Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations //

Identity & Access Management

News & Commentary
ADP Users Hit with Phishing Scam Ahead of Tax Season
Dark Reading Staff, Quick Hits
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
By Dark Reading Staff , 1/17/2020
Comment0 comments  |  Read  |  Post a Comment
Phishing Today, Deepfakes Tomorrow: Training Employees to Spot This Emerging Threat
Ian Cruxton, CSO, CallsignCommentary
Cybercriminals are evolving their tactics, and the security community anticipates voice and video fraud to play a role in one of the next big data breaches -- so start protecting your business now.
By Ian Cruxton CSO, Callsign, 1/16/2020
Comment0 comments  |  Read  |  Post a Comment
Google Lets iPhone Users Turn Device into Security Key
Kelly Sheridan, Staff Editor, Dark ReadingNews
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2020
Comment1 Comment  |  Read  |  Post a Comment
Client-Side JavaScript Risks & the CCPA
Ido Safruti, Co-founder & CTO, PerimeterXCommentary
How California's new privacy law increases the liability for securing Web-facing user data, and what enterprises can do to mitigate their risk.
By Ido Safruti Co-founder & CTO, PerimeterX, 1/6/2020
Comment0 comments  |  Read  |  Post a Comment
CCPA Kickoff: What Businesses Need to Know
Kelly Sheridan, Staff Editor, Dark ReadingNews
The California Consumer Privacy Act is in full effect, prompting organizations to think about how they'll remain compliant.
By Kelly Sheridan Staff Editor, Dark Reading, 1/2/2020
Comment0 comments  |  Read  |  Post a Comment
'Honoring' CCPA's Binding Principles Nationally Won't Be Easy
Dr. Salvatore Stolfo, Founder & CTO, Allure SecurityCommentary
Even companies with the reach, capital, and innovative capacity of Microsoft or Google will struggle to adhere to the tenets of California's new consumer privacy law.
By Dr. Salvatore Stolfo Founder & CTO, Allure Security, 12/26/2019
Comment1 Comment  |  Read  |  Post a Comment
The Night Before 'Breachmas'
Matt Davey, Chief Operations Optimist, 1PasswordCommentary
What does identity management have to do with Charles Dickens' classic 'A Christmas Carol'? A lot more than you think.
By Matt Davey Chief Operations Optimist, 1Password, 12/24/2019
Comment1 Comment  |  Read  |  Post a Comment
IoT Security: How Far We've Come, How Far We Have to Go
Kelly Sheridan, Staff Editor, Dark ReadingNews
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 12/24/2019
Comment10 comments  |  Read  |  Post a Comment
Google Cloud External Key Manager Now in Beta
Dark Reading Staff, Quick Hits
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
By Dark Reading Staff , 12/19/2019
Comment0 comments  |  Read  |  Post a Comment
How a Password-Free World Could Have Prevented the Biggest Breaches of 2019
Ori Eisen, Founder & CEO at TrusonaCommentary
If history has taught us anything, it's that hackers can (and will) compromise passwords. Innovation in authentication technology is poised to change that in the coming year.
By Ori Eisen Founder & CEO at Trusona, 12/19/2019
Comment1 Comment  |  Read  |  Post a Comment
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Shawn Taylor, Senior Systems Engineer at ForeScoutCommentary
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
By Shawn Taylor Senior Systems Engineer at ForeScout, 12/18/2019
Comment5 comments  |  Read  |  Post a Comment
7 Tips to Keep Your Family Safe Online Over the Holidays
Steve Zurier, Contributing Writer
Security experts offer key cyber advice for family members.
By Steve Zurier Contributing Writer, 12/17/2019
Comment0 comments  |  Read  |  Post a Comment
Younger Generations Drive Bulk of 2FA Adoption
Kelly Sheridan, Staff Editor, Dark ReadingNews
Use of two-factor authentication has nearly doubled in the past two years , pointing to a new wave of acceptance.
By Kelly Sheridan Staff Editor, Dark Reading, 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
Only 53% of Security Pros Have Ownership of Workforce IAM
Dark Reading Staff, Quick Hits
Most practitioners report an increase in identities, but many don't have control over how those identities are protected from a range of attacks.
By Dark Reading Staff , 12/10/2019
Comment0 comments  |  Read  |  Post a Comment
Password-Cracking Teams Up in CrackQ Release
Robert Lemos, Contributing WriterNews
The open source platform aims to make password-cracking more manageable and efficient for red teams.
By Robert Lemos Contributing Writer, 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, OktaCommentary
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
By Diya Jolly Chief Product Officer, Okta, 12/4/2019
Comment2 comments  |  Read  |  Post a Comment
A Security Strategy That Centers on Humans, Not Bugs
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
By Andrea Little Limbago Chief Social Scientist, Virtru, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
5 Cybersecurity CISO Priorities for the Future
Paul Shomo, Cybersecurity AnalystCommentary
Seven chief information security officers share their pain points and two-year spending plans.
By Paul Shomo Cybersecurity Analyst, 11/14/2019
Comment0 comments  |  Read  |  Post a Comment
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading
The right password manager can help bring enterprise-class security to small businesses. Here are a half-dozen candidates to strengthen your access management.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/8/2019
Comment1 Comment  |  Read  |  Post a Comment
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESETCommentary
For many people, overly restrictive advice about passwords and other security practices is doing more harm than good. Here's why.
By Lysa Myers Security Researcher, ESET, 10/9/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5397
PUBLISHED: 2020-01-17
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not incl...
CVE-2019-17635
PUBLISHED: 2020-01-17
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a deserialization vulnerability if an index file of a parsed heap dump is replaced by a malicious version and the heap dump is reopened in Memory Analyzer. The user must chose to reopen an already parsed heap dump with an untrusted inde...
CVE-2019-19339
PUBLISHED: 2020-01-17
It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries...
CVE-2007-6070
PUBLISHED: 2020-01-17
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-1382. Reason: This candidate is a reservation duplicate of CVE-2008-1382. Notes: All CVE users should reference CVE-2008-1382 instead of this candidate. All references and descriptions in this candidate have been removed to prevent ...
CVE-2019-17634
PUBLISHED: 2020-01-17
Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, open the malicious heap dump and generate an HTML report for the problem to occur. The heap dump could...