Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

News & Commentary
7 Tips to Improve Your Employees' Mobile Security
Kelly Sheridan, Staff Editor, Dark Reading
Security experts discuss the threats putting mobile devices at risk and how businesses can better defend against them.
By Kelly Sheridan Staff Editor, Dark Reading, 2/24/2020
Comment0 comments  |  Read  |  Post a Comment
Users Have Risky Security Habits, but Security Pros Aren't Much Better
Kelly Sheridan, Staff Editor, Dark ReadingNews
Researchers spot gaps in users' and IT practitioners' security habits, and between security tools and user preferences.
By Kelly Sheridan Staff Editor, Dark Reading, 2/19/2020
Comment0 comments  |  Read  |  Post a Comment
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust CompanyCommentary
Are you asking the right questions to determine how well your vendors will protect your data? Probably not.
By Nick Selby Chief Security Officer at Paxos Trust Company, 2/19/2020
Comment1 Comment  |  Read  |  Post a Comment
Cyber Fitness Takes More Than a Gym Membership & a Crash Diet
Ryan Weeks, Chief Information Security Officer at DattoCommentary
Make cybersecurity your top priority, moving away from addressing individual problems with Band-Aids and toward attaining a long-term cyber-fitness plan.
By Ryan Weeks Chief Information Security Officer at Datto, 2/18/2020
Comment0 comments  |  Read  |  Post a Comment
How Device-Aware 2FA Can Defeat Social Engineering Attacks
Markus Jakobsson, Chief Scientist, ZapFraudCommentary
While device-aware two-factor authentication is no panacea, it is more secure than conventional SMS-based 2FA. Here's why.
By Markus Jakobsson Chief Scientist, ZapFraud, 2/3/2020
Comment0 comments  |  Read  |  Post a Comment
Weathering the Privacy Storm from GDPR to CCPA & PDPA
Mark McClain, CEO & Co-founderCommentary
A general approach to privacy, no matter the regulation, is the only way companies can avoid a data protection disaster in 2020 and beyond.
By Mark McClain CEO & Co-founder, 1/23/2020
Comment0 comments  |  Read  |  Post a Comment
Cybersecurity Lessons Learned from 'The Rise of Skywalker'
Matt Davey, Chief Operations Optimist, 1PasswordCommentary
They're especially relevant regarding several issues we face now, including biometrics, secure data management, and human error with passwords.
By Matt Davey Chief Operations Optimist, 1Password, 1/22/2020
Comment0 comments  |  Read  |  Post a Comment
ADP Users Hit with Phishing Scam Ahead of Tax Season
Dark Reading Staff, Quick Hits
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
By Dark Reading Staff , 1/17/2020
Comment0 comments  |  Read  |  Post a Comment
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double OctopusCommentary
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.
By Raz Rafaeli CEO and Co-Founder at Secret Double Octopus, 1/16/2020
Comment3 comments  |  Read  |  Post a Comment
Google Lets iPhone Users Turn Device into Security Key
Kelly Sheridan, Staff Editor, Dark ReadingNews
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2020
Comment1 Comment  |  Read  |  Post a Comment
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & PhelpsCommentary
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
By Nicole Sette Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, 1/2/2020
Comment0 comments  |  Read  |  Post a Comment
The Night Before 'Breachmas'
Matt Davey, Chief Operations Optimist, 1PasswordCommentary
What does identity management have to do with Charles Dickens' classic 'A Christmas Carol'? A lot more than you think.
By Matt Davey Chief Operations Optimist, 1Password, 12/24/2019
Comment1 Comment  |  Read  |  Post a Comment
IoT Security: How Far We've Come, How Far We Have to Go
Kelly Sheridan, Staff Editor, Dark ReadingNews
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 12/24/2019
Comment11 comments  |  Read  |  Post a Comment
Ambiguity Around CCPA Will Lead to a Slow Start in 2020
Anurag Kahol, CTO, BitglassCommentary
But longer term, compliance to California's new privacy law represents an opportunity for companies to increase customer trust and market share.
By Anurag Kahol CTO, Bitglass, 12/20/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud External Key Manager Now in Beta
Dark Reading Staff, Quick Hits
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
By Dark Reading Staff , 12/19/2019
Comment0 comments  |  Read  |  Post a Comment
How a Password-Free World Could Have Prevented the Biggest Breaches of 2019
Ori Eisen, Founder & CEO at TrusonaCommentary
If history has taught us anything, it's that hackers can (and will) compromise passwords. Innovation in authentication technology is poised to change that in the coming year.
By Ori Eisen Founder & CEO at Trusona, 12/19/2019
Comment1 Comment  |  Read  |  Post a Comment
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Shawn Taylor, Senior Systems Engineer at ForeScoutCommentary
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
By Shawn Taylor Senior Systems Engineer at ForeScout, 12/18/2019
Comment6 comments  |  Read  |  Post a Comment
'Password' Falls in the Ranks of Favorite Bad Passwords
Kelly Sheridan, Staff Editor, Dark ReadingNews
Facebook, Google named worst password breach offenders.
By Kelly Sheridan Staff Editor, Dark Reading, 12/18/2019
Comment0 comments  |  Read  |  Post a Comment
7 Tips to Keep Your Family Safe Online Over the Holidays
Steve Zurier, Contributing Writer
Security experts offer key cyber advice for family members.
By Steve Zurier Contributing Writer, 12/17/2019
Comment0 comments  |  Read  |  Post a Comment
Google Chrome Now Automatically Alerts Users on Compromised Passwords
Dark Reading Staff, Quick Hits
A series of security enhancements seek to protect users from phishing and warn them when credentials have been compromised.
By Dark Reading Staff , 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5244
PUBLISHED: 2020-02-24
In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.
CVE-2020-5245
PUBLISHED: 2020-02-24
Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Language expressions when using the self-validating feature. The issue has been fixed in dropwizard-vali...
CVE-2020-9369
PUBLISHED: 2020-02-24
Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
CVE-2019-10796
PUBLISHED: 2020-02-24
rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization.
CVE-2019-10798
PUBLISHED: 2020-02-24
rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution. The rdf.Graph.prototype.add method could be tricked into adding or modifying properties of Object.prototype.