Operations //

Identity & Access Management

News & Commentary
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
Menny Barzilay, Co-founder & CEO, FortyTwo GlobalCommentary
The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.
By Menny Barzilay Co-founder & CEO, FortyTwo Global, 3/15/2018
Comment1 Comment  |  Read  |  Post a Comment
Segmentation: The Neglected (Yet Essential) Control
John Moynihan, President, Minuteman GovernanceCommentary
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
By John Moynihan President, Minuteman Governance, 3/14/2018
Comment1 Comment  |  Read  |  Post a Comment
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Pat Osborne, Principal - Executive Consultant at Outhaul Consulting, LLC, & Cybersecurity Advisor for the Security Innovation CenterCommentary
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
By Pat Osborne Principal - Executive Consultant at Outhaul Consulting, LLC, & Cybersecurity Advisor for the Security Innovation Center, 3/12/2018
Comment1 Comment  |  Read  |  Post a Comment
DevSecOps: The Importance of Building Security from the Beginning
Robert Hawk, Privacy & Security Lead at xMattersCommentary
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
By Robert Hawk Privacy & Security Lead at xMatters, 3/9/2018
Comment0 comments  |  Read  |  Post a Comment
Privilege Abuse Attacks: 4 Common Scenarios
Michael Fimin, CEO & Co-Founder, NetwrixCommentary
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
By Michael Fimin CEO & Co-Founder, Netwrix, 3/7/2018
Comment1 Comment  |  Read  |  Post a Comment
Identity Management: Where It Stands, Where It's Going
Kelly Sheridan, Staff Editor, Dark ReadingNews
How companies are changing the approach to identity management as people become increasingly digital.
By Kelly Sheridan Staff Editor, Dark Reading, 3/6/2018
Comment0 comments  |  Read  |  Post a Comment
What Enterprises Can Learn from Medical Device Security
Tom Gillis, Founder & CEO, Bracket ComputingCommentary
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
By Tom Gillis Founder & CEO, Bracket Computing, 3/1/2018
Comment0 comments  |  Read  |  Post a Comment
How to Secure 'Permissioned' Blockchains
Duncan Jones, Head of Skunkworks, Thales e-SecurityCommentary
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
By Duncan Jones Head of Skunkworks, Thales e-Security, 2/28/2018
Comment0 comments  |  Read  |  Post a Comment
Leveraging Security to Enable Your Business
Jackson Shaw, VP of Product Management, One IdentityCommentary
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
By Jackson Shaw VP of Product Management, One Identity, 2/23/2018
Comment0 comments  |  Read  |  Post a Comment
C-Suite Divided Over Security Concerns
Steve Zurier, Freelance WriterNews
Survey shows 60% of CEOs plan to invest the most resources in malware prevention, but CISOs, CIOs, and CTOs are on a different page.
By Steve Zurier Freelance Writer, 2/21/2018
Comment0 comments  |  Read  |  Post a Comment
IRS Reports Steep Decline in Tax-Related ID Theft
Steve Zurier, Freelance WriterNews
Research group Javelin confirms that the numbers are trending in the right direction, with total fraud losses dropping more than 14% to $783 million.
By Steve Zurier Freelance Writer, 2/15/2018
Comment0 comments  |  Read  |  Post a Comment
Back to Basics: AI Isn't the Answer to What Ails Us in Cyber
Amit Yoran, Chairman & CEO, Tenable Network SecurityCommentary
The irony behind just about every headline-grabbing data breach we've seen in recent years is that they all could have been prevented with simple cyber hygiene.
By Amit Yoran Chairman & CEO, Tenable Network Security, 2/9/2018
Comment1 Comment  |  Read  |  Post a Comment
20 Signs You Need to Introduce Automation into Security Ops
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Far too often, organizations approach automation as a solution looking for a problem rather than the other way around.
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 2/8/2018
Comment0 comments  |  Read  |  Post a Comment
Identity Fraud Hits All-Time High in 2017
Steve Zurier, Freelance WriterNews
Survey reports that the number of fraud victims topped 16 million consumers last year, and much of that crime has moved online.
By Steve Zurier Freelance Writer, 2/6/2018
Comment0 comments  |  Read  |  Post a Comment
Lieberman Software Acquired by Bomgar
Dark Reading Staff, Quick Hits
Deal combines privileged access management products, technologies.
By Dark Reading Staff , 2/1/2018
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Least-Privilege Function Goes Live
Dark Reading Staff, Quick Hits
Custom Roles for Cloud IAM now available in production from Google.
By Dark Reading Staff , 1/31/2018
Comment0 comments  |  Read  |  Post a Comment
Passwords: 4 Biometric Tokens and How They Can Be Beaten
Corey Nachreiner, Chief Technology Officer, WatchGuard TechnologiesCommentary
Authentication security methods are getting better all the time, but they are still not infallible.
By Corey Nachreiner Chief Technology Officer, WatchGuard Technologies, 1/31/2018
Comment0 comments  |  Read  |  Post a Comment
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
Steve Zurier, Freelance WriterNews
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
By Steve Zurier Freelance Writer, 1/31/2018
Comment1 Comment  |  Read  |  Post a Comment
6 Tips for Building a Data Privacy Culture
Steve Zurier, Freelance Writer
Experts say it's not enough to just post data classification guidelines and revisit the topic once a year. Companies have to build in privacy by design.
By Steve Zurier Freelance Writer, 1/26/2018
Comment0 comments  |  Read  |  Post a Comment
New Voice MFA Tool Uses Machine Learning
Dark Reading Staff, Quick Hits
Pindrop claims its new multi-factor authentication solution that uses the "Deep Voice" engine could save call centers up to $1 per call.
By Dark Reading Staff , 1/25/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by aumickmanuela
Current Conversations Thanks  a lot for sharing )
In reply to: Thank you
Post Your Own Reply
More Conversations
Disappearing Act: Dark Reading Caption Contest Winners
Marilyn Cohodas, Community Editor, Dark Reading,  3/12/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.