var _hmt = _hmt || []; (function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?d387e539c1f2d34f09a9afbac8032280"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s); })();

Dark Reading is part of the Informa Tech Division of Informa PLC

7x彩票网appThis site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Authentication

News & Commentary
ADP Users Hit with Phishing Scam Ahead of Tax Season
Dark Reading Staff, Quick Hits
Fraudulent emails tell recipients their W-2 forms are ready and prompt them to click malicious links.
By Dark Reading Staff , 1/17/2020
Comment0 comments  |  Read  |  Post a Comment
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double OctopusCommentary
AD is still the single point of authentication for most companies that use Windows. But it has some shortcomings that should be addressed.
By Raz Rafaeli CEO and Co-Founder at Secret Double Octopus, 1/16/2020
Comment1 Comment  |  Read  |  Post a Comment
Google Lets iPhone Users Turn Device into Security Key
Kelly Sheridan, Staff Editor, Dark ReadingNews
The iPhone can now be used in lieu of a physical security key as a means of protecting Google accounts.
By Kelly Sheridan Staff Editor, Dark Reading, 1/15/2020
Comment1 Comment  |  Read  |  Post a Comment
Mechanics of a Crypto Heist: How SIM Swappers Can Steal Cryptocurrency
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & PhelpsCommentary
The true vulnerability at the heart of SIM-swap attacks on crypto accounts lies in crypto exchanges' and email providers' variable implementation of 2FA.
By Nicole Sette Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, 1/2/2020
Comment0 comments  |  Read  |  Post a Comment
The Night Before 'Breachmas'
Matt Davey, Chief Operations Optimist, 1PasswordCommentary
What does identity management have to do with Charles Dickens' classic 'A Christmas Carol'? A lot more than you think.
By Matt Davey Chief Operations Optimist, 1Password, 12/24/2019
Comment1 Comment  |  Read  |  Post a Comment
IoT Security: How Far We've Come, How Far We Have to Go
Kelly Sheridan, Staff Editor, Dark ReadingNews
As organizations fear the proliferations of connected devices on enterprise networks, the private and public sector come together to address IoT vulnerabilities.
By Kelly Sheridan Staff Editor, Dark Reading, 12/24/2019
Comment10 comments  |  Read  |  Post a Comment
Ambiguity Around CCPA Will Lead to a Slow Start in 2020
Anurag Kahol, CTO, BitglassCommentary
But longer term, compliance to California's new privacy law represents an opportunity for companies to increase customer trust and market share.
By Anurag Kahol CTO, Bitglass, 12/20/2019
Comment0 comments  |  Read  |  Post a Comment
Google Cloud External Key Manager Now in Beta
Dark Reading Staff, Quick Hits
Cloud EKM is designed to separate data at rest from encryption keys stored in a third-party management system.
By Dark Reading Staff , 12/19/2019
Comment0 comments  |  Read  |  Post a Comment
How a Password-Free World Could Have Prevented the Biggest Breaches of 2019
Ori Eisen, Founder & CEO at TrusonaCommentary
If history has taught us anything, it's that hackers can (and will) compromise passwords. Innovation in authentication technology is poised to change that in the coming year.
By Ori Eisen Founder & CEO at Trusona, 12/19/2019
Comment1 Comment  |  Read  |  Post a Comment
5 Security Resolutions to Prevent a Ransomware Attack in 2020
Shawn Taylor, Senior Systems Engineer at ForeScoutCommentary
Proactively consider tools to detect anomalous behavior, automatically remediate, and segment threats from moving across the network.
By Shawn Taylor Senior Systems Engineer at ForeScout, 12/18/2019
Comment5 comments  |  Read  |  Post a Comment
'Password' Falls in the Ranks of Favorite Bad Passwords
Kelly Sheridan, Staff Editor, Dark ReadingNews
7x彩票网app, Google named worst password breach offenders.
By Kelly Sheridan Staff Editor, Dark Reading, 12/18/2019
Comment0 comments  |  Read  |  Post a Comment
7 Tips to Keep Your Family Safe Online Over the Holidays
Steve Zurier, Contributing Writer
Security experts offer key cyber advice for family members.
By Steve Zurier Contributing Writer, 12/17/2019
Comment0 comments  |  Read  |  Post a Comment
Google Chrome Now Automatically Alerts Users on Compromised Passwords
Dark Reading Staff, Quick Hits
A series of security enhancements seek to protect users from phishing and warn them when credentials have been compromised.
By Dark Reading Staff , 12/11/2019
Comment0 comments  |  Read  |  Post a Comment
VPN Flaw Allows Criminal Access to Everything on Victims' Computers
Dark Reading Staff, Quick Hits
Vulnerability in the Aviatrix VPN client, since patched, gives an attacker unlimited access to a breached system.
By Dark Reading Staff , 12/5/2019
Comment1 Comment  |  Read  |  Post a Comment
(Literally) Put a Ring on It: Protecting Biometric Fingerprints
Dark Reading Staff, Quick Hits
Kaspersky creates a prototype ring you can wear on your finger for authentication.
By Dark Reading Staff , 12/4/2019
Comment0 comments  |  Read  |  Post a Comment
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, OktaCommentary
Underestimating the security changes that need to accompany a shift to the cloud could be fatal to a business. Here's why.
By Diya Jolly Chief Product Officer, Okta, 12/4/2019
Comment2 comments  |  Read  |  Post a Comment
Time to Warn Users About Black Friday & Cyber Monday Scams
Michael Landewe, Chief Privacy Officer at AvananCommentary
Warn your employees to avoid the inevitable scams associated with these two "holidays," or you risk compromising your company's network.
By Michael Landewe Chief Privacy Officer at Avanan, 11/25/2019
Comment0 comments  |  Read  |  Post a Comment
Why Multifactor Authentication Is Now a Hacker Target
Tanner Johnson, Senior Analyst, Connectivity & IoT, IHS MarkitCommentary
SIM swaps, insecure web design, phishing, and channel-jacking are four ways attackers are circumventing MFA technology, according to the FBI.
By Tanner Johnson Senior Analyst, Connectivity & IoT, IHS Markit, 11/20/2019
Comment1 Comment  |  Read  |  Post a Comment
I 'Hacked' My Accounts Using My Mobile Number: Here's What I Learned
Nicole Sette, Director in the Cyber Risk practice of Kroll, a division of Duff & PhelpsCommentary
A feature that's supposed to make your account more secure -- adding a cellphone number -- has become a vector of attack in SIM-swapping incidents. Here's how it's done and how you can protect yourself.
By Nicole Sette Director in the Cyber Risk practice of Kroll, a division of Duff & Phelps, 11/19/2019
Comment4 comments  |  Read  |  Post a Comment
A Security Strategy That Centers on Humans, Not Bugs
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
The industry's fixation on complex exploits has come at the expense of making fundamentals easy and intuitive for end users.
By Andrea Little Limbago Chief Social Scientist, Virtru, 11/19/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
7x彩票网app Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.

PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...

PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...

PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.

PUBLISHED: 2020-01-18
An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login page responds with JavaScript when one tries to authenticate. An attacker who changes the result parameter (to true) in this JavaScript code can bypass authentication and achieve limited privileges (...
66?????? 7072???? 7073???? 689????? 963???? 66????? 7073???? 7073???? 66???app 8????app