Endpoint //

Authentication

News & Commentary
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/24/2018
Comment3 comments  |  Read  |  Post a Comment
What Should Post-Quantum Cryptography Look Like?
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
By Ericka Chickowski Contributing Writer, Dark Reading, 5/23/2018
Comment1 Comment  |  Read  |  Post a Comment
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
Marc French, Senior VP, Chief Trust Officer & Data Protection Officer, MimecastCommentary
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
By Marc French Senior VP, Chief Trust Officer & Data Protection Officer, Mimecast, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
How to Hang Up on Fraud
Patrick Cox, Chairman and CEO of TRUSTIDCommentary
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
By Patrick Cox Chairman and CEO of TRUSTID, 5/18/2018
Comment0 comments  |  Read  |  Post a Comment
California Teen Arrested for Phishing Teachers to Change Grades
Dark Reading Staff, Quick Hits
The student faces 14 felony counts for using a phishing campaign to steal teachers' credentials and alter students' grades.
By Dark Reading Staff , 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
Why Isn't Integrity Getting the Attention It Deserves?
Tim Erlin, VP of Product Management & Strategy at TripwireCommentary
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
By Tim Erlin VP of Product Management & Strategy at Tripwire, 5/17/2018
Comment0 comments  |  Read  |  Post a Comment
FIDO Alliance Appoints Facebook to Board of Directors
Dark Reading Staff, Quick Hits
Facebook joins Google, Microsoft, Amazon, and Intel, all among major influential tech companies backing FIDO authentication.
By Dark Reading Staff , 5/16/2018
Comment0 comments  |  Read  |  Post a Comment
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Peter Merkulov, Chief Technology Officer, GlobalscapeCommentary
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
By Peter Merkulov Chief Technology Officer, Globalscape, 5/9/2018
Comment0 comments  |  Read  |  Post a Comment
10 Lessons From an IoT Demo Lab
Curtis Franklin Jr., Senior Editor at Dark Reading
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/7/2018
Comment0 comments  |  Read  |  Post a Comment
6 Enterprise Password Managers That Lighten the Load for Security
Steve Zurier, Freelance Writer
EPMs offer the familiar password wallet with more substantial administrative management and multiple deployment models.
By Steve Zurier Freelance Writer, 5/3/2018
Comment2 comments  |  Read  |  Post a Comment
Spring Clean Your Security Systems: 6 Places to Start
Corey Nachreiner, Chief Technology Officer, WatchGuard TechnologiesCommentary
The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?
By Corey Nachreiner Chief Technology Officer, WatchGuard Technologies, 5/2/2018
Comment0 comments  |  Read  |  Post a Comment
A Data Protection Officer's Guide to GDPR 'Privacy by Design'
Jen Brown, Compliance and Data Protection Officer at Sumo LogicCommentary
These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.
By Jen Brown Compliance and Data Protection Officer at Sumo Logic, 5/1/2018
Comment1 Comment  |  Read  |  Post a Comment
'Zero Login:' The Rise of Invisible Identity
Sarah Squire, Senior Technical Architect at Ping IdentityCommentary
Will new authentication technologies that recognize users on the basis of their behaviors finally mean the death of the despised password?
By Sarah Squire Senior Technical Architect at Ping Identity, 4/27/2018
Comment1 Comment  |  Read  |  Post a Comment
12 Trends Shaping Identity Management
Sara Peters, Senior Editor at Dark Reading
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
By Sara Peters Senior Editor at Dark Reading, 4/26/2018
Comment1 Comment  |  Read  |  Post a Comment
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.
By Marc Wilczek Digital Strategist & CIO Advisor, 4/25/2018
Comment6 comments  |  Read  |  Post a Comment
Why Information Integrity Attacks Pose New Security Challenges
Tamer Hassan, Co-Founder & CTO, White OpsCommentary
To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.
By Tamer Hassan Co-Founder & CTO, White Ops, 4/25/2018
Comment3 comments  |  Read  |  Post a Comment
'Stresspaint' Targets Facebook Credentials
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
New malware variant goes after login credentials for popular Facebook pages.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/24/2018
Comment0 comments  |  Read  |  Post a Comment
Digital Identity Makes Headway Around the World
Dan Puterbaugh, Senior Legal Advocate for Adobe Document CloudCommentary
The US is lagging behind the digital ID leaders.
By Dan Puterbaugh Senior Legal Advocate for Adobe Document Cloud, 4/23/2018
Comment0 comments  |  Read  |  Post a Comment
Biometrics Are Coming & So Are Security Concerns
Michael Fauscette, Chief Research Officier at G2 CrowdCommentary
Could these advanced technologies be putting user data at risk?
By Michael Fauscette Chief Research Officier at G2 Crowd, 4/20/2018
Comment1 Comment  |  Read  |  Post a Comment
8 Ways Hackers Monetize Stolen Data
Steve Zurier, Freelance Writer
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
By Steve Zurier Freelance Writer, 4/17/2018
Comment4 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
More Than Half of Users Reuse Passwords
Curtis Franklin Jr., Senior Editor at Dark Reading,  5/24/2018
Is Threat Intelligence Garbage?
Chris McDaniels, Chief Information Security Officer of Mosaic451,  5/23/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11505
PUBLISHED: 2018-05-26
The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.
CVE-2018-6409
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. The module in charge of serving stored files gets the path from the database. Modifying the name of the file to serve on the corresponding ap_form table leads to a path traversal vulnerability via the download.php q parameter.
CVE-2018-6410
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter.
CVE-2018-6411
PUBLISHED: 2018-05-26
An issue was discovered in Appnitro MachForm before 4.2.3. When the form is set to filter a blacklist, it automatically adds dangerous extensions to the filters. If the filter is set to a whitelist, the dangerous extensions can be bypassed through ap_form_elements SQL Injection.
CVE-2018-11500
PUBLISHED: 2018-05-26
An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.