Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations //

Identity & Access Management

News & Commentary
Over-Sharer or Troublemaker? How to Identify Insider-Risk Personas
Mark Wojtasiak, VP, Portfolio Marketing, Code42Commentary
It's past time to begin charting insider risk indicators that identify risky behavior and stop it in its tracks.
By Mark Wojtasiak VP, Portfolio Marketing, Code42, 1/12/2021
Comment0 comments  |  Read  |  Post a Comment
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Dr. Jasson Casey, CTO of Beyond IdentityCommentary
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.
By Dr. Jasson Casey CTO of Beyond Identity, 1/4/2021
Comment0 comments  |  Read  |  Post a Comment
Microsoft Ups Security of Azure AD, Identity
Kelly Sheridan, Staff Editor, Dark ReadingNews
A roundup of Microsoft's recent security news and updates that focus on protecting identity.
By Kelly Sheridan Staff Editor, Dark Reading, 12/22/2020
Comment0 comments  |  Read  |  Post a Comment
Corporate Credentials for Sale on the Dark Web: How to Protect Employees and Data
Raz Rafaeli, CEO and Co-Founder at Secret Double OctopusCommentary
It's past time to retire passwords in favor of other methods for authenticating users and securing systems.
By Raz Rafaeli CEO and Co-Founder at Secret Double Octopus, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Identity and Access Management: Understanding the Chain of Access
Keith Neilson, Technical Evangelist for CloudSphereCommentary
Here's where enterprises encounter challenges with cloud IAM and the best practices they should follow to correct these mistakes.
By Keith Neilson Technical Evangelist for CloudSphere, 12/10/2020
Comment0 comments  |  Read  |  Post a Comment
The Holiday Shopping Season: A Prime Opportunity for Triangulation Fraud
John Briar, Co-Founder and COO, BotRXCommentary
As e-commerce sales increase, so does the risk of hard-to-detect online fraud.
By John Briar Co-Founder and COO, BotRX, 12/9/2020
Comment0 comments  |  Read  |  Post a Comment
What's in Store for Privacy in 2021
Robert Lemos, Contributing WriterNews
Changes are coming to the privacy landscape, including more regulations and technologies.
By Robert Lemos Contributing Writer, 11/24/2020
Comment0 comments  |  Read  |  Post a Comment
3 Tips For Successfully Running Tech Outside the IT Department
Patrick Kehoe, Chief Marketing and Strategy Officer, CoalfireCommentary
When marketing opts for "extra-departmental IT," coordination and communication are required to keep things secured.
By Patrick Kehoe Chief Marketing and Strategy Officer, Coalfire, 11/11/2020
Comment0 comments  |  Read  |  Post a Comment
How to Avoid Getting Killed by Ransomware
Karthik Krishnan, Founder & CEO, ConcentricCommentary
Using a series of processes, infosec pros can then tap automated data hygiene to find and fix files that attackers key in on.
By Karthik Krishnan Founder & CEO, Concentric, 11/11/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Usage, Biometrics Surge As Remote Work Grows Permanent
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.
By Kelly Sheridan Staff Editor, Dark Reading, 11/10/2020
Comment0 comments  |  Read  |  Post a Comment
Neural Networks Help Users Pick More-Secure Passwords
Robert Lemos, Contributing WriterNews
Typically, blocklists are used to prevent users from picking easily guessable patterns, but a small neural network can do the same job and suggests that complex password requirements are not necessary.
By Robert Lemos Contributing Writer, 10/26/2020
Comment0 comments  |  Read  |  Post a Comment
A Pause to Address 'Ethical Debt' of Facial Recognition
Mike Kiser, Global Security Advocate, Office of the CTO, SailPointCommentary
Ethical use will require some combination of consistent reporting, regulation, corporate responsibility, and adversarial technology.
By Mike Kiser Global Security Advocate, Office of the CTO, SailPoint, 10/23/2020
Comment0 comments  |  Read  |  Post a Comment
Credential-Stuffing Attacks Plague Loyalty Programs
Ericka Chickowski, Contributing WriterNews
But that's not the only type of web attack cybercriminals have been profiting from.
By Ericka Chickowski Contributing Writer, 10/22/2020
Comment0 comments  |  Read  |  Post a Comment
Dealing With Insider Threats in the Age of COVID
Hitesh Sheth, CEO, VectraCommentary
Dangerous gray areas like new BYOD policies and shadow IT devices have increased, thanks to the rapid shift to remote working.
By Hitesh Sheth CEO, Vectra, 10/21/2020
Comment0 comments  |  Read  |  Post a Comment
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat ResearcherCommentary
Attacks involving an unmanaged device and no malware expose gaps in cybersecurity that must be addressed.
By David Pearson Principal Threat Researcher, 10/21/2020
Comment2 comments  |  Read  |  Post a Comment
Building the Human Firewall
Aamir Lakhani, Cybersecurity Researcher and Practitioner for FortiGuard LabsCommentary
Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?
By Aamir Lakhani Cybersecurity Researcher and Practitioner for FortiGuard Labs, 10/20/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Tops Q3 List of Most-Impersonated Brands
Steve Zurier, Contributing WriterNews
The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.
By Steve Zurier Contributing Writer, 10/19/2020
Comment0 comments  |  Read  |  Post a Comment
Online Voting Is Coming, but How Secure Will It Be?
Brad Brooks, CEO of OneLoginCommentary
It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.
By Brad Brooks CEO of OneLogin, 10/13/2020
Comment0 comments  |  Read  |  Post a Comment
A 7-Step Cybersecurity Plan for Healthcare Organizations
Steve Zurier, Contributing Writer
With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.
By Steve Zurier Contributing Writer, 10/12/2020
Comment1 Comment  |  Read  |  Post a Comment
Why MSPs Are Hacker Targets, and What To Do About It
John Hammond, Senior Security Researcher at HuntressCommentary
Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.
By John Hammond Senior Security Researcher at Huntress, 10/9/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...