Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations //

Identity & Access Management

News & Commentary
4 Steps to a More Mature Identity Program
Mike Kiser, Global Security Advocate, Office of the CTO, SailPointCommentary
Security has evolved to evaluate an identity's attributes, access, and behavior to determine appropriate access.
By Mike Kiser Global Security Advocate, Office of the CTO, SailPoint, 7/1/2020
Comment0 comments  |  Read  |  Post a Comment
Back to Basics with Cloud Permissions Management
Raj Mallempati, COO, CloudKnox SecurityCommentary
By using the AAA permissions management framework for cloud operations, organizations can address authentication, authorization, and auditing.
By Raj Mallempati COO, CloudKnox Security, 6/23/2020
Comment0 comments  |  Read  |  Post a Comment
5 Steps for Implementing Multicloud Identity
Eric Olden, CEO, Strata IdentityCommentary
Why embracing, not fighting, decentralization will pave the way to smoother cloud migrations.
By Eric Olden CEO, Strata Identity, 6/23/2020
Comment0 comments  |  Read  |  Post a Comment
The Bigger the News, the Bigger the Cyber Threats
Len Shneyder, Co-Chair of the Election Special Interest Group at the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG)Commentary
Criminals use disasters, wars, and now pandemics as air cover to focus collective anxiety and fear into highly targeted, malicious messaging.
By Len Shneyder Co-Chair of the Election Special Interest Group at the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), 6/18/2020
Comment0 comments  |  Read  |  Post a Comment
CISO Dialogue: How to Optimize Your Security Budget
Chris Triolo, Vice President of Customer Success, Respond SoftwareCommentary
CISOs are never going to have all the finances they want. Hard choices must be made. The CISO of Amazon Prime Video discusses his approaches to a slimmed-down budget.
By Chris Triolo Vice President of Customer Success, Respond Software, 6/18/2020
Comment0 comments  |  Read  |  Post a Comment
The Telehealth Attack Surface
Justine Bone, CEO, MedSecCommentary
Amid the surge in digital healthcare stemming from the coronavirus pandemic, security is taking a backseat to usability.
By Justine Bone CEO, MedSec, 6/10/2020
Comment1 Comment  |  Read  |  Post a Comment
CSO's Guide to 'Employee-First' Security Operations During COVID-19 & Beyond
George Gerchow, Chief Security Officer, Sumo LogicCommentary
As the work-at-home environment continues to inform new ways of doing business, it's important that security teams remain flexible and ready for change.
By George Gerchow Chief Security Officer, Sumo Logic, 6/9/2020
Comment0 comments  |  Read  |  Post a Comment
Thycotic Buys Onion ID to Extend PAM Portfolio
Dark Reading Staff, Quick Hits
The acquisition brings three new products into Thycotic's privileged access management lineup.
By Dark Reading Staff , 6/2/2020
Comment0 comments  |  Read  |  Post a Comment
All Links Are Safe ... Right?
Beyond the Edge, Dark Reading
Today is a perfect day for a security breach.
By Beyond the Edge Dark Reading, 5/29/2020
Comment0 comments  |  Read  |  Post a Comment
79% of Companies Report Identity-Related Breach in Past Two Years
Dark Reading Staff, Quick Hits
Two-thirds of organizations surveyed say phishing is the most common cause of identity-related breaches, the IDSA reports.
By Dark Reading Staff , 5/14/2020
Comment0 comments  |  Read  |  Post a Comment
Biometrics in the Great Beyond
Curtis Franklin Jr., Senior Editor at Dark Reading
A thumbprint may be a good authentication factor for the living, but are you prepared to access mission-critical data and devices after an employee's death?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/13/2020
Comment0 comments  |  Read  |  Post a Comment
CyberArk Acquires Idaptive for Identity-as-a-Service Tech
Dark Reading Staff, Quick Hits
The $70 million deal is intended to help CyberArk strengthen its portfolio with secure and SaaS-based identity management.
By Dark Reading Staff , 5/13/2020
Comment0 comments  |  Read  |  Post a Comment
Microsoft Identity VP Shares How and Why to Ditch Passwords
Kelly Sheridan, Staff Editor, Dark ReadingNews
Passwords are on their way out, says Joy Chik, who offers guidance for businesses hoping to shift away from them.
By Kelly Sheridan Staff Editor, Dark Reading, 5/7/2020
Comment1 Comment  |  Read  |  Post a Comment
Zoom Acquires Keybase, Plans for End-to-End Encrypted Chats
Dark Reading Staff, Quick Hits
The company's first acquisition to date is part of a 90-day plan to improve security in its video communications platform.
By Dark Reading Staff , 5/7/2020
Comment0 comments  |  Read  |  Post a Comment
Breach Hits GoDaddy SSH Customers
Dark Reading Staff, Quick Hits
The October 2019 breach left some customer data open to hacking eyes.
By Dark Reading Staff , 5/5/2020
Comment0 comments  |  Read  |  Post a Comment
Apple Makes It Easier to Unlock iPhone While Wearing a Mask
Dark Reading Staff, Quick Hits
The beta release of iOS 13.5 brings an updated FaceID so that users wearing masks can bypass facial recognition and unlock their phone with a code.
By Dark Reading Staff , 5/1/2020
Comment0 comments  |  Read  |  Post a Comment
Industrial Networks' Newest Threat: Remote Users
Dave Weinstein, Chief Security Officer, ClarotyCommentary
We know remote working isn't going away anytime soon, so it's crucial we be extra vigilant about security for industrial networks and critical infrastructure.
By Dave Weinstein Chief Security Officer, Claroty, 5/1/2020
Comment0 comments  |  Read  |  Post a Comment
7 Secure Remote Access Services for Today's Enterprise Needs
Curtis Franklin Jr., Senior Editor at Dark Reading
Secure remote access is a "must" for enterprise computing today, and there are options for you to explore in the dynamic current environment.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/29/2020
Comment2 comments  |  Read  |  Post a Comment
Increased Credential Threats in the Age of Uncertainty
Tony Howlett, CISO at SecureLinkCommentary
Three things your company should do to protect credentials during the coronavirus pandemic.
By Tony Howlett CISO at SecureLink, 4/28/2020
Comment0 comments  |  Read  |  Post a Comment
The Evolving Threat of Credential Stuffing
Kunal Anand, Chief Technology Officer at ImpervaCommentary
Bots' swerve to focus on APIs means businesses must take the threat seriously and take effective action.
By Kunal Anand Chief Technology Officer at Imperva, 4/23/2020
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/14/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-6287
PUBLISHED: 2020-07-14
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create a...
CVE-2020-6289
PUBLISHED: 2020-07-14
SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site.
CVE-2020-6290
PUBLISHED: 2020-07-14
SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID.
CVE-2020-6291
PUBLISHED: 2020-07-14
SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration
CVE-2020-6292
PUBLISHED: 2020-07-14
Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.