Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Identity & Access Management
Page 1 / 2   >   >>
Microsoft Adds GPS Location to Identity & Access Control in Azure AD
Quick Hits  |  5/13/2021  | 
New capabilities let admins restrict access to resources from privileged access workstations or regions based on GPS location.
Can Organizations Secure Remote Workers for the Long Haul?
Commentary  |  5/4/2021  | 
By focusing on protection instead of detection, organizations can defend against targeted attacks without compromising security or productivity.
Your Digital Identity's Evil Shadow
Commentary  |  4/29/2021  | 
In the wrong hands, these shady shadows are stealthy means to bypass security systems by hiding behind a proxy with legitimate IP addresses and user agents.
The Challenge of Securing Non-People Identities
Commentary  |  4/29/2021  | 
Non-people identities, which can act intelligently and make decisions on behalf of a person's identity, are a growing cybersecurity risk.
Attacks Targeting ADFS Token Signing Certificates Could Become Next Big Threat
News  |  4/28/2021  | 
New research shows how threat actors can steal and decrypt signing certificates so SAML tokens can be forged.
Name That Toon: Greetings, Earthlings
Commentary  |  4/22/2021  | 
Caption time! Come up with something out of this world for Dark Reading's latest contest, and our panel of experts will reward the winner with a $25 Amazon gift card.
How to Attack Yourself Better in 2021
Commentary  |  4/21/2021  | 
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
2020 Changed Identity Forever; What's Next?
Commentary  |  4/20/2021  | 
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.
Security Gaps in IoT Access Control Threaten Devices and Users
News  |  4/16/2021  | 
Researchers spot problems in how IoT vendors delegate device access across multiple clouds and users.
How the Biden Administration Can Make Digital Identity a Reality
Commentary  |  4/16/2021  | 
A digital identity framework is the answer to the US government's cybersecurity dilemma.
Thycotic & Centrify Merge to Form Cloud Identity Security Firm
Quick Hits  |  4/14/2021  | 
The combined entity will expand on both companies' privileged access management tools and expects to debut a new brand this year.
8 Security & Privacy Apps to Share With Family and Friends
Slideshows  |  4/9/2021  | 
Mobile apps to recommend to the people in your life who want to improve their online security and privacy.
7 Ways to Reduce Cyber Threats From Remote Workers
Commentary  |  4/5/2021  | 
The pandemic's decline won't stop the work-from-home trend nor the implications for cybersecurity, so it's crucial to minimize the threats.
Advice From Security Experts: How to Approach Security in the New Normal
Commentary  |  3/31/2021  | 
Here are the biggest lessons they've learned after a year of work from home, and how they advise their counterparts at organizations to proceed as a result of those lessons.
How Personally Identifiable Information Can Put Your Company at Risk
Commentary  |  3/25/2021  | 
By being more mindful of how and where they share PII, employees will deprive cybercriminals of their most useful tool.
Facebook Expands Security Key Support to iOS & Android
News  |  3/18/2021  | 
Facebook's announcement arrives the same week Twitter enabled support for multiple security keys on user accounts.
IronNet Cybersecurity to Go Public in Merger
Quick Hits  |  3/16/2021  | 
Company intends for the deal to drive adoption of its Collective Defense Platform.
Combating Call Center Fraud in the Age of COVID
Commentary  |  3/16/2021  | 
With many agents now working from home, call centers require new technology, new processes, and a new way of thinking about security.
Why Cloud Security Risks Have Shifted to Identities and Entitlements
Commentary  |  3/2/2021  | 
Traditional security tools focus on the network perimeter, leaving user and service accounts vulnerable to hackers.
NSA Releases Guidance on Zero-Trust Architecture
Quick Hits  |  2/26/2021  | 
A new document provides guidance for businesses planning to implement a zero-trust system management strategy.
Inside Strata's Plans to Solve the Cloud Identity Puzzle
News  |  2/25/2021  | 
Strata Identity was founded to change businesses' approach to identity management as multicloud environments become the norm.
Strata Identity Raises $11M in Series A Round
Quick Hits  |  2/16/2021  | 
The series A round of funding, led by Menlo Ventures, will help Strata scale its distributed identity technology.
You've Got Cloud Security All Wrong: Managing Identity in a Cloud World
Commentary  |  2/12/2021  | 
In a hybrid and multicloud world, identity is the new perimeter and a critical attack surface for bad actors.
7 Things We Know So Far About the SolarWinds Attacks
Slideshows  |  2/11/2021  | 
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
SolarWinds Attack Reinforces Importance of Principle of Least Privilege
Commentary  |  2/9/2021  | 
Taking stock of least-privilege policies will go a long way toward hardening an organization's overall security posture.
Microsoft Security Business Exceeds $10B in Revenue
Quick Hits  |  1/27/2021  | 
Microsoft's security division has grown more than 40% year-over-year, the company reports alongside security product updates.
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Commentary  |  1/12/2021  | 
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Commentary  |  1/4/2021  | 
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.
Microsoft Ups Security of Azure AD, Identity
News  |  12/22/2020  | 
A roundup of Microsoft's recent security news and updates that focus on protecting identity.
Corporate Credentials for Sale on the Dark Web: How to Protect Employees and Data
Commentary  |  12/16/2020  | 
It's past time to retire passwords in favor of other methods for authenticating users and securing systems.
Cloud Identity and Access Management: Understanding the Chain of Access
Commentary  |  12/10/2020  | 
Here's where enterprises encounter challenges with cloud IAM and the best practices they should follow to correct these mistakes.
The Holiday Shopping Season: A Prime Opportunity for Triangulation Fraud
Commentary  |  12/9/2020  | 
As e-commerce sales increase, so does the risk of hard-to-detect online fraud.
What's in Store for Privacy in 2021
News  |  11/24/2020  | 
Changes are coming to the privacy landscape, including more regulations and technologies.
3 Tips For Successfully Running Tech Outside the IT Department
Commentary  |  11/11/2020  | 
When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.
How to Avoid Getting Killed by Ransomware
Commentary  |  11/11/2020  | 
Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.
Cloud Usage, Biometrics Surge As Remote Work Grows Permanent
News  |  11/10/2020  | 
A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.
Neural Networks Help Users Pick More-Secure Passwords
News  |  10/26/2020  | 
Typically, blocklists are used to prevent users from picking easily guessable patterns, but a small neural network can do the same job and suggests that complex password requirements are not necessary.
A Pause to Address 'Ethical Debt' of Facial Recognition
Commentary  |  10/23/2020  | 
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
Credential-Stuffing Attacks Plague Loyalty Programs
News  |  10/22/2020  | 
But that's not the only type of web attack cybercriminals have been profiting from.
Dealing With Insider Threats in the Age of COVID
Commentary  |  10/21/2020  | 
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
Commentary  |  10/21/2020  | 
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
Building the Human Firewall
Commentary  |  10/20/2020  | 
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
Microsoft Tops Q3 List of Most-Impersonated Brands
News  |  10/19/2020  | 
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
Online Voting Is Coming, but How Secure Will It Be?
Commentary  |  10/13/2020  | 
It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.
A 7-Step Cybersecurity Plan for Healthcare Organizations
Slideshows  |  10/12/2020  | 
With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.
Why MSPs Are Hacker Targets, and What To Do About It
Commentary  |  10/9/2020  | 
Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.
Researchers Adapt AI With Aim to Identify Anonymous Authors
News  |  10/2/2020  | 
At Black Hat Asia, artificial intelligence and cybersecurity researchers use neural networks to attempt to identify authors, but accuracy is still wanting.
Biometric Data Collection Demands Scrutiny of Privacy Law
News  |  10/2/2020  | 
An IT lawyer digs into the implications of collecting biometric data, why it can't be anonymized, and what nations are doing about it.
Permission Management & the Goldilocks Conundrum
Commentary  |  9/22/2020  | 
In today's COVID-19 era, managing access has become even more difficult, especially for large organizations. Here's how to get it "just right."
8 Reasons Perimeter Security Alone Won't Protect Your Crown Jewels
Commentary  |  9/16/2020  | 
Most firewalls and security devices effectively protect systems and data, but are they enough to safeguard business-critical applications?
Page 1 / 2   >   >>


Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16632
PUBLISHED: 2021-05-15
A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 SP2 allows an authenticated user to execute remote arbitrary code via the keyword parameter.
CVE-2021-32073
PUBLISHED: 2021-05-15
DedeCMS V5.7 SP2 contains a CSRF vulnerability that allows a remote attacker to send a malicious request to to the web manager allowing remote code execution.
CVE-2021-33033
PUBLISHED: 2021-05-14
The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value.
CVE-2021-33034
PUBLISHED: 2021-05-14
In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value.
CVE-2019-25044
PUBLISHED: 2021-05-14
The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue.