Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

News & Commentary
How Hackers Emptied Church Coffers with a Simple Phishing Scam
Sam Bocetta, Security AnalystCommentary
Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.
By Sam Bocetta Security Analyst, 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
The Evolution of Identity
Kathleen Peters, SVP & Head of Fraud & Identity, ExperianCommentary
How data and technology can help businesses make the right fraud decisions, protect people's identities, and create an improved customer experience.
By Kathleen Peters SVP & Head of Fraud & Identity, Experian, 6/18/2019
Comment0 comments  |  Read  |  Post a Comment
Google Adds Two-Factor Authentication for Its Apps on iOS
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Android-based two-factor authentication now works for Google applications on iPad and iPhone.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 6/13/2019
Comment1 Comment  |  Read  |  Post a Comment
End User Lockdown: Dark Reading Caption Contest Winners
Marilyn Cohodas, Managing Editor, Dark ReadingCommentary
Phishing, cybersecurity training, biometrics and casual Fridays. And the winners are ...
By Marilyn Cohodas Managing Editor, Dark Reading, 6/7/2019
Comment2 comments  |  Read  |  Post a Comment
How to Get the Most Benefits from Biometrics
Bojan Simic, Chief Technology Officer & Co-Founder of HYPRCommentary
Providing an easy-to-use, uniform authentication experience without passwords is simpler than you may think.
By Bojan Simic Chief Technology Officer & Co-Founder of HYPR, 6/5/2019
Comment2 comments  |  Read  |  Post a Comment
8 Ways to Authenticate Without Passwords
Steve Zurier, Contributing Writer
Passwordless authentication has a shot at becoming more ubiquitous in the next few years. We take a look at where things stand at the moment.
By Steve Zurier Contributing Writer, 5/28/2019
Comment2 comments  |  Read  |  Post a Comment
What You Need to Know About Zero Trust Security
Curtis Franklin Jr., Senior Editor at Dark Reading
The zero trust model might be the answer to a world in which perimeters are made to be breached. Is it right for your organization?
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/22/2019
Comment0 comments  |  Read  |  Post a Comment
Google to Replace Titan Security Keys Affected by Bluetooth Bug
Kelly Sheridan, Staff Editor, Dark ReadingNews
A misconfiguration in Bluetooth Titan Security Keys' pairing protocols could compromise users under specific circumstances.
By Kelly Sheridan Staff Editor, Dark Reading, 5/16/2019
Comment1 Comment  |  Read  |  Post a Comment
Microsoft Builds on Decentralized Identity Vision
Kelly Sheridan, Staff Editor, Dark ReadingNews
The company elaborates on its plan to balance data control between businesses and consumers by giving more autonomy to individuals.
By Kelly Sheridan Staff Editor, Dark Reading, 5/15/2019
Comment0 comments  |  Read  |  Post a Comment
78% of Consumers Say Online Companies Must Protect Their Info
Steve Zurier, Contributing WriterNews
Yet 68% agree they also must do more to protect their own information.
By Steve Zurier Contributing Writer, 5/13/2019
Comment1 Comment  |  Read  |  Post a Comment
Fighting Back Against Tech-Savvy Fraudsters
Chris Ryan, Senior Fraud Solutions Consultant at ExperianCommentary
Staying a step ahead requires moving beyond the security techniques of the past.
By Chris Ryan Senior Fraud Solutions Consultant at Experian, 5/9/2019
Comment0 comments  |  Read  |  Post a Comment
Better Behavior, Better Biometrics?
Rajiv Dholakia, VP Products, Nok Nok LabsCommentary
Behavioral biometrics is a building block to be used in conjunction with other security measures, but it shows promise.
By Rajiv Dholakia VP Products, Nok Nok Labs, 5/7/2019
Comment0 comments  |  Read  |  Post a Comment
Why Are We Still Celebrating World Password Day?
Steve Zurier, Contributing WriterNews
Calls to eliminate the password abound on this World Password Day and the technology to change is ready. So why can't we get off our password habit?
By Steve Zurier Contributing Writer, 5/2/2019
Comment1 Comment  |  Read  |  Post a Comment
World Password Day or Groundhog Day?
Stephen Cox, VP & CSA, SecureAuthCommentary
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.
By Stephen Cox VP & CSA, SecureAuth, 5/2/2019
Comment3 comments  |  Read  |  Post a Comment
Facebook Accidentally Imported 1.5M Users' Email Data Sans Consent
Dark Reading Staff, Quick Hits
The social media giant says it did not access the imported data and is notifying affected users.
By Dark Reading Staff , 4/18/2019
Comment2 comments  |  Read  |  Post a Comment
CERT, CISA Warn of Vuln in at Least 4 Major VPNs
Dark Reading Staff, Quick Hits
VPN products by Cisco, Palo Alto Networks, F5 Networks, Pulse Secure, insecurely store session cookies.
By Dark Reading Staff , 4/12/2019
Comment1 Comment  |  Read  |  Post a Comment
Credential-Stuffing Attacks Behind 30 Billion Login Attempts in 2018
Robert Lemos, Contributing WriterNews
Using e-mail addresses and passwords from compromised sites, attackers most often targeted retail sites, video-streaming services, and entertainment companies, according to Akamai.
By Robert Lemos , 4/8/2019
Comment1 Comment  |  Read  |  Post a Comment
What the Transition to Smart Cards Can Teach the US Healthcare Industry
Joram Borenstein & Rebecca Weintraub, General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical SchoolCommentary
Healthcare information security suffers from the inherent weakness of using passwords to guard information. Chip-based smart cards could change that.
By Joram Borenstein & Rebecca Weintraub General Manager of Microsoft's Cybersecurity Solutions Group & MD, Assistant Professor at Harvard Medical School, 3/21/2019
Comment1 Comment  |  Read  |  Post a Comment
Stealing Corporate Funds Still Top Goal of Messaging Attacks
Robert Lemos, Contributing WriterNews
Cybercriminals focus on collecting credentials, blackmailing users with fake sextortion scams, and convincing privileged employees to transfer cash. The latter still causes the most damage, and some signs suggest it is moving to mobile.
By Robert Lemos , 3/19/2019
Comment0 comments  |  Read  |  Post a Comment
Shifting Attacks Put Increasing ID Fraud Burden on Consumers
Robert Lemos, Contributing WriterNews
Card-present fraud is down, but attackers continue to find new strategies, and consumers are paying the price.
By Robert Lemos , 3/8/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
AWS CISO Talks Risk Reduction, Development, Recruitment
Kelly Sheridan, Staff Editor, Dark Reading,  6/25/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10164
PUBLISHED: 2019-06-26
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL...
CVE-2019-11583
PUBLISHED: 2019-06-26
The issue searching component in Jira before version 8.1.0 allows remote attackers to deny access to Jira service via denial of service vulnerability in issue search when ordering by "Epic Name".
CVE-2019-4234
PUBLISHED: 2019-06-26
IBM PureApplication System 2.2.3.0 through 2.2.5.3 weakness in the implementation of locking feature in pattern editor. An attacker by intercepting the subsequent requests can bypass business logic to modify the pattern to unlocked state. IBM X-Force ID: 159416.
CVE-2019-4235
PUBLISHED: 2019-06-26
IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 159417.
CVE-2019-4241
PUBLISHED: 2019-06-26
IBM PureApplication System 2.2.3.0 through 2.2.5.3 could allow an authenticated user with local access to bypass authentication and obtain administrative access. IBM X-Force ID: 159467.