News & Commentary

Content tagged with Identity & Access Management posted in October 2017
Preventing Credential Theft: A Security Checklist for Boards
Commentary  |  10/30/2017  | 
Board members pose a unique risk for business, but proper planning helps.
Why Data Breach Stats Get It Wrong
Commentary  |  10/26/2017  | 
It's not the size of the stolen data dump that is important. It's the window between the date of the breach and the date of discovery that represents the biggest threat.
Advanced Analytics + Frictionless Security: What CISOS Need to Know
Commentary  |  10/25/2017  | 
Advances in analytics technologies promise to make identity management smarter and more transparent to users. But the process is neither straightforward nor easy.
The Week in Crypto: Bad News for SSH, WPA2, RSA & Privacy
News  |  10/20/2017  | 
Between KRACK, ROCA, new threats to SSH keys, and the European Commission's loosey-goosey stance on encryption backdoors, it's been a difficult time for cryptography.
Game Change: Meet the Mach37 Fall Startups
Slideshows  |  10/18/2017  | 
CEOs describe how they think their fledgling ventures will revolutionize user training, privacy, identity management and embedded system security.
Banks Start Broad Use of Blockchain, as JP Morgan, IBM Lead Way
News  |  10/17/2017  | 
Two major players announced cross-border payment networks built on blockchain technologies Monday, and more financial services will follow soon, despite opinions about Bitcoin.
Google Bolsters Security for Select Groups
Quick Hits  |  10/17/2017  | 
Business leaders, political campaign teams, journalists, and other high-risk groups will receive advanced email and account protection.
GDPR Compliance: 5 Early Steps to Get Laggards Going
Slideshows  |  10/16/2017  | 
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
How Systematic Lying Can Improve Your Security
Commentary  |  10/11/2017  | 
No, you don't have to tell websites your mother's actual maiden name.


'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Why CISOs Need a Security Reality Check
Joel Fulton, Chief Information Security Officer for Splunk,  6/13/2018
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark Reading,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1061
PUBLISHED: 2018-06-19
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service.
CVE-2018-1073
PUBLISHED: 2018-06-19
The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts.
CVE-2018-12557
PUBLISHED: 2018-06-19
An issue was discovered in Zuul 3.x before 3.1.0. If nodes become offline during the build, the no_log attribute of a task is ignored. If the unreachable error occurred in a task used with a loop variable (e.g., with_items), the contents of the loop items would be printed in the console. This could ...
CVE-2018-12559
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequ...
CVE-2018-12560
PUBLISHED: 2018-06-19
An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.