Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

News & Commentary
NSA Releases Guidance on Zero-Trust Architecture
Dark Reading Staff, Quick Hits
A new document provides guidance for businesses planning to implement a zero-trust system management strategy.
By Dark Reading Staff , 2/26/2021
Comment0 comments  |  Read  |  Post a Comment
Strata Identity Raises $11M in Series A Round
Dark Reading Staff, Quick Hits
The series A round of funding, led by Menlo Ventures, will help Strata scale its distributed identity technology.
By Dark Reading Staff , 2/16/2021
Comment0 comments  |  Read  |  Post a Comment
7 Things We Know So Far About the SolarWinds Attacks
Jai Vijayan, Contributing Writer
Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.
By Jai Vijayan Contributing Writer, 2/11/2021
Comment0 comments  |  Read  |  Post a Comment
SolarWinds Attack Reinforces Importance of Principle of Least Privilege
Yash Prakash, Chief Strategy OfficerCommentary
Taking stock of least-privilege policies will go a long way toward hardening an organization's overall security posture.
By Yash Prakash Chief Strategy Officer, 2/9/2021
Comment0 comments  |  Read  |  Post a Comment
Digital Identity Is the New Security Control Plane
Charlie Winckless, Senior Director, Cybersecurity Solutions, at PresidioCommentary
Simplifying the management of security systems helps provide consistent protection for the new normal.
By Charlie Winckless Senior Director, Cybersecurity Solutions, at Presidio, 1/28/2021
Comment1 Comment  |  Read  |  Post a Comment
COVID-19's Acceleration of Cloud Migration & Identity-Centric Security
Dr. Jasson Casey, CTO of Beyond IdentityCommentary
Here are some tips for updating access control methods that accommodate new remote working norms without sacrificing security.
By Dr. Jasson Casey CTO of Beyond Identity, 1/4/2021
Comment0 comments  |  Read  |  Post a Comment
HelpSystems Acquires Data Security Firm Vera
Dark Reading Staff, Quick Hits
The purchase is intended to increase London-based HelpSystems' file collaboration security capabilities.
By Dark Reading Staff , 12/24/2020
Comment0 comments  |  Read  |  Post a Comment
White Ops Announces Its Acquisition
Dark Reading Staff, Quick Hits
A group including Goldman Sachs Merchant Banking Division, ClearSky Security, and NightDragon has purchased the human verification technology company.
By Dark Reading Staff , 12/23/2020
Comment0 comments  |  Read  |  Post a Comment
Corporate Credentials for Sale on the Dark Web: How to Protect Employees and Data
Raz Rafaeli, CEO and Co-Founder at Secret Double OctopusCommentary
It's past time to retire passwords in favor of other methods for authenticating users and securing systems.
By Raz Rafaeli CEO and Co-Founder at Secret Double Octopus, 12/16/2020
Comment0 comments  |  Read  |  Post a Comment
Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet
Avi Shua, Co-Founder, Orca SecurityCommentary
Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.
By Avi Shua Co-Founder, Orca Security, 12/2/2020
Comment1 Comment  |  Read  |  Post a Comment
Evidence-Based Trust Gets Black Hat Europe Spotlight
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
An FPGA-based system could change the balance of power between hardware attackers and defenders within IT security.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/23/2020
Comment0 comments  |  Read  |  Post a Comment
Apple Issues Security Updates
Dark Reading Staff, Quick Hits
Vulnerabilities found in three most recent versions of macOS.
By Dark Reading Staff , 11/13/2020
Comment0 comments  |  Read  |  Post a Comment
Credential Stuffing Fills E-commerce Pipeline in 2020
Dark Reading Staff, Quick Hits
There were 1.3 billion attacks in the third quarter alone, according to new analysis from Arkose Labs.
By Dark Reading Staff , 11/12/2020
Comment0 comments  |  Read  |  Post a Comment
Barracuda to Acquire Fyde for Zero-Trust Capabilities
Dark Reading Staff, Quick Hits
Plans call for expanding the Barracuda CloudGen SASE platform.
By Dark Reading Staff , 11/11/2020
Comment0 comments  |  Read  |  Post a Comment
Claroty Details Vulnerabilities in Schneider PLCs
Dark Reading Staff, Quick Hits
The vulnerabilities in a common line of programmable logic controllers could allow attackers to gain control of industrial equipment.
By Dark Reading Staff , 11/10/2020
Comment0 comments  |  Read  |  Post a Comment
Cloud Usage, Biometrics Surge As Remote Work Grows Permanent
Kelly Sheridan, Staff Editor, Dark ReadingNews
A new report reveals organizations are increasing their adoption of biometric authentication and disallowing SMS as a login method.
By Kelly Sheridan Staff Editor, Dark Reading, 11/10/2020
Comment0 comments  |  Read  |  Post a Comment
FTC Announces Consent Agreement With Zoom
Dark Reading Staff, Quick Hits
The agreement covers Zoom's misleading statements on security for its audio and video calling.
By Dark Reading Staff , 11/9/2020
Comment0 comments  |  Read  |  Post a Comment
7 Online Shopping Tips for the Holidays
Steve Zurier, Contributing Writer
The holidays are right around the corner, and that means plenty of online shopping. These tips will help keep you safe.
By Steve Zurier Contributing Writer, 11/9/2020
Comment0 comments  |  Read  |  Post a Comment
How to Increase Voter Turnout & Reduce Fraud
Husayn Kassai, Co-Founder and CEO, OnfidoCommentary
Digital identity verification has advanced, both technologically and legislatively. Is it the answer to simpler, safer voting?
By Husayn Kassai Co-Founder and CEO, Onfido, 10/29/2020
Comment0 comments  |  Read  |  Post a Comment
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading
New data shows humans still struggle with password creation and management.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 10/28/2020
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Commentary
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
News
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
News
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24913
PUBLISHED: 2021-03-04
A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request.
CVE-2020-24914
PUBLISHED: 2021-03-04
A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request.
CVE-2020-24036
PUBLISHED: 2021-03-04
PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code.
CVE-2020-24912
PUBLISHED: 2021-03-04
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.
CVE-2019-18629
PUBLISHED: 2021-03-04
Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200 allow an attacker to execute an unwanted binary during a exploited clone install. This requires creating a clone file and signing that file with a com...