News & Commentary
Latest Content tagged with Identity & Access Management
|
Shhhhh! The Secret to Secrets Management
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
Who Are You, Really? A Peek at the Future of Identity
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
Insider Threats & Insider Objections
The ‘tyranny of the urgent’ and three other reasons why it’s hard for CISOs to establish a robust insider threat prevention program.
Republican Committee Email Hacked During Midterms
The National Republican Congressional Committee detected the compromise of four staffers' email accounts in April.
6 Ways to Strengthen Your GDPR Compliance Efforts
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation – and that could cost them.
Microsoft, Mastercard Aim to Change Identity Management
A new partnership wants to improve how people use and manage the virtual identities that govern their lives online.
The Return of Email Flooding
An old attack technique is making its way back into the mainstream with an onslaught of messages that legacy tools and script writing can't easily detect.
8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
Stolen credentials for industrial control system workstations are fast becoming the modus operandi for ICS attacks by cybercriminals.
Empathy: The Next Killer App for Cybersecurity?
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
Why Password Management and Security Strategies Fall Short
Researchers say companies need to rethink their password training and take a more holistic approach to security.
Where Is the Consumer Outrage about Data Breaches?
Facebook, Equifax, Cambridge Analytica … Why do breaches of incomprehensible magnitude lead to a quick recovery for the businesses that lost or abused the data and such little lasting impact for the people whose information is stolen.
Companies Fall Short on 2FA
New research ranks organizations based on whether they offer two-factor authentication.
The Case for MarDevSecOps
Why security must lead the integration of marketing into the collaborative security and development model in the cloud.
Securing Serverless: Attacking an AWS Account via a Lambda Function
It’s not every day that someone lets you freely wreak havoc on their account just to find out what happens when you do.
Risky Business: Dark Reading Caption Contest Winners
Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...
4 Ways to Fight the Email Security Threat
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
Google Adds New Identity, Security Tools to Cloud Platform
A wave of cloud news includes new tools for identity and access management and policies for stronger controls on cloud resources.
Lessons Learned from the Facebook Breach: Why Logic Errors Are So Hard to Catch
By ensuring that each layer of protection scours an application for unintended uses, you can find the flaws before the bad guys do.
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Technology such as Apple's device trust score that decides "you" is “not you” is a good thing. But only if it works well.
How Data Security Improves When You Engage Employees in the Process
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
The Cloud Security Conundrum: Assets vs. Infrastructure
The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?
6 Security Training Hacks to Increase Cyber IQ Org-Wide
Move beyond generic, annual security awareness training with these important tips.
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
The Top 5 Security Threats & Mitigations for Industrial Networks
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
New Study Details Business Benefits of Biometrics
Biometric authentication can be good for security and for business, according to a new study from Goode Intelligence
Machine Identities Need Protection, Too
A new study shows that device identities need a level of protection that they're not getting from most organizations.
4 Benefits of a World with Less Privacy
The privacy issue is a problem for a lot of people. I see it differently.
How One Company’s Cybersecurity Problem Becomes Another's Fraud Problem
The solution: When security teams see something in cyberspace, they need to say something.
A False Sense of Security
Emerging threats over the next two years stem from biometrics, regulations, and insiders.
The Votes Are In: Election Security Matters
Three ways to make sure that Election Day tallies are true.
How to Gauge the Effectiveness of Security Awareness Programs
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Make a Wish: Dark Reading Caption Contest Winners
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...
The 5 Challenges of Detecting Fileless Malware Attacks
Simply applying file-based tools and expectations to fileless attacks is a losing strategy. Security teams must also understand the underlying distinctions between the two.
Shadow IT: Every Company's 3 Hidden Security Risks
Companies can squash the proliferation of shadow IT if they listen to employees, create transparent guidelines, and encourage an open discussion about the balance between security and productivity.
How GDPR Could Turn Privileged Insiders into Bribery Targets
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
Every Week Is Shark Week in Cyberspace
Your data, identities, and credentials are cyber chum. Here's how to protect yourself from the feeding frenzy.
London Calling with New Strategies to Stop Ransomware
The new London Protocol from the Certificate Authority Security Council/Browser Forum aims to minimize the possibility of phishing activity on high-value identity websites.
The Fundamental Flaw in Security Awareness Programs
It's a ridiculous business decision to rely on the discretion of a minimally trained user to thwart a highly skilled sociopath, financially motivated criminal, or nation-state.
Beyond Passwords: Why Your Company Should Rethink Authentication
Scaling security infrastructure requires scaling trust of users, devices, and methods of authentication. Here's how to get started.
India Telecom Regulator: Users Have Primary Data Rights
Organizations 'should be restrained from using metadata to identify individual users,' says the Telecom Regulatory Authority of India.
Reactive or Proactive? Making the Case for New Kill Chains
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
White House Email Security Faux Pas?
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
Inside a SamSam Ransomware Attack
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
3 Tips for Driving User Buy-in to Security Policies
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Dark Reading Launches Second INsecurity Conference
To be held in Chicago Oct. 23-25, defense-focused conference will feature closed-door discussions, co-resident Black Hat Training sessions
Fortinet Completes Bradford Networks Purchase
NAC and security firm added to Fortinet's portfolio.
5 Tips for Protecting SOHO Routers Against the VPNFilter Malware
Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.
The Good News about Cross-Domain Identity Management
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
|
White Papers
Video
4 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Look deep into my eyes. You are getting sleepy, very sleepy......
Latest Comment: Look deep into my eyes. You are getting sleepy, very sleepy......
Current Issue
10 Best Practices That Could Reshape Your IT Security DepartmentThis Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
How Enterprises Are Using IT Threat Intelligence
Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-20173
PUBLISHED: 2018-12-17
PUBLISHED: 2018-12-17
PUBLISHED: 2018-12-17
PUBLISHED: 2018-12-17
PUBLISHED: 2018-12-17
From DHS/US-CERT's National Vulnerability Database CVE-2018-20173
PUBLISHED: 2018-12-17
Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API.
CVE-2017-18352PUBLISHED: 2018-12-17
Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs.
CVE-2017-18353PUBLISHED: 2018-12-17
Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application.
CVE-2017-18354PUBLISHED: 2018-12-17
Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.
CVE-2017-18355PUBLISHED: 2018-12-17
Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This