Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations //

Identity & Access Management

News & Commentary
Introducing the Digital Transformation Architect
Jordan Blake, VP of Products at BehavioSecCommentary
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.
By Jordan Blake VP of Products at BehavioSec, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
78% of Consumers Say Online Companies Must Protect Their Info
Steve Zurier, Contributing WriterNews
Yet 68% agree they also must do more to protect their own information.
By Steve Zurier Contributing Writer, 5/13/2019
Comment1 Comment  |  Read  |  Post a Comment
The Big E-Crime Pivot
Adam Meyers, VP of Intelligence, CrowdStrikeCommentary
Criminals have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and account takeover.
By Adam Meyers VP of Intelligence, CrowdStrike, 5/7/2019
Comment0 comments  |  Read  |  Post a Comment
Why Are We Still Celebrating World Password Day?
Steve Zurier, Contributing WriterNews
Calls to eliminate the password abound on this World Password Day and the technology to change is ready. So why can't we get off our password habit?
By Steve Zurier Contributing Writer, 5/2/2019
Comment1 Comment  |  Read  |  Post a Comment
World Password Day or Groundhog Day?
Stephen Cox, VP & CSA, SecureAuthCommentary
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.
By Stephen Cox VP & CSA, SecureAuth, 5/2/2019
Comment3 comments  |  Read  |  Post a Comment
California Consumer Privacy Act: 4 Compliance Best Practices
Chris Babel, CEO, TrustArcCommentary
Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.
By Chris Babel CEO, TrustArc, 4/30/2019
Comment0 comments  |  Read  |  Post a Comment
A Rear-View Look at GDPR: Compliance Has No Brakes
Daniel Barber, CEO & Co-founder, DataGrailCommentary
With a year of Europe's General Data Protection Regulation under our belt, what have we learned?
By Daniel Barber CEO & Co-founder, DataGrail, 4/29/2019
Comment0 comments  |  Read  |  Post a Comment
Will the US Adopt a National Privacy Law?
Seth P.  Berman, Partner, NutterCommentary
Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.
By Seth P. Berman Partner, Nutter, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
4 Tips to Protect Your Business Against Social Media Mistakes
Guy Bunker, CTO of ClearswiftCommentary
Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.
By Guy Bunker CTO of Clearswift, 4/22/2019
Comment1 Comment  |  Read  |  Post a Comment
In Security, All Logs Are Not Created Equal
Joe Partlow, Chief Technology Officer, ReliaQuestCommentary
Prioritizing key log sources goes a long way toward effective incident response.
By Joe Partlow Chief Technology Officer, ReliaQuest, 4/11/2019
Comment1 Comment  |  Read  |  Post a Comment
Credential-Stuffing Attacks Behind 30 Billion Login Attempts in 2018
Robert Lemos, Contributing WriterNews
Using e-mail addresses and passwords from compromised sites, attackers most often targeted retail sites, video-streaming services, and entertainment companies, according to Akamai.
By Robert Lemos , 4/8/2019
Comment1 Comment  |  Read  |  Post a Comment
TLS 1.3: A Good News/Bad News Scenario
Paula Musich, Research Director, Enterprise Management AssociatesCommentary
Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.
By Paula Musich Research Director, Enterprise Management Associates, 3/20/2019
Comment1 Comment  |  Read  |  Post a Comment
Stealing Corporate Funds Still Top Goal of Messaging Attacks
Robert Lemos, Contributing WriterNews
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
By Robert Lemos , 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Shifting Attacks Put Increasing ID Fraud Burden on Consumers
Robert Lemos, Contributing WriterNews
Card-present fraud is down, but attackers continue to find new strategies, and consumers are paying the price.
By Robert Lemos , 3/8/2019
Comment0 comments  |  Read  |  Post a Comment
Debunking 5 Myths About Zero Trust Security
Torsten George, Cybersecurity Evangelist at CentrifyCommentary
Rather than "trust but verify," a zero trust model assumes that attackers will inevitably get in if they aren't already. However, several misconceptions are impeding its adoption.
By Torsten George Cybersecurity Evangelist at Centrify, 3/7/2019
Comment0 comments  |  Read  |  Post a Comment
4 Ways At-Work Apps Are Vulnerable to Attack
Yoram Salinger, CEO of Perception PointCommentary
Collaboration applications make users and IT teams more efficient. But they come with an added cost: security.
By Yoram Salinger CEO of Perception Point, 3/7/2019
Comment3 comments  |  Read  |  Post a Comment
Startup Armor Scientific Launches Multifactor Identity System
Robert Lemos, Contributing WriterNews
Company aims to replace usernames and passwords by combining GPS location, biometrics, and keys issued through a blockchain-based network.
By Robert Lemos Contributing Writer, 3/4/2019
Comment0 comments  |  Read  |  Post a Comment
The Anatomy of a Lazy Phish
Jordan Shakhsheer, Information Security Engineer, Bluestone AnalyticsCommentary
A security engineer breaks down how easy it is for unskilled attackers to trick an unsuspecting user to submit credentials to a phishing site.
By Jordan Shakhsheer Information Security Engineer, Bluestone Analytics, 2/20/2019
Comment2 comments  |  Read  |  Post a Comment
Privacy Ops: The New Nexus for CISOs & DPOs
Amit Ashbel, Security Evangelist, CognigoCommentary
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
By Amit Ashbel Security Evangelist, Cognigo, 2/18/2019
Comment1 Comment  |  Read  |  Post a Comment
A Dog's Life: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
What do a telephony protocol, butt-sniffing, and multifactor authentication have in common? A John Klossner cartoon! And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 2/8/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7844
PUBLISHED: 2019-05-22
Adobe Media Encoder version 13.0.2 has an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2017-9809
PUBLISHED: 2019-05-22
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: Information Exposure.
CVE-2018-12886
PUBLISHED: 2019-05-22
stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypas...
CVE-2019-7834
PUBLISHED: 2019-05-22
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execu...
CVE-2019-7835
PUBLISHED: 2019-05-22
Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier version, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary co...