Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

News & Commentary
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESETCommentary
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
By Lysa Myers Security Researcher, ESET, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
The Future of Account Security: A World Without Passwords?
Chris Roberts, Chief Security Strategist, Attivo NetworksCommentary
First step: Convince machines that we are who we say we are with expanded biometrics, including behaviors, locations, and other information that makes "us" us.
By Chris Roberts Chief Security Strategist, Attivo Networks, 9/25/2019
Comment4 comments  |  Read  |  Post a Comment
The Fight Against Synthetic Identity Fraud
Kathleen Peters, SVP & Head of Fraud & Identity, ExperianCommentary
Advanced data and innovative technology will help organizations more easily identify abnormal behavior and tell legitimate customers apart from "fake" ones.
By Kathleen Peters SVP & Head of Fraud & Identity, Experian, 9/12/2019
Comment0 comments  |  Read  |  Post a Comment
@jack Got Hacked: Twitter CEO's Tweets Hijacked
Dark Reading Staff, Quick Hits
Twitter CEO Jack Dorsey's Twitter account was, apparently, hijacked for roughly 20 minutes and used for a racist rant.
By Dark Reading Staff , 8/30/2019
Comment2 comments  |  Read  |  Post a Comment
Never Forget Your Passwords Again!
Beyond the Edge, Dark Reading
You never know what those late-night infomercials are going to turn up.
By Beyond the Edge Dark Reading, 8/28/2019
Comment0 comments  |  Read  |  Post a Comment
6 Ways Airlines and Hotels Can Keep Their Networks Secure
Steve Zurier, Contributing Writer
As recent news can attest, travel and hospitality companies are prime targets for cybercriminals. Here are six privacy and security tips that can help lock down privacy and security.
By Steve Zurier Contributing Writer, 8/27/2019
Comment0 comments  |  Read  |  Post a Comment
5 Identity Challenges Facing Todays IT Teams
John Bennett, Senior VP & General Manager of Identity & Access at LastPass by LogMeInCommentary
To take control over your company's security, identify and understand the biggest identity and access management challenges facing IT teams today and start addressing them.
By John Bennett Senior VP & General Manager of Identity & Access at LastPass by LogMeIn, 8/22/2019
Comment1 Comment  |  Read  |  Post a Comment
BioStar 2 Leak Exposes 23GB Data, 1M Fingerprints
Dark Reading Staff, Quick Hits
Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users.
By Dark Reading Staff , 8/14/2019
Comment1 Comment  |  Read  |  Post a Comment
2019 Pwnie Award Winners (And Those Who Wish They Weren't)
Jai Vijayan, Contributing Writer
This year's round-up includes awards into two new categories: most under-hyped research and epic achievement.
By Jai Vijayan Contributing Writer, 8/13/2019
Comment0 comments  |  Read  |  Post a Comment
More Focus on Security as Payment Technologies Proliferate
Robert Lemos, Contributing WriterNews
Banks and merchants are expanding their payment offerings but continue to be wary of the potential fraud risk.
By Robert Lemos Contributing Writer, 8/12/2019
Comment0 comments  |  Read  |  Post a Comment
State Farm Reports Credential-Stuffing Attack
Dark Reading Staff, Quick Hits
The insurer has informed customers a third party used a list of user IDs and passwords to attempt access into online accounts.
By Dark Reading Staff , 8/9/2019
Comment1 Comment  |  Read  |  Post a Comment
It's (Still) the Password, Stupid!
Sam Bocetta, Security AnalystCommentary
The best way to protect your identity in cyberspace is the simplest: Use a variety of strong passwords, and never, ever, use "123456" no matter how easy it is to type.
By Sam Bocetta Security Analyst, 8/9/2019
Comment3 comments  |  Read  |  Post a Comment
Researchers Show Vulnerabilities in Facial Recognition
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
The algorithms that check for a user's 'liveness' have blind spots that can lead to vulnerabilities.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 8/7/2019
Comment1 Comment  |  Read  |  Post a Comment
Mimecast Rejected Over 67 Billion Emails. Here's What It Learned
Steve Zurier, Contributing WriterNews
New research warns that security pros must guard against updates to older malware and more manipulative social-engineering techniques.
By Steve Zurier Contributing Writer, 8/6/2019
Comment3 comments  |  Read  |  Post a Comment
Demystifying New FIDO Standards & Innovations
Bojan Simic, Chief Technology Officer & Co-Founder of HYPRCommentary
Staying on top of the latest cybersecurity risks and preferred attack methods can feel impossible, but standards like FIDO2 are designed to help relieve the burden.
By Bojan Simic Chief Technology Officer & Co-Founder of HYPR, 8/1/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Debuts New Security Capabilities
Dark Reading Staff, Quick Hits
Updates include Advanced Protection Program for the enterprise and general availability of password vaulted apps in Cloud Identity and G Suite.
By Dark Reading Staff , 7/31/2019
Comment3 comments  |  Read  |  Post a Comment
More Companies Don't Rely on Passwords Alone Anymore
Steve Zurier, Contributing WriterNews
New research shows how enterprises are adding additional layers of authentication.
By Steve Zurier Contributing Writer, 7/31/2019
Comment0 comments  |  Read  |  Post a Comment
8 Free Tools to Be Showcased at Black Hat and DEF CON
Ericka Chickowski, Contributing Writer
Expect a full slate of enterprise-class open source tools to take the spotlight when security researchers share their bounties with the community at large.
By Ericka Chickowski Contributing Writer, 7/31/2019
Comment0 comments  |  Read  |  Post a Comment
Keep Your Eye on Digital Certificates
Terry Sweeney, Contributing Editor
X.509 certificates help secure the identity, privacy, and communication between two endpoints, but these digital certificates also have built-in expirations and must be managed.
By Terry Sweeney Contributing Editor, 7/31/2019
Comment1 Comment  |  Read  |  Post a Comment
Transforming 'Tangible Security' into a Competitive Advantage
Kaan Onarlioglu, Security Architect, AkamaiCommentary
Today's consumers want to see and touch security. Meeting this demand will be a win-win for everyone, from users to vendors to security teams.
By Kaan Onarlioglu Security Architect, Akamai, 7/30/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by yvettejwilliams
Current Conversations Thank you
In reply to: Hi men
Post Your Own Reply
More Conversations
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.