Operations //

Identity & Access Management

News & Commentary
Banks Start Broad Use of Blockchain, as JP Morgan, IBM Lead Way
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Two major players announced cross-border payment networks built on blockchain technologies Monday, and more financial services will follow soon, despite opinions about Bitcoin.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/17/2017
Comment0 comments  |  Read  |  Post a Comment
Google Bolsters Security for Select Groups
Dark Reading Staff, Quick Hits
Business leaders, political campaign teams, journalists, and other high-risk groups will receive advanced email and account protection.
By Dark Reading Staff , 10/17/2017
Comment0 comments  |  Read  |  Post a Comment
GDPR Compliance: 5 Early Steps to Get Laggards Going
Sara Peters, Senior Editor at Dark Reading
If you're just getting on the EU General Data Protection Regulation bandwagon, here's where you should begin.
By Sara Peters Senior Editor at Dark Reading, 10/16/2017
Comment0 comments  |  Read  |  Post a Comment
How Systematic Lying Can Improve Your Security
Lance Cottrell, Chief Scientist, NtrepidCommentary
No, you don't have to tell websites your mother's actual maiden name.
By Lance Cottrell Chief Scientist, Ntrepid, 10/11/2017
Comment3 comments  |  Read  |  Post a Comment
Why Your Business Must Care about Privacy
Niko Keller, Co-founder and CTO of Opaque CommunicationsCommentary
It might not have something to hide, but it definitely has something to protect.
By Niko Keller Co-founder and CTO of Opaque Communications, 9/26/2017
Comment1 Comment  |  Read  |  Post a Comment
SecureAuth to Merge with Core Security
Dawn Kawamoto, Associate Editor, Dark ReadingNews
K1 Investment Management, which owns Core Security, plans to acquire the identity management and authentication company for more than $200 million.
By Dawn Kawamoto Associate Editor, Dark Reading, 9/20/2017
Comment1 Comment  |  Read  |  Post a Comment
GDPR & the Rise of the Automated Data Protection Officer
Terry Ray, Chief Technology Officer, ImpervaCommentary
Can artificial intelligence and machine learning solve the skills shortage as the EU's General Data Protection Regulation deadline approaches?
By Terry Ray Chief Technology Officer, Imperva, 9/19/2017
Comment1 Comment  |  Read  |  Post a Comment
How Apple's New Facial Recognition Technology Will Change Enterprise Security
Shimrit Tzur-David, CTO & Co-founder, Secret Double OctopusCommentary
Expect a trickle-down effect, as tech similar to Face ID becomes offered outside of Apple.
By Shimrit Tzur-David CTO & Co-founder, Secret Double Octopus, 9/19/2017
Comment0 comments  |  Read  |  Post a Comment
Workplace IoT Puts Companies on Notice for Smarter Security
Robert Clyde, CISM, Vice-Chair of ISACA Board of Directors, Executive Chair of White Cloud Security and Executive Advisor to BullGuard SoftwareCommentary
Blacklisting every "thing" in sight and banning connections to the corporate network may sound tempting, but it's not a realistic strategy.
By Robert Clyde CISM, Vice-Chair of ISACA Board of Directors, Executive Chair of White Cloud Security and Executive Advisor to BullGuard Software, 9/6/2017
Comment0 comments  |  Read  |  Post a Comment
The Active Directory Botnet
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
It's a nightmare of an implementation error with no easy fix. Ty Miller and Paul Kalinin explain how and why an attacker could build an entire botnet inside your organization.
By Sara Peters Senior Editor at Dark Reading, 8/30/2017
Comment0 comments  |  Read  |  Post a Comment
New York's Historic FinSec Regulation Covers DDoS, Not Just Data
Sara Peters, Senior Editor at Dark ReadingNews
Starting today, New York banks and insurers must report to authorities within 72 hours on any security event that has a 'reasonable likelihood' of causing material harm to normal operations.
By Sara Peters Senior Editor at Dark Reading, 8/28/2017
Comment1 Comment  |  Read  |  Post a Comment
GoT & the Inside Threat: Compromised Insiders Make Powerful Adversaries
Orion Cassetto, Senior Product Maester, ExabeamCommentary
What Game of Thrones' Arya Stark and the Faceless Men can teach security pros about defending against modern malware and identity theft.
By Orion Cassetto Senior Product Maester, Exabeam, 8/24/2017
Comment13 comments  |  Read  |  Post a Comment
Risky Business: Why Enterprises Cant Abdicate Cloud Security
John Moynihan, President, Minuteman GovernanceCommentary
It's imperative for public and private sector organizations to recognize the essential truth that governance of data entrusted to them cannot be relinquished, regardless of where the data is maintained.
By John Moynihan President, Minuteman Governance, 8/7/2017
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading News Desk Live at Black Hat USA 2017
Dark Reading Staff, Commentary
Over 40 interviews streaming live right from Black Hat USA, July 26-27, from 2 p.m. - 7 p.m. Eastern Time (11 - 4 P.T.).
By Dark Reading Staff , 7/27/2017
Comment4 comments  |  Read  |  Post a Comment
Healthcare Industry Lacks Awareness of IoT Threat, Survey Says
Dawn Kawamoto, Associate Editor, Dark ReadingNews
Three-quarters of IT decision makers report they are "confident" or "very confident" that portable and connected medical devices are secure on their networks.
By Dawn Kawamoto Associate Editor, Dark Reading, 7/20/2017
Comment10 comments  |  Read  |  Post a Comment
4 Steps to Securing Citizen-Developed Apps
Mike Lemire, Compliance & Information Security Officer at  Quick BaseCommentary
Low- and no-code applications can be enormously helpful to businesses, but they pose some security problems.
By Mike Lemire Compliance & Information Security Officer at Quick Base, 7/19/2017
Comment0 comments  |  Read  |  Post a Comment
AWS S3 Breaches: What to Do & Why
Rob Enns, VP Engineering, Bracket ComputingCommentary
Although basic operations in Amazon's Simple Storage Services are (as the name implies) - simple - things can get complicated with access control and permissions.
By Rob Enns VP Engineering, Bracket Computing, 7/17/2017
Comment0 comments  |  Read  |  Post a Comment
The High Costs of GDPR Compliance
Chris Babel, CEO, TrustArcCommentary
Looming, increasingly strict EU privacy regulations are pushing privacy spending to the top of IT priorities and budgets.
By Chris Babel CEO, TrustArc, 7/11/2017
Comment0 comments  |  Read  |  Post a Comment
Avoiding the Dark Side of AI-Driven Security Awareness
Tom Pendergast, Chief Strategist, Security, Privacy, & Compliance, MediaProCommentary
Can artificial intelligence bring an end to countless hours of boring, largely ineffective user training? Or will it lead to a surveillance state within our information infrastructures?
By Tom Pendergast Chief Strategist, Security, Privacy, & Compliance, MediaPro, 7/5/2017
Comment0 comments  |  Read  |  Post a Comment
8 Things Every Security Pro Should Know About GDPR
Jai Vijayan, Freelance writer
Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
By Jai Vijayan Freelance writer, 6/30/2017
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by ANON1248968898543
Current Conversations What was in those brownies?
In reply to: Caption
Post Your Own Reply
More Conversations
Cybersecurity's 'Broken' Hiring Process
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/11/2017
How Systematic Lying Can Improve Your Security
Lance Cottrell, Chief Scientist, Ntrepid,  10/11/2017
Ransomware Grabs Headlines but BEC May Be a Bigger Threat
Marc Wilczek, Digital Strategist & CIO Advisor,  10/12/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.