mimic him, how it could be used in social engineering attacks, and what the experience taught him about the value of true human connections.
Pandemic Credential Stuffing: Cybersecurity's Ultimate Inside Job
Commentary  |  7/27/2020  | 
How stolen credentials for services like Zoom and password reuse practices threaten to compromise other accounts and applications.
Email Security Features Fail to Prevent Phishable 'From' Addresses
News  |  7/24/2020  | 
The security features for verifying the source of an email header fail to work together properly in many implementations, according to a team of researchers.
Deepfakes & James Bond Research Project: Cool but Dangerous
Commentary  |  7/23/2020  | 
Open source software for creating deepfakes is getting better and better, to the chagrin of researchers
4 Steps to a More Mature Identity Program
Commentary  |  7/1/2020  | 
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
Back to Basics with Cloud Permissions Management
Commentary  |  6/23/2020  | 
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
5 Steps for Implementing Multicloud Identity
Commentary  |  6/23/2020  | 
Why embracing, not fighting, decentralization will pave the way to smoother cloud migrations.
The Bigger the News, the Bigger the Cyber Threats
Commentary  |  6/18/2020  | 
Criminals use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging.
CISO Dialogue: How to Optimize Your Security Budget
Commentary  |  6/18/2020  | 
CISOs are never going to have all the finances they want. Hard choices must be made. The CISO of Amazon Prime Video discusses his approaches to a slimmed-down budget.
The Telehealth Attack Surface
Commentary  |  6/10/2020  | 
Amid the surge in digital healthcare stemming from the coronavirus pandemic, security is taking a backseat to usability.
CSO's Guide to 'Employee-First' Security Operations During COVID-19 & Beyond
Commentary  |  6/9/2020  | 
As the work-at-home environment continues to inform new ways of doing business, it's important that security teams remain flexible and ready for change.
Thycotic Buys Onion ID to Extend PAM Portfolio
Quick Hits  |  6/2/2020  | 
The acquisition brings three new products into Thycotic's privileged access management lineup.
79% of Companies Report Identity-Related Breach in Past Two Years
Quick Hits  |  5/14/2020  | 
Two-thirds of organizations surveyed say phishing is the most common cause of identity-related breaches, the IDSA reports.
CyberArk Acquires Idaptive for Identity-as-a-Service Tech
Quick Hits  |  5/13/2020  | 
The $70 million deal is intended to help CyberArk strengthen its portfolio with secure and SaaS-based identity management.
Microsoft Identity VP Shares How and Why to Ditch Passwords
News  |  5/7/2020  | 
Passwords are on their way out, says Joy Chik, who offers guidance for businesses hoping to shift away from them.
Zoom Acquires Keybase, Plans for End-to-End Encrypted Chats
Quick Hits  |  5/7/2020  | 
The company's first acquisition to date is part of a 90-day plan to improve security in its video communications platform.
Breach Hits GoDaddy SSH Customers
Quick Hits  |  5/5/2020  | 
The October 2019 breach left some customer data open to hacking eyes.
Apple Makes It Easier to Unlock iPhone While Wearing a Mask
Quick Hits  |  5/1/2020  | 
The beta release of iOS 13.5 brings an updated FaceID so that users wearing masks can bypass facial recognition and unlock their phone with a code.
Industrial Networks' Newest Threat: Remote Users
Commentary  |  5/1/2020  | 
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.
7 Secure Remote Access Services for Today's Enterprise Needs
Slideshows  |  4/29/2020  | 
Secure remote access is a "must" for enterprise computing today, and there are options for you to explore in the dynamic current environment.
Increased Credential Threats in the Age of Uncertainty
Commentary  |  4/28/2020  | 
Three things your company should do to protect credentials during the coronavirus pandemic.
The Evolving Threat of Credential Stuffing
Commentary  |  4/23/2020  | 
Bots' swerve to focus on APIs means businesses must take the threat seriously and take effective action.
Terahash Buys L0phtCrack in Password Merger
Quick Hits  |  4/21/2020  | 
The acquisition brings password cracking and password auditing capabilities together in a single company.
Remote Access Makes a Comeback: 4 Security Challenges in the Wake of COVID-19
Commentary  |  4/20/2020  | 
As companies continue to support increasing numbers of work-from-home employees, the pressure to secure access and reduce risk has never been greater.
Post Pandemic, Technologists Pose Secure Certification for Immunity
News  |  4/16/2020  | 
Going digital with immunity passports could speed rollout and allow for better warnings of potential hot spots. But security and privacy issues remain.
BEC, Domain Jacking Help Criminals Disrupt Cash Transfers
Commentary  |  4/8/2020  | 
The two hacking methods occur independently but are being used in concert to steal funds that are part of online payments and transactions.
Securing Your Remote Workforce: A Coronavirus Guide for Businesses
Commentary  |  3/30/2020  | 
Often the hardest part in creating an effective awareness program is deciding what NOT to teach.
The Wild, Wild West(world) of Cybersecurity
Commentary  |  3/27/2020  | 
Though set in the future, HBO's "Westworld" works as an allegory for the present moment in cybersecurity.
Introducing Zero-Trust Access
Commentary  |  3/26/2020  | 
It's too early to tell whether ZTA will be a VPN killer or not, but major players are ramping up products in this new class of security technology that focuses on the cloud.
How Microsoft Disabled Legacy Authentication Across the Company
News  |  3/9/2020  | 
The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.
Avoiding the Perils of Electronic Communications
Commentary  |  3/3/2020  | 
Twitter, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.
Users Have Risky Security Habits, but Security Pros Aren't Much Better
News  |  2/19/2020  | 
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
8 Things Users Do That Make Security Pros Miserable
Slideshows  |  2/18/2020  | 
When a user interacts with an enterprise system, the result can be productivity or disaster. Here are eight opportunities for the disaster side to win out over the productive.
Companies Pursue Zero Trust, but Implementers Are Hesitant
News  |  2/4/2020  | 
Almost three-quarters of enterprises plan to have a zero-trust access model by the end of the year, but nearly half of cybersecurity professionals lack the knowledge to implement the right technologies, experts say.
How Device-Aware 2FA Can Defeat Social Engineering Attacks
Commentary  |  2/3/2020  | 
While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here's why.
Businesses Improve Their Data Security, But Privacy Not So Much
News  |  1/29/2020  | 
While the California Consumer Privacy Act will force companies to provide a modicum of meaningful privacy, World Privacy Day still mainly celebrates data security.
ADP Users Hit with Phishing Scam Ahead of Tax Season
Quick Hits  |  1/17/2020  | 
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat
Commentary  |  1/16/2020  | 
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.
Page 1 / 2   >   >>


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4643
PUBLISHED: 2020-09-21
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.
CVE-2020-4590
PUBLISHED: 2020-09-21
IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.
CVE-2020-4731
PUBLISHED: 2020-09-21
IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055.
CVE-2020-4315
PUBLISHED: 2020-09-21
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the i...
CVE-2020-4579
PUBLISHED: 2020-09-21
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438.