GUEST BLOG // Selected Security Content Provided By Sophos
Latest Content
Page 1 / 2   >   >>
3 Places to Enable 2-Factor Authentication Now
Security Insights  |  8/7/2014  | 
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Microsoft, No-IP, And The Need For Clarity
Security Insights  |  7/7/2014  | 
The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.
Back To Basics
Security Insights  |  6/4/2014  | 
By failing to execute on basic security, we’re making the attacker's job too easy.
Preying On A Predator
Security Insights  |  2/27/2014  | 
Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.
When Websites Attack
Security Insights  |  12/31/2013  | 
Windows threats like Cryptolocker and ZeroAccess get all of the attention, but malware targeting (Linux) Web servers continues to evolve
The Dinosaur In The Room
Security Insights  |  12/5/2013  | 
Support for Windows XP ends in April 2014; the implications extend beyond the workstation
What You Need To Know About CryptoLocker
Security Insights  |  11/21/2013  | 
CryptoLocker ransomware is terrorizing home and business users alike. Here's how to protect yourself
With Shared Power Comes Shared Responsibility
Security Insights  |  10/17/2013  | 
Security does not rest entirely on your users' shoulders, so don't make them feel like it does
The New KISS Rule: Keep Information Security Simple
Security Insights  |  9/25/2013  | 
IT environments are becoming more complex; the solution may be simpler security
How To Train Your Users
Security Insights  |  9/10/2013  | 
Help users contribute to your organization's security by teaching them to protect The Four Cs: computers, credentials, connections, and content
The More Things Change
Security Insights  |  8/13/2013  | 
Today's malware is more complex than ever, yet it's still based on three basic hacks
Has Chrome Struck Security Gold?
Security Insights  |  7/31/2013  | 
Some criminals have all but given up on attacking Chrome users. Have exploit authors met their match in Mountain View, or is there more to the story?
Forget Standardization -- Embrace BYOD
Security Insights  |  7/17/2013  | 
The platform standardization ship has sailed, but mobile device management is your ticket to securing all of those handhelds
Exclusive: Pwnie Express Evolves The Role Of The Pen Tester
Security Insights  |  6/3/2013  | 
Pwnie Express recently released Citadel PX, which will expand the role of the pen tester. The new offering will enable greater marketability while improving quality of life
Security War Games
Security Insights  |  5/17/2013  | 
Information security keeps evolving, but our educational methods are not evolving rapidly enough to win the cold cyberwar
Hacker Conferences Come To Bloom In Chicago
Security Insights  |  4/29/2013  | 
Chicago was off the hook with two hacker conferences hosting Bruce Schneier, Josh Corman, Jericho, and many others, including a few first-time presenters
Your Privacy Doesn't Exist
Security Insights  |  4/16/2013  | 
Protecting your privacy never ends
Cool Tech's First Showing At RSA Conference 2013
Security Insights  |  3/1/2013  | 
Meet five unsung heroes that showcased their new solutions at the RSA Conference. You may find something you didn't know you needed
Microsoft Calling?
Security Insights  |  2/20/2013  | 
Microsoft appears proactive by calling its end users to ensure they are applying the latest security patches. Or could it be a social engineering scam?
Canada Joins The DNSSEC Party
Security Insights  |  2/4/2013  | 
Implementing DNSSEC will take some effort, but it plays an important role in securing the future Internet
Android Mobile Malware Found In The Wild
Security Insights  |  1/14/2013  | 
Finding it hard to believe that mobile malware really exists because you haven't seen it?
Another Zero-Day For Symantec PGP WDE
Security Insights  |  1/7/2013  | 
Symantec PGP Desktop is having a bumpy new year with a second zero-day vulnerability released in 13 days. Take action to protect your data
Advisory: As New Year Approaches, Android Malware Detection Growing
Security Insights  |  12/31/2012  | 
As 2012 comes to a close, cybercriminals are taking advantage of your Android app purchases with mobile malware. Be on high alert after you install new Android apps from third-party markets and Google's
BYOS: Data At Risk From Endpoint To Cloud And Back Again
Security Insights  |  12/17/2012  | 
Bring Your Own Software introduces data protection risks that BYOD attempts to account for. Enable your users with data protection encryption software on their own devices rather than playing IT whack-a-mole
Android Riskier Than PCs: Sophos Security Threat Report 2013
Security Insights  |  12/5/2012  | 
Acceleration of BYOD and cloud, challenges caused by ransomware, continued threats coming from Blackhole, and what to expect in 2013
DoD's Bold Initiative: Secure The User, Not The Device
Security Insights  |  11/14/2012  | 
Joint Information Environment effort under way to improve its ability to share information between the services, industry partners, and other government agencies
Is A Greater Risk Of Data Loss The Trade-Off For Convenience?
Security Insights  |  10/30/2012  | 
Ease of use aside, protecting customer data is never an afterthought
Finding Against Chinese Firms Has Lessons For Security Professionals Beyond Mere Avoidance
Security Insights  |  10/11/2012  | 
Sometimes the biggest threats to data security hide in plain sight
Whether You Call It Modern Or Metro, Here Are Eight Security Tips For Windows 8
Security Insights  |  9/25/2012  | 
Windows 8 a case of improved security, increased vigilance
'Warbiking' Experiment Exposes One In Four Hotspots Have Poor, Or No, Security
Security Insights  |  9/10/2012  | 
Excursion into central London streets finds obsolete WEP encryption standard still in use
Porous Network Perimeters Sometimes Caused By People
Security Insights  |  8/16/2012  | 
What a trespassing jet skier and the Citadel Trojan have in common
Latest Black Eye For Dropbox Shines Spotlight On Larger Problem
Security Insights  |  8/2/2012  | 
Handing off your unencrypted data to a cloud storage service doesn't suddenly make it the service's problem if the data is compromised or lost. Responsibility runs in both directions
Traveling Safe, Traveling Smart
Security Insights  |  7/5/2012  | 
Keep your guard up when traveling: Bad Actors never take vacations
Midyear Security Predictions: What You Should Know And Look Out For
Security Insights  |  6/19/2012  | 
Consumerization, APTs, and cloud computing will dominate discussions during next six months
What A Secure Top-Level Domain Can And Can't Do
Security Insights  |  5/24/2012  | 
Is the .secure domain a better mousetrap, or does it lead only to the same dead end?
Where In Hacking The Ends Justify The Means
Security Insights  |  5/8/2012  | 
Do some 'ethical hackers' really have your best interest at heart, or are they more interested in making your private information public?
Coming Soon to Your Smartphone: Mobile Ticketing That Keeps Your Transactions Safe
Security Insights  |  4/25/2012  | 
Just because smartphone rail ticketing is a first here in the states doesn't mean mobile malware writers aren't already paying attention
The Benefits Of Top-Down Security
Security Insights  |  4/18/2012  | 
While enterprise-level breaches often get the attention of C-level suite executives and the members of their IT staff, industry research shows it actually falls to rank-and-file employees to apply best practices and exercise sound judgment in order to properly contain them
Utah Medicaid Breach Exemplifies Value Of Encryption And Access Control
Security Insights  |  4/11/2012  | 
Proactively applying private- or public-key encryption coupled with access control won't eliminate data breaches. But it will make it harder for the bad guys to take advantage of you
SXSW's Social Experiment Tests Limits Of Secure Data Encryption And The Human Condition
Security Insights  |  3/26/2012  | 
Reducing your fellow, fallen-on-hard-times human beings to virtual access points discounts their humanity and may compromise your data's security
Lessons From Heartland Breach In Keeping Sensitive Data From Bad Guys
Security Insights  |  3/19/2012  | 
Substituting the notion of hacker-proof invincibility for inevitably empowers IT, changes outcomes, and gives rise to resilient infrastructures
Stuxnet, The Nation's Power Grid, And The Law Of Unintended Consequences
Security Insights  |  3/12/2012  | 
The debate persists: Should the feds supply security oversight for utilities to stop the next Stuxnet? Or can they really go it alone?
Nortel Networks: Wolf In The Henhouse, Guard Dog Fast Asleep
Security Insights  |  2/17/2012  | 
Keeping stock and patent price at premium trumps disclosure at Nortel Networks
We Make Widgets -- Let Someone Else Handle Security
Security Insights  |  1/20/2012  | 
If you're a customer-facing organization, then security can't take second place behind your services
Criminals Make Sure You're Never Really Alone, Even In Self-Checkout Lanes
Security Insights  |  12/15/2011  | 
Vigilance against card fraud is a 24/7 process, even at the grocery store
Unprotected SCADA Systems An Avoidable Risk
Security Insights  |  11/30/2011  | 
Disconnecting SCADA systems from the Internet prevents opportunistic hacking
Just Because Data Is Portable Doesn’t Make It Safer
Security Insights  |  11/3/2011  | 
Oracle survey finds most smartphone users believe their data is at risk
Microsoft Research Shows Malware Infections Mostly 'Your Fault'
Security Insights  |  10/27/2011  | 
User vigilance is key to securing data, digital identities
RIM's Biggest Network Disruption Over: Now What?
Security Insights  |  10/17/2011  | 
Service disruption becoming all too familiar outcome for BlackBerry users
iTunes Fraud Generates New Publicity, But Who Is Responsible For Online Fraud?
Security Insights  |  10/6/2011  | 
Consumers should take steps to proactively protect themselves against an attack
Page 1 / 2   >   >>


Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5395
Published: 2014-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users ...

CVE-2014-7137
Published: 2014-11-21
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4...

CVE-2014-7871
Published: 2014-11-21
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

CVE-2014-8090
Published: 2014-11-21
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nes...

CVE-2014-8469
Published: 2014-11-21
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?