Operations //

Identity & Access Management

News & Commentary
Online Fraud: Now a Major Application Layer Security Problem
Ting-Fang Yen, Research Scientist, DataVisor, Inc.Commentary
The explosion of consumer-facing online services and applications is making it easier and cheaper for cybercriminals to host malicious content and launch attacks.
By Ting-Fang Yen Research Scientist, DataVisor, Inc., 1/15/2019
Comment0 comments  |  Read  |  Post a Comment
Advanced Phishing Scenarios You Will Most Likely Encounter This Year
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
In 2019, there will be no end in sight to email-driven cybercrime such as business email compromise, spearphishing, and ransomware.
By Eyal Benishti CEO & Founder of IRONSCALES, 1/14/2019
Comment1 Comment  |  Read  |  Post a Comment
Election Security Isn't as Bad as People Think
Suzanne Spaulding, Former DHS Under Secretary and Nozomi Networks AdviserCommentary
Make no mistake, however: We'll always have to be on guard. And we can take some lessons from the world of industrial cybersecurity.
By Suzanne Spaulding Former DHS Under Secretary and Nozomi Networks Adviser, 1/10/2019
Comment1 Comment  |  Read  |  Post a Comment
25 Years Later: Looking Back at the First Great (Cyber) Bank Heist
Zia Hayat, CEO, CallsignCommentary
The Citibank hack in 1994 marked a turning point for banking -- and cybercrime -- as we know it. What can we learn from looking back at the past 25 years?
By Zia Hayat CEO, Callsign, 1/2/2019
Comment1 Comment  |  Read  |  Post a Comment
Start Preparing Now for the Post-Quantum Future
Tim Hollebeek, Industry and Standards Technical Strategist at DigiCertCommentary
Quantum computing will break most of the encryption schemes on which we rely today. These five tips will help you get ready.
By Tim Hollebeek Industry and Standards Technical Strategist at DigiCert, 12/28/2018
Comment3 comments  |  Read  |  Post a Comment
Spending Spree: What's on Security Investors' Minds for 2019
Kelly Sheridan, Staff Editor, Dark ReadingNews
Cybersecurity threats, technology, and investment trends that are poised to dictate venture capital funding in 2019.
By Kelly Sheridan Staff Editor, Dark Reading, 12/26/2018
Comment2 comments  |  Read  |  Post a Comment
Shhhhh! The Secret to Secrets Management
Mark B. Cooper, President and Founder, PKI SolutionsCommentary
Companies need to take a centralized approach to protecting confidential data and assets. Here are 12 ways to get a handle on the problem.
By Mark B. Cooper President and Founder, PKI Solutions, 12/17/2018
Comment0 comments  |  Read  |  Post a Comment
Who Are You, Really? A Peek at the Future of Identity
Kelly Sheridan, Staff Editor, Dark ReadingNews
Experts dive into the trends and challenges defining the identity space and predict how online identities will change in years to come.
By Kelly Sheridan Staff Editor, Dark Reading, 12/14/2018
Comment2 comments  |  Read  |  Post a Comment
Insider Threats & Insider Objections
Richard Ford, Chief Scientist, ForcepointCommentary
The tyranny of the urgent and three other reasons why its hard for CISOs to establish a robust insider threat prevention program.
By Richard Ford Chief Scientist, Forcepoint, 12/7/2018
Comment4 comments  |  Read  |  Post a Comment
Republican Committee Email Hacked During Midterms
Dark Reading Staff, Quick Hits
The National Republican Congressional Committee detected the compromise of four staffers' email accounts in April.
By Dark Reading Staff , 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways to Strengthen Your GDPR Compliance Efforts
Steve Zurier, Freelance Writer
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation and that could cost them.
By Steve Zurier Freelance Writer, 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
Microsoft, Mastercard Aim to Change Identity Management
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new partnership wants to improve how people use and manage the virtual identities that govern their lives online.
By Kelly Sheridan Staff Editor, Dark Reading, 12/3/2018
Comment8 comments  |  Read  |  Post a Comment
The Return of Email Flooding
Eyal Benishti, CEO & Founder of IRONSCALESCommentary
An old attack technique is making its way back into the mainstream with an onslaught of messages that legacy tools and script writing can't easily detect.
By Eyal Benishti CEO & Founder of IRONSCALES, 11/29/2018
Comment5 comments  |  Read  |  Post a Comment
8 Tips for Preventing Credential Theft Attacks on Critical Infrastructure
JD Sherry, Chief Revenue Officer, Remediant, Inc.Commentary
Stolen credentials for industrial control system workstations are fast becoming the modus operandi for ICS attacks by cybercriminals.
By JD Sherry Chief Revenue Officer, Remediant, Inc., 11/27/2018
Comment0 comments  |  Read  |  Post a Comment
Empathy: The Next Killer App for Cybersecurity?
Shay Colson, CISSP, Senior Manager, CyberClarity360Commentary
The toughest security problems involve people not technology. Here's how to motivate your frontline employees all the way from the service desk to the corner office.
By Shay Colson CISSP, Senior Manager, CyberClarity360, 11/13/2018
Comment3 comments  |  Read  |  Post a Comment
Why Password Management and Security Strategies Fall Short
Steve Zurier, Freelance WriterNews
Researchers say companies need to rethink their password training and take a more holistic approach to security.
By Steve Zurier Freelance Writer, 11/7/2018
Comment1 Comment  |  Read  |  Post a Comment
Where Is the Consumer Outrage about Data Breaches?
Richard Ford, Chief Scientist, ForcepointCommentary
Facebook, Equifax, Cambridge Analytica Why do breaches of incomprehensible magnitude lead to a quick recovery for the businesses that lost or abused the data and such little lasting impact for the people whose information is stolen.
By Richard Ford Chief Scientist, Forcepoint, 11/1/2018
Comment4 comments  |  Read  |  Post a Comment
Companies Fall Short on 2FA
Dark Reading Staff, Quick Hits
New research ranks organizations based on whether they offer two-factor authentication.
By Dark Reading Staff , 10/30/2018
Comment0 comments  |  Read  |  Post a Comment
The Case for MarDevSecOps
Jim Kaskade, CEO, JanrainCommentary
Why security must lead the integration of marketing into the collaborative security and development model in the cloud.
By Jim Kaskade CEO, Janrain, 10/30/2018
Comment11 comments  |  Read  |  Post a Comment
Securing Serverless: Attacking an AWS Account via a Lambda Function
Ory Segal, CTO, PureSecCommentary
Its not every day that someone lets you freely wreak havoc on their account just to find out what happens when you do.
By Ory Segal CTO, PureSec, 10/25/2018
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6507
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2019-6508
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2019-6509
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2019-6510
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2017-6922
PUBLISHED: 2019-01-22
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not pr...