GUEST BLOG // Selected Security Content Provided By Sophos
Latest Content
Page 1 / 2   >   >>
Microsoft, No-IP, And The Need For Clarity
Security Insights  |  7/7/2014  | 
The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.
Back To Basics
Security Insights  |  6/4/2014  | 
By failing to execute on basic security, we’re making the attacker's job too easy.
Preying On A Predator
Security Insights  |  2/27/2014  | 
Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.
When Websites Attack
Security Insights  |  12/31/2013  | 
Windows threats like Cryptolocker and ZeroAccess get all of the attention, but malware targeting (Linux) Web servers continues to evolve
The Dinosaur In The Room
Security Insights  |  12/5/2013  | 
Support for Windows XP ends in April 2014; the implications extend beyond the workstation
What You Need To Know About CryptoLocker
Security Insights  |  11/21/2013  | 
CryptoLocker ransomware is terrorizing home and business users alike. Here's how to protect yourself
With Shared Power Comes Shared Responsibility
Security Insights  |  10/17/2013  | 
Security does not rest entirely on your users' shoulders, so don't make them feel like it does
The New KISS Rule: Keep Information Security Simple
Security Insights  |  9/25/2013  | 
IT environments are becoming more complex; the solution may be simpler security
How To Train Your Users
Security Insights  |  9/10/2013  | 
Help users contribute to your organization's security by teaching them to protect The Four Cs: computers, credentials, connections, and content
The More Things Change
Security Insights  |  8/13/2013  | 
Today's malware is more complex than ever, yet it's still based on three basic hacks
Has Chrome Struck Security Gold?
Security Insights  |  7/31/2013  | 
Some criminals have all but given up on attacking Chrome users. Have exploit authors met their match in Mountain View, or is there more to the story?
Forget Standardization -- Embrace BYOD
Security Insights  |  7/17/2013  | 
The platform standardization ship has sailed, but mobile device management is your ticket to securing all of those handhelds
Exclusive: Pwnie Express Evolves The Role Of The Pen Tester
Security Insights  |  6/3/2013  | 
Pwnie Express recently released Citadel PX, which will expand the role of the pen tester. The new offering will enable greater marketability while improving quality of life
Security War Games
Security Insights  |  5/17/2013  | 
Information security keeps evolving, but our educational methods are not evolving rapidly enough to win the cold cyberwar
Hacker Conferences Come To Bloom In Chicago
Security Insights  |  4/29/2013  | 
Chicago was off the hook with two hacker conferences hosting Bruce Schneier, Josh Corman, Jericho, and many others, including a few first-time presenters
Your Privacy Doesn't Exist
Security Insights  |  4/16/2013  | 
Protecting your privacy never ends
Cool Tech's First Showing At RSA Conference 2013
Security Insights  |  3/1/2013  | 
Meet five unsung heroes that showcased their new solutions at the RSA Conference. You may find something you didn't know you needed
Microsoft Calling?
Security Insights  |  2/20/2013  | 
Microsoft appears proactive by calling its end users to ensure they are applying the latest security patches. Or could it be a social engineering scam?
Canada Joins The DNSSEC Party
Security Insights  |  2/4/2013  | 
Implementing DNSSEC will take some effort, but it plays an important role in securing the future Internet
Android Mobile Malware Found In The Wild
Security Insights  |  1/14/2013  | 
Finding it hard to believe that mobile malware really exists because you haven't seen it?
Another Zero-Day For Symantec PGP WDE
Security Insights  |  1/7/2013  | 
Symantec PGP Desktop is having a bumpy new year with a second zero-day vulnerability released in 13 days. Take action to protect your data
Advisory: As New Year Approaches, Android Malware Detection Growing
Security Insights  |  12/31/2012  | 
As 2012 comes to a close, cybercriminals are taking advantage of your Android app purchases with mobile malware. Be on high alert after you install new Android apps from third-party markets and Google's
BYOS: Data At Risk From Endpoint To Cloud And Back Again
Security Insights  |  12/17/2012  | 
Bring Your Own Software introduces data protection risks that BYOD attempts to account for. Enable your users with data protection encryption software on their own devices rather than playing IT whack-a-mole
Android Riskier Than PCs: Sophos Security Threat Report 2013
Security Insights  |  12/5/2012  | 
Acceleration of BYOD and cloud, challenges caused by ransomware, continued threats coming from Blackhole, and what to expect in 2013
DoD's Bold Initiative: Secure The User, Not The Device
Security Insights  |  11/14/2012  | 
Joint Information Environment effort under way to improve its ability to share information between the services, industry partners, and other government agencies
Is A Greater Risk Of Data Loss The Trade-Off For Convenience?
Security Insights  |  10/30/2012  | 
Ease of use aside, protecting customer data is never an afterthought
Finding Against Chinese Firms Has Lessons For Security Professionals Beyond Mere Avoidance
Security Insights  |  10/11/2012  | 
Sometimes the biggest threats to data security hide in plain sight
Whether You Call It Modern Or Metro, Here Are Eight Security Tips For Windows 8
Security Insights  |  9/25/2012  | 
Windows 8 a case of improved security, increased vigilance
'Warbiking' Experiment Exposes One In Four Hotspots Have Poor, Or No, Security
Security Insights  |  9/10/2012  | 
Excursion into central London streets finds obsolete WEP encryption standard still in use
Porous Network Perimeters Sometimes Caused By People
Security Insights  |  8/16/2012  | 
What a trespassing jet skier and the Citadel Trojan have in common
Latest Black Eye For Dropbox Shines Spotlight On Larger Problem
Security Insights  |  8/2/2012  | 
Handing off your unencrypted data to a cloud storage service doesn't suddenly make it the service's problem if the data is compromised or lost. Responsibility runs in both directions
Traveling Safe, Traveling Smart
Security Insights  |  7/5/2012  | 
Keep your guard up when traveling: Bad Actors never take vacations
Midyear Security Predictions: What You Should Know And Look Out For
Security Insights  |  6/19/2012  | 
Consumerization, APTs, and cloud computing will dominate discussions during next six months
What A Secure Top-Level Domain Can And Can't Do
Security Insights  |  5/24/2012  | 
Is the .secure domain a better mousetrap, or does it lead only to the same dead end?
Where In Hacking The Ends Justify The Means
Security Insights  |  5/8/2012  | 
Do some 'ethical hackers' really have your best interest at heart, or are they more interested in making your private information public?
Coming Soon to Your Smartphone: Mobile Ticketing That Keeps Your Transactions Safe
Security Insights  |  4/25/2012  | 
Just because smartphone rail ticketing is a first here in the states doesn't mean mobile malware writers aren't already paying attention
The Benefits Of Top-Down Security
Security Insights  |  4/18/2012  | 
While enterprise-level breaches often get the attention of C-level suite executives and the members of their IT staff, industry research shows it actually falls to rank-and-file employees to apply best practices and exercise sound judgment in order to properly contain them
Utah Medicaid Breach Exemplifies Value Of Encryption And Access Control
Security Insights  |  4/11/2012  | 
Proactively applying private- or public-key encryption coupled with access control won't eliminate data breaches. But it will make it harder for the bad guys to take advantage of you
SXSW's Social Experiment Tests Limits Of Secure Data Encryption And The Human Condition
Security Insights  |  3/26/2012  | 
Reducing your fellow, fallen-on-hard-times human beings to virtual access points discounts their humanity and may compromise your data's security
Lessons From Heartland Breach In Keeping Sensitive Data From Bad Guys
Security Insights  |  3/19/2012  | 
Substituting the notion of hacker-proof invincibility for inevitably empowers IT, changes outcomes, and gives rise to resilient infrastructures
Stuxnet, The Nation's Power Grid, And The Law Of Unintended Consequences
Security Insights  |  3/12/2012  | 
The debate persists: Should the feds supply security oversight for utilities to stop the next Stuxnet? Or can they really go it alone?
Nortel Networks: Wolf In The Henhouse, Guard Dog Fast Asleep
Security Insights  |  2/17/2012  | 
Keeping stock and patent price at premium trumps disclosure at Nortel Networks
We Make Widgets -- Let Someone Else Handle Security
Security Insights  |  1/20/2012  | 
If you're a customer-facing organization, then security can't take second place behind your services
Criminals Make Sure You're Never Really Alone, Even In Self-Checkout Lanes
Security Insights  |  12/15/2011  | 
Vigilance against card fraud is a 24/7 process, even at the grocery store
Unprotected SCADA Systems An Avoidable Risk
Security Insights  |  11/30/2011  | 
Disconnecting SCADA systems from the Internet prevents opportunistic hacking
Just Because Data Is Portable Doesn’t Make It Safer
Security Insights  |  11/3/2011  | 
Oracle survey finds most smartphone users believe their data is at risk
Microsoft Research Shows Malware Infections Mostly 'Your Fault'
Security Insights  |  10/27/2011  | 
User vigilance is key to securing data, digital identities
RIM's Biggest Network Disruption Over: Now What?
Security Insights  |  10/17/2011  | 
Service disruption becoming all too familiar outcome for BlackBerry users
iTunes Fraud Generates New Publicity, But Who Is Responsible For Online Fraud?
Security Insights  |  10/6/2011  | 
Consumers should take steps to proactively protect themselves against an attack
20K Stanford Hospital Emergency Room Patients Have Health Records Posted Online
Security Insights  |  9/22/2011  | 
'An ounce of prevention is better than a pound of cure' adage rings true
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4725
Published: 2014-07-27
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.

CVE-2014-4726
Published: 2014-07-27
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.

CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-2625
Published: 2014-07-26
Directory traversal vulnerability in the storedNtxFile function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to read arbitrary files via crafted input, aka ZDI-CAN-2023.

CVE-2014-2626
Published: 2014-07-26
Directory traversal vulnerability in the toServerObject function in HP Network Virtualization 8.6 (aka Shunra Network Virtualization) allows remote attackers to create files, and consequently execute arbitrary code, via crafted input, aka ZDI-CAN-2024.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.