Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

News & Commentary
Five Indicted on Romance and Lottery Fraud Charges
Dark Reading Staff, Quick Hits
Fraudsters allegedly targeted elderly victims, ultimately wringing more than $4 million from their bank accounts.
By Dark Reading Staff , 3/16/2020
Comment0 comments  |  Read  |  Post a Comment
CASB 101: Why a Cloud Access Security Broker Matters
Curtis Franklin Jr., Senior Editor at Dark Reading
A CASB isn't a WAF, isn't an NGF, and isn't an SWG. So what is it, precisely, and why do you need one to go along with all the other letters? Read on for the answer.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 3/12/2020
Comment0 comments  |  Read  |  Post a Comment
How Microsoft Disabled Legacy Authentication Across the Company
Kelly Sheridan, Staff Editor, Dark ReadingNews
The process was not smooth or straightforward, employees say in a discussion of challenges and lessons learned during the multi-year project.
By Kelly Sheridan Staff Editor, Dark Reading, 3/9/2020
Comment0 comments  |  Read  |  Post a Comment
Avoiding the Perils of Electronic Communications
Lena Smart, Chief Information Security Officer, MongoDBCommentary
Twitter, Slack, etc., have become undeniably important for business today, but they can cause a lot of damage. That's why an agile communications strategy is so important.
By Lena Smart Chief Information Security Officer, MongoDB, 3/3/2020
Comment0 comments  |  Read  |  Post a Comment
Cryptographers Panel Tackles Espionage, Elections & Blockchain
Sara Peters, Senior Editor at Dark ReadingNews
Encryption experts gave insights into the Crypto AG revelations, delved into complexities of the "right to be forgotten," and more at RSA Conference.
By Sara Peters Senior Editor at Dark Reading, 2/26/2020
Comment0 comments  |  Read  |  Post a Comment
7 Tips to Improve Your Employees' Mobile Security
Kelly Sheridan, Staff Editor, Dark Reading
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2020
Comment1 Comment  |  Read  |  Post a Comment
Users Have Risky Security Habits, but Security Pros Aren't Much Better
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
By Kelly Sheridan Staff Editor, Dark Reading, 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust CompanyCommentary
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
By Nick Selby Chief Security Officer at Paxos Trust Company, 2/19/2020
Comment1 Comment  |  Read  |  Post a Comment
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Ryan Weeks, Chief Information Security Officer at DattoCommentary
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
By Ryan Weeks Chief Information Security Officer at Datto, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
How Device-Aware 2FA Can Defeat Social Engineering Attacks
Markus Jakobsson, Chief Scientist, ZapFraudCommentary
While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here's why.
By Markus Jakobsson Chief Scientist, ZapFraud, 2/3/2020
Comment0 comments  |  Read  |  Post a Comment
Weathering the Privacy Storm from GDPR to CCPA & PDPA
Mark McClain, CEO & Co-founderCommentary
A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.
By Mark McClain CEO & Co-founder, 1/23/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
Matt Davey, Chief Operations Optimist, 1PasswordCommentary
They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.
By Matt Davey Chief Operations Optimist, 1Password, 1/22/2020
Comment0 comments  |  Read  |  Post a Comment
ADP Users Hit with Phishing Scam Ahead of Tax Season
Dark Reading Staff, Quick Hits
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
By Dark Reading Staff , 1/17/2020
Comment0 comments  |  Read  |  Post a Comment
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double OctopusCommentary
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.
By Raz Rafaeli CEO and Co-Founder at Secret Double Octopus, 1/16/2020
Comment3 comments  |  Read  |  Post a Comment
Google Lets iPhone Users Turn Device into Security Key
Kelly Sheridan, Staff Editor, Dark ReadingNews
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2020
Comment1 Comment  |  Read  |  Post a Comment
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & PhelpsCommentary
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
By Nicole Sette Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, 1/2/2020
Comment0 comments  |  Read  |  Post a Comment
The Night Before 'Breachmas'
Matt Davey, Chief Operations Optimist, 1PasswordCommentary
What does identity management have to do with Charles Dickens' classic 'A Christmas Carol'? A lot more than you think.
By Matt Davey Chief Operations Optimist, 1Password, 12/24/2019
Comment1 Comment  |  Read  |  Post a Comment
IoT Security: How Far We've Come, How Far We Have to Go
Kelly Sheridan, Staff Editor, Dark ReadingNews
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 12/24/2019
Comment11 comments  |  Read  |  Post a Comment
Ambiguity Around CCPA Will Lead to a Slow Start in 2020
Anurag Kahol, CTO, BitglassCommentary
But longer term, compliance to California's new privacy law represents an opportunity for companies to increase customer trust and market share.
By Anurag Kahol CTO, Bitglass, 12/20/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud External Key Manager Now in Beta
Dark Reading Staff, Quick Hits
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
By Dark Reading Staff , 12/19/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Malicious USB Drive Hides Behind Gift Card Lure
Dark Reading Staff 3/27/2020
How Attackers Could Use Azure Apps to Sneak into Microsoft 365
Kelly Sheridan, Staff Editor, Dark Reading,  3/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10940
PUBLISHED: 2020-03-27
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939
PUBLISHED: 2020-03-27
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-6095
PUBLISHED: 2020-03-27
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-10817
PUBLISHED: 2020-03-27
The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7.1 for WordPress allows SQL Injection. NOTE: this product is discontinued.
CVE-2020-10952
PUBLISHED: 2020-03-27
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.