Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations //

Identity & Access Management

News & Commentary
ADP Users Hit with Phishing Scam Ahead of Tax Season
Dark Reading Staff, Quick Hits
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
By Dark Reading Staff , 1/17/2020
Comment0 comments  |  Read  |  Post a Comment
Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat
Ian Cruxton, CSO, CallsignCommentary
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.
By Ian Cruxton CSO, Callsign, 1/16/2020
Comment0 comments  |  Read  |  Post a Comment
Google Lets iPhone Users Turn Device into Security Key
Kelly Sheridan, Staff Editor, Dark ReadingNews
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2020
Comment1 Comment  |  Read  |  Post a Comment
Client-Side JavaScript Risks & the CCPA
Ido Safruti, Co-founder & CTO, PerimeterXCommentary
How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.
By Ido Safruti Co-founder & CTO, PerimeterX, 1/6/2020
Comment0 comments  |  Read  |  Post a Comment
CCPA Kickoff: What Businesses Need to Know
Kelly Sheridan, Staff Editor, Dark ReadingNews
The California Consumer Privacy Act is in full effect, prompting organizations to think about how they'll remain compliant.
By Kelly Sheridan Staff Editor, Dark Reading, 1/2/2020
Comment0 comments  |  Read  |  Post a Comment
'Honoring' CCPA's Binding Principles Nationally Won't Be Easy
Dr. Salvatore Stolfo, Founder & CTO, Allure SecurityCommentary
Even companies with the reach, capital, and innovative capacity of Microsoft or Google will struggle to adhere to the tenets of California's new consumer privacy law.
By Dr. Salvatore Stolfo Founder & CTO, Allure Security, 12/26/2019
Comment1 Comment  |  Read  |  Post a Comment
The Night Before 'Breachmas'
Matt Davey, Chief Operations Optimist, 1PasswordCommentary
What does identity management have to do with Charles Dickens' classic 'A Christmas Carol'? A lot more than you think.
By Matt Davey Chief Operations Optimist, 1Password, 12/24/2019
Comment1 Comment  |  Read  |  Post a Comment
IoT Security: How Far We've Come, How Far We Have to Go
Kelly Sheridan, Staff Editor, Dark ReadingNews
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 12/24/2019
Comment11 comments  |  Read  |  Post a Comment
Google Cloud External Key Manager Now in Beta
Dark Reading Staff, Quick Hits
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
By Dark Reading Staff , 12/19/2019
Comment0 comments  |  Read  |  Post a Comment
How a Password-Free World Could Have Prevented the Biggest Breaches of 2019
Ori Eisen, Founder & CEO at TrusonaCommentary
If history has taught us anything, it's that hackers can (and will) compromise passwords. Innovation in authentication technology is poised to change that in the coming year.
By Ori Eisen Founder & CEO at Trusona, 12/19/2019
Comment1 Comment  |  Read  |  Post a Comment
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Shawn Taylor, Senior Systems Engineer at ForeScoutCommentary
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
By Shawn Taylor Senior Systems Engineer at ForeScout, 12/18/2019
Comment5 comments  |  Read  |  Post a Comment
7 Tips to Keep Your Family Safe Online Over the Holidays
Steve Zurier, Contributing Writer
Security experts offer key cyber advice for family members.
By Steve Zurier Contributing Writer, 12/17/2019
Comment0 comments  |  Read  |  Post a Comment
Younger Generations Drive Bulk of 2FA Adoption
Kelly Sheridan, Staff Editor, Dark ReadingNews
Use of two-factor authentication has nearly doubled in the past two years , pointing to a new wave of acceptance.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Only 53% of Security Pros Have Ownership of Workforce IAM
Dark Reading Staff, Quick Hits
Most practitioners report an increase in identities, but many don't have control over how those identities are protected from a range of attacks.
By Dark Reading Staff , 12/10/2019
Comment0 comments  |  Read  |  Post a Comment
Password-Cracking Teams Up in CrackQ Release
Robert Lemos, Contributing WriterNews
The open source platform aims to make password-cracking more manageable and efficient for red teams.
By Robert Lemos Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, OktaCommentary
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
By Diya Jolly Chief Product Officer, Okta, 12/4/2019
Comment2 comments  |  Read  |  Post a Comment
A Security Strategy That Centers on Humans, Not Bugs
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
By Andrea Little Limbago Chief Social Scientist, Virtru, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
5 Cybersecurity CISO Priorities for the Future
Paul Shomo, Cybersecurity AnalystCommentary
Seven chief information security officers share their pain points and two-year spending plans.
By Paul Shomo Cybersecurity Analyst, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading
The right password manager can help bring enterprise-class security to small businesses. Here are a half-dozen candidates to strengthen your access management.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/8/2019
Comment1 Comment  |  Read  |  Post a Comment
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESETCommentary
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
By Lysa Myers Security Researcher, ESET, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7981
PUBLISHED: 2020-01-25
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.
CVE-2019-0141
PUBLISHED: 2020-01-25
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-7596
PUBLISHED: 2020-01-25
Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument.
CVE-2020-7980
PUBLISHED: 2020-01-25
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.
CVE-2012-6613
PUBLISHED: 2020-01-25
D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root Access because of the admin password for the admin account.