Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations //

Identity & Access Management

News & Commentary
Who Gets Privileged Access & How to Enforce It
Tim Keeler, Founder and CEO, RemediantCommentary
Let's begin by re-evaluating IT infrastructures to determine who has access to what, why, and when.
By Tim Keeler Founder and CEO, Remediant, 8/20/2019
Comment0 comments  |  Read  |  Post a Comment
BioStar 2 Leak Exposes 23GB Data, 1M Fingerprints
Dark Reading Staff, Quick Hits
Thousands of organizations, including banks, governments, and the UK Metropolitan Police, use the biometric security tool to authenticate users.
By Dark Reading Staff , 8/14/2019
Comment1 Comment  |  Read  |  Post a Comment
It's (Still) the Password, Stupid!
Sam Bocetta, Security AnalystCommentary
The best way to protect your identity in cyberspace is the simplest: Use a variety of strong passwords, and never, ever, use "123456" no matter how easy it is to type.
By Sam Bocetta Security Analyst, 8/9/2019
Comment3 comments  |  Read  |  Post a Comment
Mimecast Rejected Over 67 Billion Emails. Here's What It Learned
Steve Zurier, Contributing WriterNews
New research warns that security pros must guard against updates to older malware and more manipulative social-engineering techniques.
By Steve Zurier Contributing Writer, 8/6/2019
Comment3 comments  |  Read  |  Post a Comment
Fighting Back Against Mobile Fraudsters
DJ Murphy, Editor-in-Chief, Security Portfolio, at Reed ExhibitionsCommentary
The first step toward identifying and preventing mobile fraud threats is acknowledging that mobile security requires a unique solution.
By DJ Murphy Editor-in-Chief, Security Portfolio, at Reed Exhibitions, 8/5/2019
Comment0 comments  |  Read  |  Post a Comment
Capital One: What We Should Learn This Time
Kelly Sheridan, Staff Editor, Dark ReadingNews
Where Capital One went wrong, what the bank did right, and more key takeaways from the latest mega-breach.
By Kelly Sheridan Staff Editor, Dark Reading, 8/2/2019
Comment2 comments  |  Read  |  Post a Comment
Black Hat: A Summer Break from the Mundane and Controllable
John B. Dickson, CISSP,  Principal, Denim GroupCommentary
Enjoy the respite from the security tasks that await you back at home. Then prepare yourself for the uphill battles to come. Here's how.
By John B. Dickson CISSP, Principal, Denim Group, 8/2/2019
Comment0 comments  |  Read  |  Post a Comment
A Realistic Path Forward for Security Orchestration and Automation
Kacy Zurkus, Contributing Writer
Security teams often look to technology to solve their security challenges. Yet sometimes investing in new products can create more issues.
By Kacy Zurkus Contributing Writer, 8/1/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud Debuts New Security Capabilities
Dark Reading Staff, Quick Hits
Updates include Advanced Protection Program for the enterprise and general availability of password vaulted apps in Cloud Identity and G Suite.
By Dark Reading Staff , 7/31/2019
Comment3 comments  |  Read  |  Post a Comment
Keep Your Eye on Digital Certificates
Terry Sweeney, Contributing Editor
X.509 certificates help secure the identity, privacy, and communication between two endpoints, but these digital certificates also have built-in expirations and must be managed.
By Terry Sweeney Contributing Editor, 7/31/2019
Comment1 Comment  |  Read  |  Post a Comment
VPNs' Future: Less Reliant on Users, More Transparent, And Smarter
Terry Sweeney, Contributing Editor
Virtual private networking is poised to become more automated and intelligent, especially as endpoints associated with cloud services and the IoT need protection.
By Terry Sweeney Contributing Editor, 7/24/2019
Comment2 comments  |  Read  |  Post a Comment
8 Legit Tools and Utilities That Cybercriminals Commonly Misuse
Jai Vijayan, Contributing Writer
Threat actors are increasingly 'living off the land,' using publicly available management and administration tools to conceal malicious activity.
By Jai Vijayan Contributing Writer, 7/18/2019
Comment2 comments  |  Read  |  Post a Comment
A Password Management Report Card
Maxine Holt, Research Director, OvumCommentary
New research on password management tools identifies the relative strengths and weaknesses of 12 competing offerings.
By Maxine Holt Research Director, Ovum, 7/17/2019
Comment0 comments  |  Read  |  Post a Comment
Competing Priorities Mean Security Risks for Small Businesses
Dark Reading Staff, Quick Hits
Small business IT professionals are trying to balance multiple priorities and finding that the balance often leaves the company with serious security risks.
By Dark Reading Staff , 7/12/2019
Comment6 comments  |  Read  |  Post a Comment
Insider Threats: An M&A Dealmaker's Nightmare
Joe Payne, President and CEO at Code42Commentary
Because data has never been more portable, taking it has never been easier. And that's a huge problem during mergers and acquisitions.
By Joe Payne President and CEO at Code42, 7/9/2019
Comment0 comments  |  Read  |  Post a Comment
Smash-and-Grab Crime Threatens Enterprise Security
Nicko van Someren, Ph.D., Chief Technology Officer at AbsoluteCommentary
Getting your company smartphone or laptop stolen from your car isn't just a hassle; it can have large regulatory ramifications, too. Visibility is the answer.
By Nicko van Someren, Ph.D. Chief Technology Officer at Absolute, 7/8/2019
Comment0 comments  |  Read  |  Post a Comment
Intelligent Authentication Market Grows to Meet Demand
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
Confidence in user identity is critical to prevent fraud and theft, and companies are looking for new ways to get the necessary assurance.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 7/5/2019
Comment2 comments  |  Read  |  Post a Comment
The Case for Encryption: Fact vs. Fiction
Ramon Peypoch, SVP Products, Vera SecurityCommentary
The common belief that encryption enables bad behavior primarily used by thieves, international terrorists, and other villainous characters is simply not true. Here's why.
By Ramon Peypoch SVP Products, Vera Security, 7/2/2019
Comment0 comments  |  Read  |  Post a Comment
Office 365 Multifactor Authentication Done Right
Yassir Abousselham, Chief Security Officer, OktaCommentary
Why the ubiquitous nature of Office 365 poses unique challenges for MFA-based security and how organizations can protect themselves.
By Yassir Abousselham Chief Security Officer, Okta, 6/27/2019
Comment0 comments  |  Read  |  Post a Comment
How Hackers Emptied Church Coffers with a Simple Phishing Scam
Sam Bocetta, Security AnalystCommentary
Cyber thieves aren't bound by a code of ethics. They look for weak targets and high rewards, which is exactly what Saint Ambrose Catholic offered.
By Sam Bocetta Security Analyst, 6/19/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
The Flaw in Vulnerability Management: It's Time to Get Real
Jim Souders, Chief Executive Officer at Adaptiva,  8/15/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5034
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vuln...
CVE-2019-5035
PUBLISHED: 2019-08-20
An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacker c...
CVE-2019-5036
PUBLISHED: 2019-08-20
An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially cr...
CVE-2019-8103
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...
CVE-2019-8104
PUBLISHED: 2019-08-20
Adobe Acrobat and Reader versions, 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2017.011.30142 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds read vulnerability. Successful exploitation ...