'POODLE' Attacks, Kills Off SSL 3.0
The Internet of Things: 7 Scary Security Scenarios
Stolen Medical Data Is Now A Hot Commodity
Why Don't IT Generalists Understand Security?
Mastering Security Analytics
News & Commentary
Sophisticated Malvertising Campaign Targets US Defense Industry
Brian Prince, Contributing Writer, Dark ReadingNews
Dubbed Operation DeathClick, the campaign puts a new twist on an old method of infecting users.
By Brian Prince Contributing Writer, Dark Reading, 10/17/2014
Comment0 comments  |  Read  |  Post a Comment
Facebook Automates Fight Against Hackers
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Here's a sneak peek into the system Facebook uses to secure your account when other websites are hacked.
By Kristin Burnham Senior Editor, InformationWeek.com, 10/17/2014
Comment6 comments  |  Read  |  Post a Comment
In Plain Sight: How Cyber Criminals Exfiltrate Data Via Video
Kaushik Narayan, CTO, Skyhigh NetworksCommentary
Just like Fortune 500 companies, attackers are investing in sophisticated measures that let them fly beneath the radar of conventional security.
By Kaushik Narayan CTO, Skyhigh Networks, 10/17/2014
Comment5 comments  |  Read  |  Post a Comment
Open Source v. Closed Source: What's More Secure?
Sara Peters, Senior Editor at Dark ReadingCommentaryVideo
In the wake of Shellshock and Heartbleed, has the glow of open-source application security dimmed?
By Sara Peters Senior Editor at Dark Reading, 10/17/2014
Comment0 comments  |  Read  |  Post a Comment
FBI Director Urges New Encryption Legislation
Sara Peters, Senior Editor at Dark ReadingNews
Encryption algorithms do not acknowledge "lawful access."
By Sara Peters Senior Editor at Dark Reading, 10/16/2014
Comment4 comments  |  Read  |  Post a Comment
'Silent' Fix For Windows USB Bug?
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
Researchers say a newly patched Microsoft USB flaw in older versions of Windows had at some time previously been fixed in newer versions of the OS.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/16/2014
Comment1 Comment  |  Read  |  Post a Comment
Facebook Doubles Bug Bounties For Ad-Related Flaws
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Is it a sign that online brands are treating malvertising more seriously?
By Ericka Chickowski Contributing Writer, Dark Reading, 10/16/2014
Comment0 comments  |  Read  |  Post a Comment
The Internet of Things: 7 Scary Security Scenarios
Marilyn Cohodas, Community Editor, Dark Reading
The IoT can be frightening when viewed from the vantage point of information security.
By Marilyn Cohodas Community Editor, Dark Reading, 10/16/2014
Comment5 comments  |  Read  |  Post a Comment
Berners-Lee Behind New Private Communications Network For Ultra-Privacy Conscious
Kelly Jackson Higgins, Executive Editor at Dark ReadingQuick Hits
MeWe offers free, secure, and private communications.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/16/2014
Comment1 Comment  |  Read  |  Post a Comment
'Hurricane Panda' Cyberspies Used Windows Zero-Day For Months
Brian Prince, Contributing Writer, Dark ReadingNews
The vulnerability is one of multiple issues patched this week by Microsoft that have been targeted by attackers.
By Brian Prince Contributing Writer, Dark Reading, 10/15/2014
Comment3 comments  |  Read  |  Post a Comment
Russian Hackers Made $2.5B Over The Last 12 Months
Sara Peters, Senior Editor at Dark ReadingNews
The big bucks are in selling credit card data -- not using it for fraud -- and PoS and ATM attacks are on the rise.
By Sara Peters Senior Editor at Dark Reading, 10/15/2014
Comment13 comments  |  Read  |  Post a Comment
'POODLE' Attacks, Kills Off SSL 3.0
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A newly discovered design flaw in an older version of SSL encryption protocol could be used for man-in-the-middle attacks -- leading some browser vendors to remove SSL 3.0 for good.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/15/2014
Comment8 comments  |  Read  |  Post a Comment
Third-Party Code: Fertile Ground For Malware
Peter Zavlaris, Analyst, RiskIQCommentary
How big-brand corporate websites are becoming a popular method for mass distribution of exploit kits on vulnerable computers.
By Peter Zavlaris Analyst, RiskIQ, 10/15/2014
Comment6 comments  |  Read  |  Post a Comment
CMS Plug-Ins Put Sites At Risk
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Content management systems are increasingly in attackers' crosshairs, with plug-ins, extensions, and themes broadening the attack surfaces for these platforms.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/15/2014
Comment0 comments  |  Read  |  Post a Comment
Cost Of A Data Breach Jumps By 23%
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Cleanup and resolution after a breach take an average of one month to complete, a new Ponemon Institute report finds.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/14/2014
Comment18 comments  |  Read  |  Post a Comment
Mastering Security Analytics
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
By Ericka Chickowski Contributing Writer, Dark Reading, 10/14/2014
Comment1 Comment  |  Read  |  Post a Comment
Hundreds Of DropBox Logins For Sale On Pastebin
Sara Peters, Senior Editor at Dark ReadingQuick Hits
Trader says he's got 7 million more where those came from, but Dropbox says the accounts were expired.
By Sara Peters Senior Editor at Dark Reading, 10/14/2014
Comment0 comments  |  Read  |  Post a Comment
Stolen Medical Data Is Now A Hot Commodity
Lysa Myers, Security Researcher, ESETCommentary
While credit cards are selling for a dollar or less on the black market, personal health credentials are commanding as much as $10 per patient. Here’s why.
By Lysa Myers Security Researcher, ESET, 10/14/2014
Comment5 comments  |  Read  |  Post a Comment
Russian Cyberspies Hit Ukrainian, US Targets With Windows Zero-Day Attack
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
The Sandworm cyber espionage gang out of Russia intensifies its attacks in the wake of the Ukrainian conflict and sanctions against Russia with classic zero-day -- plus a popular cybercrime toolkit.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 10/14/2014
Comment7 comments  |  Read  |  Post a Comment
Shellshock Mayhem Marks The Start Of Malware Mess
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Existing Mayhem botnet malware kit now includes Shellshock exploit -- and experts say that'll be the model for more enterprising criminals.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/13/2014
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
PR Newswire
Cost Of A Data Breach Jumps By 23%
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/14/2014
Russian Hackers Made $2.5B Over The Last 12 Months
Sara Peters, Senior Editor at Dark Reading,  10/15/2014
'POODLE' Attacks, Kills Off SSL 3.0
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/15/2014
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
Don't Get Caught in a Compromising Position
Relying on Indicators of Compromise is necessary, but not sufficient. Read >>
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.
Cartoon
White Papers
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-7052
Published: 2014-10-19
The sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application 2.4.9.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7056
Published: 2014-10-19
The Yeast Infection (aka com.wyeastinfectionapp) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7070
Published: 2014-10-19
The Air War Hero (aka com.dev.airwar) application 3.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7075
Published: 2014-10-19
The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-7079
Published: 2014-10-19
The Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application 1.0.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Best of the Web
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Flash Poll
Video
Slideshows
Twitter Feed