Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Heartbleed's Intranet & VPN Connection
Akamai Withdraws Proposed Heartbleed Patch
'Baby Teeth' In Infrastructure Cyber Security Framework
Active Directory Is Dead: 3 Reasons
Iranian-Based Cyberattack Activity On The Rise, Mandiant Report Says
News & Commentary
The Real Wakeup Call From Heartbleed
Jeff Williams, CTO, Contrast SecurityCommentary
There's nothing special about Heartbleed. It’s another flaw in a popular library that exposed a lot of servers to attack. The danger lies in the way software libraries are built and whether they can be trusted.
By Jeff Williams CTO, Contrast Security, 4/16/2014
Comment0 comments  |  Read  |  Post a Comment
Smartphone Kill Switches Coming, But Critics Cry Foul
Thomas Claburn, Editor-at-LargeCommentary
Smartphone makers and carriers agree to add optional kill switches to smartphones, but law enforcement officials say the anti-theft effort doesn't go far enough.
By Thomas Claburn Editor-at-Large, 4/16/2014
Comment13 comments  |  Read  |  Post a Comment
Mobility: Who Bears The Brunt Of Data Security & Privacy
Grayson Milbourne, Director, Security Intelligence, WebrootCommentary
OS manufacturers, app developers, and consumers all have a role to play in smartphone data security. But not everyone is equally responsible.
By Grayson Milbourne Director, Security Intelligence, Webroot, 4/16/2014
Comment3 comments  |  Read  |  Post a Comment
Don't Blame It On The Web Programming Platform
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
New data shows no one Web development platform generates more vulnerabilities than another -- and website security is still a problem.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/15/2014
Comment3 comments  |  Read  |  Post a Comment
White House Details Zero-Day Bug Policy
Mathew J. Schwartz, News
NSA denies prior knowledge of the Heartbleed vulnerability, but the White House reserves the right to withhold zero-day exploit information in some cases involving security or law enforcement.
By Mathew J. Schwartz , 4/15/2014
Comment3 comments  |  Read  |  Post a Comment
Active Directory Is Dead: 3 Reasons
Thomas Pedersen, CEO & Founder, OneLoginCommentary
These days, Active Directory smells gangrenous to innovative companies born in the cloud and connecting customers, employees, and partners across devices at light speed.
By Thomas Pedersen CEO & Founder, OneLogin, 4/15/2014
Comment21 comments  |  Read  |  Post a Comment
Heartbleed's Intranet & VPN Connection
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
How the game-changing crypto bug affects internal servers, clients, and VPN networks -- and what to do about it.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/14/2014
Comment2 comments  |  Read  |  Post a Comment
Akamai Withdraws Proposed Heartbleed Patch
Mathew J. Schwartz, News
As researchers demonstrate OpenSSL bug exploits that retrieve private keys, Akamai rescinds a patch suggestion for the SSL/TLS library after a security researcher punches holes in it.
By Mathew J. Schwartz , 4/14/2014
Comment2 comments  |  Read  |  Post a Comment
'Baby Teeth' In Infrastructure Cyber Security Framework
Dave Frymier, Chief Information Security Officer, UnisysCommentary
NIST’s modest effort to improve lax security around IT infrastructure in airports, utilities, and other critical areas now heads to Congress. Don't hold your breath.
By Dave Frymier Chief Information Security Officer, Unisys, 4/14/2014
Comment6 comments  |  Read  |  Post a Comment
Iranian-Based Cyberattack Activity On The Rise, Mandiant Report Says
Brian Prince, Contributing Writer, Dark ReadingNews
New report details the rise of suspected Iranian and Syrian-based cyber-attacks.
By Brian Prince Contributing Writer, Dark Reading, 4/11/2014
Comment2 comments  |  Read  |  Post a Comment
Feds Address Antitrust Concerns On Cyberthreat Sharing
William Jackson, Technology WriterCommentary
Justice Dept. and FTC confirm that sharing cybersecurity threat information is not an antitrust law violation.
By William Jackson Technology Writer, 4/11/2014
Comment3 comments  |  Read  |  Post a Comment
Free Heartbleed-Checker Released for Firefox Browser
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Browser plug-ins arrive for Firefox and Chrome that scan websites for Heartbleed risk
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/11/2014
Comment4 comments  |  Read  |  Post a Comment
Windows XP Alive & Well in ICS/SCADA Networks
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
End-of-life for XP support not raising many red flags in critical infrastructure environments, where patching is the exception.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/10/2014
Comment1 Comment  |  Read  |  Post a Comment
Heartbleed Will Go On Even After The Updates
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
What's next now that the mindset is 'assume the worst has already occurred?'
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/10/2014
Comment6 comments  |  Read  |  Post a Comment
Flash Poll: Broken Heartbeat
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
What steps do you plan to take in response to the Heartbleed bug? Take our poll and share your reasons in the comments.
By Marilyn Cohodas Community Editor, Dark Reading, 4/10/2014
Comment0 comments  |  Read  |  Post a Comment
Heartbleed: Examining The Impact
Tim Sapio, Security Analyst, Bishop FoxCommentary
With Heartbleed, there’s little hope of knowing if an asset was breached, if a breach can be identified, or what, if any, data was leaked. Here’s how to defend against future attacks.
By Tim Sapio Security Analyst, Bishop Fox, 4/10/2014
Comment5 comments  |  Read  |  Post a Comment
CIO Vs. CSO: Allies Or Enemies?
Eric Cole, Founder & Chief Scientist, Secure Anchor ConsultingCommentary
In the wake of the Target breach it's clear that the CIO and CSO must have clear boundaries of responsibility and equal representation in the board room.
By Eric Cole Founder & Chief Scientist, Secure Anchor Consulting, 4/10/2014
Comment10 comments  |  Read  |  Post a Comment
Majority Of Users Have Not Received Security Awareness Training, Study Says
Tim Wilson, Editor in Chief, Dark ReadingQuick Hits
Many users fail to follow policies on mobile, cloud security, EMA Research study says.
By Tim Wilson Editor in Chief, Dark Reading, 4/10/2014
Comment11 comments  |  Read  |  Post a Comment
More Than A Half-Million Servers Exposed To Heartbleed Flaw
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
What the newly exposed SSL/TLS threat really means for enterprises and end-users.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 4/9/2014
Comment15 comments  |  Read  |  Post a Comment
Paul Allen Invests In Online Voting Firm
Elena Malykhina, Technology JournalistCommentary
E-voting firm Scytl receives $40 million from Paul Allen's Vulcan Capital to continue election modernization efforts. Defense Department among its customers.
By Elena Malykhina Technology Journalist, 4/9/2014
Comment5 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Preying On A Predator
Preying On A Predator
Mac OS X Snow Leopard is perfectly positioned to be the next target for cybercriminals.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
Products & Releases
Survey: As Companies Move to the Cloud, Increased Security is their Biggest IT Concern
Future of Open Source Survey: OSS Powering New Technologies, Creating New Economics
IBM Delivers Disaster Recovery, Security Services to SoftLayer Clients
Tripwire Donates $11.75M Cybersecurity Service to Penn State
(ISC)2® Intros Program to Develop Global Cybersecurity Education
CSC's New App Security Offering
NSS Labs Releases Latest Browser Security Test Results
Study Reveals 40% of Data Needs Protection; Less than Half of that Gets It
More Products & Releases
PR Newswire
Active Directory Is Dead: 3 Reasons
Thomas Pedersen, CEO & Founder, OneLogin,  4/15/2014
More Than A Half-Million Servers Exposed To Heartbleed Flaw
Kelly Jackson Higgins, Senior Editor, Dark Reading,  4/9/2014
Majority Of Users Have Not Received Security Awareness Training, Study Says
Tim Wilson, Editor in Chief, Dark Reading,  4/10/2014
Register for Dark Reading Newsletters
Flash Poll
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2008-3277
Published: 2014-04-15
Untrusted search path vulnerability in a certain Red Hat build script for the ibmssh executable in ibutils packages before ibutils-1.5.7-2.el6 in Red Hat Enterprise Linux (RHEL) 6 and ibutils-1.2-11.2.el5 in Red Hat Enterprise Linux (RHEL) 5 allows local users to gain privileges via a Trojan Horse p...

CVE-2010-2236
Published: 2014-04-15
The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users with permissions to administer monitoring probes to execute arbitrary code via unspecified vectors, rela...

CVE-2011-3628
Published: 2014-04-15
Untrusted search path vulnerability in pam_motd (aka the MOTD module) in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...

CVE-2012-0214
Published: 2014-04-15
The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in Advanced Package Tool (APT) 0.8.11 through 0.8.15.10 and 0.8.16 before 0.8.16~exp13, when updating from repositories that use InRelease files, allows man-in-the-middle attackers to install arbitrary packages by preventing a user fro...

CVE-2013-4768
Published: 2014-04-15
The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote attackers to cause a denial of service via vectors related to the "network connection clean up code" and (1) Cloud Controller (CLC), (2) Walrus, (3) Storage Controller (SC), and (4) VMware Broker (VB).

Best of the Web
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed