Operations //

Identity & Access Management

News & Commentary
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360Commentary
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
By Shay Colson CISSP, Senior Manager, CyberClarity360, 11/13/2018
Comment1 Comment  |  Read  |  Post a Comment
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance WriterNews
Researchers say companies need to rethink their password training and take a more holistic approach to security.
By Steve Zurier Freelance Writer, 11/7/2018
Comment1 Comment  |  Read  |  Post a Comment
Where Is the Consumer Outrage about Data Breaches?
Richard Ford, Chief Scientist, ForcepointCommentary
Facebook, Equifax, Cambridge Analytica Why do breaches of incomprehensible magnitude lead to a quick recovery for the businesses that lost or abused the data and such little lasting impact for the people whose information is stolen.
By Richard Ford Chief Scientist, Forcepoint, 11/1/2018
Comment4 comments  |  Read  |  Post a Comment
Companies Fall Short on 2FA
Dark Reading Staff, Quick Hits
New research ranks organizations based on whether they offer two-factor authentication.
By Dark Reading Staff , 10/30/2018
Comment0 comments  |  Read  |  Post a Comment
The Case for MarDevSecOps
Jim Kaskade, CEO, JanrainCommentary
Why security must lead the integration of marketing into the collaborative security and development model in the cloud.
By Jim Kaskade CEO, Janrain, 10/30/2018
Comment11 comments  |  Read  |  Post a Comment
Securing Serverless: Attacking an AWS Account via a Lambda Function
Ory Segal, CTO, PureSecCommentary
Its not every day that someone lets you freely wreak havoc on their account just to find out what happens when you do.
By Ory Segal CTO, PureSec, 10/25/2018
Comment2 comments  |  Read  |  Post a Comment
Risky Business: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Phishing, anti-shoulder surfing, Russia and other hysterical identity management puns and comments. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 10/19/2018
Comment2 comments  |  Read  |  Post a Comment
4 Ways to Fight the Email Security Threat
Asaf Cidon, Vice President, Content Security Services, at Barracuda NetworksCommentary
It's time to reimagine employee training with fresh, more aggressive approaches that better treat email security as a fundamentally human problem.
By Asaf Cidon Vice President, Content Security Services, at Barracuda Networks, 10/15/2018
Comment2 comments  |  Read  |  Post a Comment
Google Adds New Identity, Security Tools to Cloud Platform
Kelly Sheridan, Staff Editor, Dark ReadingNews
A wave of cloud news includes new tools for identity and access management and policies for stronger controls on cloud resources.
By Kelly Sheridan Staff Editor, Dark Reading, 10/11/2018
Comment0 comments  |  Read  |  Post a Comment
Lessons Learned from the Facebook Breach: Why Logic Errors Are So Hard to Catch
Jerry Gamblin, Principal Security Engineer, Kenna SecurityCommentary
By ensuring that each layer of protection scours an application for unintended uses, you can find the flaws before the bad guys do.
By Jerry Gamblin Principal Security Engineer, Kenna Security, 10/9/2018
Comment1 Comment  |  Read  |  Post a Comment
Who Do You Trust? Parsing the Issues of Privacy, Transparency & Control
Richard Ford, Chief Scientist, ForcepointCommentary
Technology such as Apple's device trust score that decides "you" is not you is a good thing. But only if it works well.
By Richard Ford Chief Scientist, Forcepoint, 10/5/2018
Comment0 comments  |  Read  |  Post a Comment
How Data Security Improves When You Engage Employees in the Process
Robert E. Crossler, Assistant Professor of Information Systems, Washington State UniversityCommentary
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
By Robert E. Crossler Assistant Professor of Information Systems, Washington State University, 9/28/2018
Comment6 comments  |  Read  |  Post a Comment
The Cloud Security Conundrum: Assets vs. Infrastructure
Andrew Williams, Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, CoalfireCommentary
The issue for cloud adopters is no longer where your data sits in AWS, on-premises, Azure, Salesforce, or what have you. The important questions are: Who has access to it, and how is it protected?
By Andrew Williams Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, Coalfire, 9/25/2018
Comment0 comments  |  Read  |  Post a Comment
6 Security Training Hacks to Increase Cyber IQ Org-Wide
Ericka Chickowski, Contributing Writer, Dark Reading
Move beyond generic, annual security awareness training with these important tips.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/21/2018
Comment1 Comment  |  Read  |  Post a Comment
Turn the NIST Cybersecurity Framework into Reality: 5 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin SystemsCommentary
Actionable advice for tailoring the National Institute of Standards and Technology's security road map to your company's business needs.
By Mukul Kumar & Anupam Sahai CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems, 9/20/2018
Comment6 comments  |  Read  |  Post a Comment
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, YubicoCommentary
New standards offer protection against hacking, credential theft, phishing attacks, and hope for the end of an era of passwords as a security construct.
By John Fontana Standards & Identity Analyst, Yubico, 9/19/2018
Comment5 comments  |  Read  |  Post a Comment
The Top 5 Security Threats & Mitigations for Industrial Networks
Barak Perelman, CEO, IndegyCommentary
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
By Barak Perelman CEO, Indegy, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
New Study Details Business Benefits of Biometrics
Dark Reading Staff, Quick Hits
Biometric authentication can be good for security and for business, according to a new study from Goode Intelligence
By Dark Reading Staff , 9/12/2018
Comment0 comments  |  Read  |  Post a Comment
Machine Identities Need Protection, Too
Dark Reading Staff, Quick Hits
A new study shows that device identities need a level of protection that they're not getting from most organizations.
By Dark Reading Staff , 8/31/2018
Comment0 comments  |  Read  |  Post a Comment
4 Benefits of a World with Less Privacy
Reg Harnish, CEO, GreyCastle SecurityCommentary
The privacy issue is a problem for a lot of people. I see it differently.
By Reg Harnish CEO, GreyCastle Security, 8/30/2018
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Veterans Find New Roles in Enterprise Cybersecurity
Kelly Sheridan, Staff Editor, Dark Reading,  11/12/2018
To Click or Not to Click: The Answer Is Easy
Kowsik Guruswamy, Chief Technology Officer at Menlo Security,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19301
PUBLISHED: 2018-11-15
tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log.
CVE-2018-5407
PUBLISHED: 2018-11-15
Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.
CVE-2018-14934
PUBLISHED: 2018-11-15
The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device microphone.
CVE-2018-14935
PUBLISHED: 2018-11-15
The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.
CVE-2018-16619
PUBLISHED: 2018-11-15
Sonatype Nexus Repository Manager before 3.14 allows XSS.