6 Things That Stink About SSL
Cloud & The Fuzzy Math of Shadow IT
Dark Reading Radio: The Changing Role Of The CSO
Facebook Helps Cripple Greek Botnet
6 Tips for Using Big Data to Hunt Cyberthreats
News & Commentary
Attack Campaign Targets Facebook, Dropbox User Credentials
Brian Prince, Contributing Writer, Dark ReadingNews
The goal of the attackers is not fully clear but the credential theft could set up sophisticated targeted attackers.
By Brian Prince Contributing Writer, Dark Reading, 7/11/2014
Comment0 comments  |  Read  |  Post a Comment
While Brazilians Watch World Cup, Bank Fraudsters Are At Work
Sara Peters, News
Passive biometrics allow BioCatch to tell the difference between busy fraudsters and distraught soccer fans.
By Sara Peters , 7/11/2014
Comment4 comments  |  Read  |  Post a Comment
Strategic Security: Begin With The End In Mind
Jason Sachowski, Sr. Manager, Security R&D, ScotiabankCommentary
The trouble with traditional infosec methodology is that it doesn’t show us how to implement a strategic security plan in the real world.
By Jason Sachowski Sr. Manager, Security R&D, Scotiabank, 7/11/2014
Comment0 comments  |  Read  |  Post a Comment
China Labels iPhone A Security Threat
Eric Zeman, Commentary
State media says the iPhone's ability to collect user location data is dangerous.
By Eric Zeman , 7/11/2014
Comment4 comments  |  Read  |  Post a Comment
Silent Circle Challenges Skype, Telecoms With Encrypted Calling
Thomas Claburn, Editor-at-LargeCommentary
Blackphone maker's affordable encrypted calls could appeal to security-conscious businesses.
By Thomas Claburn Editor-at-Large, 7/11/2014
Comment0 comments  |  Read  |  Post a Comment
Study: Most Critical Infrastructure Firms Have Been Breached
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
A new Ponemon Institute study finds 70% of critical infrastructure companies have been hit by security breaches in the last year, but cyber security programs are still a low priority.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/10/2014
Comment3 comments  |  Read  |  Post a Comment
Global Law Enforcement, Security Firms Team Up, Take Down Shylock
Sara Peters, News
Ŕ la GOZeuS, an international, public-private collaboration seizes a banking Trojan's command and control servers.
By Sara Peters , 7/10/2014
Comment1 Comment  |  Read  |  Post a Comment
Cloud & The Fuzzy Math of Shadow IT
Krishna Narayanaswamy, Founder & Chief Scientist, NetskopeCommentary
Do you know how many cloud apps, on average, are running in your organization? The number is probably greater than you think.
By Krishna Narayanaswamy Founder & Chief Scientist, Netskope, 7/10/2014
Comment9 comments  |  Read  |  Post a Comment
'Windows To Go' Device Wins Federal Cryptographic Certification
David F Carr, Editor, InformationWeek HealthcareCommentary
With FIPS 140-2 Level 3 certification, the Imation IronKey portable USB-based workspace becomes a mobility option for both civilian and military agencies.
By David F Carr Editor, InformationWeek Healthcare, 7/10/2014
Comment0 comments  |  Read  |  Post a Comment
Chinese Hackers Target Logistics & Shipping Firms With Poisoned Inventory Scanners
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
'ZombieZero' still actively pushing rigged handheld scanning devices, reviving concerns of doing business with Chinese tech companies.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/10/2014
Comment5 comments  |  Read  |  Post a Comment
Fake Google Digital Certificates Found & Confiscated
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
A certificate authority in India had issued rogue certificates for some Google domains, the search engine giant discovers.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/9/2014
Comment4 comments  |  Read  |  Post a Comment
BrutPOS Botnet Targets Retail's Low-Hanging Fruit
Sara Peters, News
FireEye discovers a botnet that's going after point-of-sale systems showing bad passwords and other basic security no-nos.
By Sara Peters , 7/9/2014
Comment4 comments  |  Read  |  Post a Comment
In Fog Of Cyberwar, US Tech Is Caught In Crossfire
Julian Waits, President & CEO, ThreatTrack SecurityCommentary
Distrust of the US intelligence community is eroding consumer confidence and hampering US technology firms on the global stage at a time when the sector should be showing unprecedented growth.
By Julian Waits President & CEO, ThreatTrack Security, 7/9/2014
Comment6 comments  |  Read  |  Post a Comment
6 Things That Stink About SSL
Sara Peters,
Users might not care to trust the very mechanism that's supposed to provide online trust.
By Sara Peters , 7/9/2014
Comment8 comments  |  Read  |  Post a Comment
Controversial Cyber Security Bill Advances
Thomas Claburn, Editor-at-LargeCommentary
Senate bill aims to promote information sharing to combat cyberthreats, but critics contend it lacks privacy protections.
By Thomas Claburn Editor-at-Large, 7/9/2014
Comment9 comments  |  Read  |  Post a Comment
Facebook Helps Cripple Greek Botnet
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Arrests made in Lecpetex malware campaign that was spreading via Facebook, emails.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/8/2014
Comment14 comments  |  Read  |  Post a Comment
Electronic Frontier Foundation Sues NSA, Director of National Intelligence
Sara Peters, Quick Hits
EFF says that the agencies have failed to provide documents requested under the Freedom of Information Act.
By Sara Peters , 7/8/2014
Comment2 comments  |  Read  |  Post a Comment
6 Tips for Using Big Data to Hunt Cyberthreats
Timber Wolfe, Principal Security Engineer, TrainACECommentary
You need to be smart about harnessing big data to defend against today’s security threats, data breaches, and attacks.
By Timber Wolfe Principal Security Engineer, TrainACE, 7/8/2014
Comment3 comments  |  Read  |  Post a Comment
Online Scammers Take Advantage Of iPhone 6, iWatch Hype
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Phishing message claims to provide links to leaked iPhone 6 information and pictures.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/8/2014
Comment1 Comment  |  Read  |  Post a Comment
Dark Reading Radio: The Changing Role Of The CSO
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Why does the CSO report to the CIO? Join us for a panel discussion. Showtime is today, Wednesday, 1:00 p.m., New York, 10 a.m., San Francisco.
By Marilyn Cohodas Community Editor, Dark Reading, 7/8/2014
Comment8 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Microsoft, No-IP, And The Need For Clarity
Microsoft, No-IP, And The Need For Clarity
The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Facebook Helps Cripple Greek Botnet
Kelly Jackson Higgins, Senior Editor, Dark Reading,  7/8/2014
Cloud & The Fuzzy Math of Shadow IT
Krishna Narayanaswamy, Founder & Chief Scientist, Netskope,  7/10/2014
Dark Reading Radio: The Changing Role Of The CSO
Marilyn Cohodas, Community Editor, Dark Reading,  7/8/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.
Cartoon
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Flash Poll