News & Commentary

Content tagged with Identity & Access Management posted in June 2016
Hackers Pilfer $10 Million From Ukraine Bank
Quick Hits  |  6/29/2016  | 
Reports allege criminals used SWIFT to transfer money, have compromised several Ukraine, Russia banks.
Cisco Boosts Cloud Security Capabilities With CloudLock Buy
News  |  6/28/2016  | 
Network giant will purchase the Massachusetts-based provider of cloud access security broker technology for $293 million.
Google Accounts Of US Military, Journalists Targeted By Russian Attack Group
News  |  6/27/2016  | 
The Threat Group 4127 that hit the Democratic National Committee also went after 1,800 other targets with info interesting to Russian government, says SecureWorks.
The Blind Spot Between The Cloud & The Data Center
Commentary  |  6/27/2016  | 
Ask most enterprise security analysts responsible for detection and response about their visibility into identity access risks and youre likely to get some confused looks. Heres why.
Phishing, Whaling & The Surprising Importance Of Privileged Users
Commentary  |  6/21/2016  | 
By bagging a privileged user early on, attackers can move from entry point to mission accomplished in no time at all.
5 Tips For Staying Cyber-Secure On Your Summer Vacation
News  |  6/20/2016  | 
Stick with mobile payment apps and carrier networks when traveling. And don't broadcast your plans or locations via social media.
Pretty Good Passwords: Cartoon Caption Contest Winners
Commentary  |  6/16/2016  | 
Sticky notes, multi-factor authentication, password reuse and Donald Trump. And the winner is...
Twitter Says Its Servers Were Not Breached
Quick Hits  |  6/13/2016  | 
Account details leaked are from other hacked websites, claims the social media tool.
How To Prepare For A Data Breach
Slideshows  |  6/7/2016  | 
These five from-the-trenches strategies will help you win the fight against today's sophisticated, conniving attackers.
Microsegmentation & The Need For An Intelligent Attack Surface
Commentary  |  6/7/2016  | 
There is a fundamental difference in the security posture and technology for protecting the White House versus a Social Security office in California. So, too, for the critical apps and systems that are likely targets in your enterprise.
How Risky Is Bleeding Edge Tech?
Slideshows  |  6/5/2016  | 
Experts with the Carnegie Mellon University Software Engineering Institute rate 10 up-and-coming technologies for risk.
Connected Cars: 6 Tips For Riding Safely With Onboard Devices
Slideshows  |  6/3/2016  | 
Carnegie Mellon researchers note that the cheaper the after market device, the easier it can be hacked.


Meet 'Bro': The Best-Kept Secret of Network Security
Greg Bell, CEO, Corelight,  6/14/2018
Four Faces of Fraud: Identity, 'Fake' Identity, Ransomware & Digital
David Shefter, Chief Technology Officer at Ziften Technologies,  6/14/2018
Containerized Apps: An 8-Point Security Checklist
Jai Vijayan, Freelance writer,  6/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-5236
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 may be susceptible to a race condition (or race hazard). This type of issue occurs in software where the output is dependent on the sequence or timing of other uncontrollable events.
CVE-2018-5237
PUBLISHED: 2018-06-20
Symantec Endpoint Protection prior to 14 RU1 MP1 or 12.1 RU6 MP10 could be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.
CVE-2018-6211
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, OS command injection is possible as a result of incorrect processing of the res_buf parameter to index.cgi.
CVE-2018-6212
PUBLISHED: 2018-06-20
On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect proc...
CVE-2018-6213
PUBLISHED: 2018-06-20
In the web server on D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, there is a hardcoded password of anonymous for the admin account.