Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Dark Reading Radio: The Winners & Losers of Botnet Takedowns
7 Black Hat Sessions Sure To Cause A Stir
Internet of Things: Security For A World Of Ubiquitous Computing
Infographic: With BYOD, Mobile Is The New Desktop
CEO Report Card: Low Grades for Risk Management
News & Commentary
Travel Agency Fined £150,000 for Violating Data Protection Act
Sara Peters, News
That'll teach them not to retain credit card data in perpetuity.
By Sara Peters , 7/24/2014
Comment1 Comment  |  Read  |  Post a Comment
Passwords Be Gone! Removing 4 Barriers To Strong Authentication
Phillip M. Dunkelberger, President & CEO, Nok Nok LabsCommentary
As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.
By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 7/24/2014
Comment1 Comment  |  Read  |  Post a Comment
7 Arrested, 3 More Indicted For Roles in Cyber Fraud Ring That Stung StubHub
Sara Peters, News
Arrests made in New York state, London, Toronto, and Spain for money laundering, grand larceny, and using StubHub customers' credit cards to buy and sell 3,500 e-tickets to prime events.
By Sara Peters , 7/23/2014
Comment3 comments  |  Read  |  Post a Comment
Ram Scraper Malware: Why PCI DSS Can't Fix Retail
Brian Riley, Technical Director, Government Programs, Green Hills SoftwareCommentary
There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data
By Brian Riley Technical Director, Government Programs, Green Hills Software, 7/23/2014
Comment6 comments  |  Read  |  Post a Comment
Dark Reading Radio: The Winners & Losers of Botnet Takedowns
Sara Peters, Commentary
Our guests are Cheri McGuire, VP of global government affairs and cyber security policy for Symantec, and Craig D. Spiezle, executive director and founder of the Online Trust Alliance.
By Sara Peters , 7/23/2014
Comment0 comments  |  Read  |  Post a Comment
7 Black Hat Sessions Sure To Cause A Stir
Ericka Chickowski, Contributing Writer, Dark Reading
At Black Hat, researchers will point out the weaknesses in everything from the satellites in outer space to the thermostat in your home.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/22/2014
Comment7 comments  |  Read  |  Post a Comment
Nigerian 419 Scammers Evolving Into Malware Pushers (But Not Very Good Ones)
Sara Peters, Quick Hits
"Silver Spaniel" attacks use commodity malware to damage others' security, but they aren't very good at protecting their own.
By Sara Peters , 7/22/2014
Comment5 comments  |  Read  |  Post a Comment
Infographic: With BYOD, Mobile Is The New Desktop
Adam Ely, COO, BlueboxCommentary
Security teams have no choice but to embrace the rapid proliferation of BYO devices, apps, and cloud services. To ignore it is to put your head in the sand.
By Adam Ely COO, Bluebox, 7/22/2014
Comment8 comments  |  Read  |  Post a Comment
Don't Overestimate EMV Protections, Underestimate Card Thief Sophistication
Ericka Chickowski, Contributing Writer, Dark ReadingNews
At Black Hat, an AccessData researcher will offer up a crash course in card payment tech and protections to root out security community misconceptions
By Ericka Chickowski Contributing Writer, Dark Reading, 7/21/2014
Comment2 comments  |  Read  |  Post a Comment
Internet of Things: Security For A World Of Ubiquitous Computing
Candace Worley, SVP & GM, Endpoint Security, McAfeeCommentary
Endpoint security is hardly dead, and claiming that it is oversimplifies the challenges corporations face now and in the not-very-distant future.
By Candace Worley SVP & GM, Endpoint Security, McAfee, 7/21/2014
Comment5 comments  |  Read  |  Post a Comment
Hacking Your Hotel Room
Brian Prince, Contributing Writer, Dark ReadingNews
At Black Hat USA next month, a researcher will show how to hack your way into controlling everything in a hotel room -- from lighting to television sets.
By Brian Prince Contributing Writer, Dark Reading, 7/18/2014
Comment12 comments  |  Read  |  Post a Comment
CEO Report Card: Low Grades for Risk Management
Marilyn Cohodas, Community Editor, Dark ReadingCommentary
Dark Reading's latest community poll shows a stunning lack of confidence in chief execs' commitment to cyber security.
By Marilyn Cohodas Community Editor, Dark Reading, 7/18/2014
Comment12 comments  |  Read  |  Post a Comment
Government-Grade Stealth Malware In Hands Of Criminals
Sara Peters, News
"Gyges" can be bolted onto other malware to hide it from anti-virus, intrusion detection systems, and other security tools.
By Sara Peters , 7/17/2014
Comment12 comments  |  Read  |  Post a Comment
Website Hacks Dropped During World Cup Final
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Hackers apparently took time off to watch the Germany-Argentina title match of the 2014 FIFA World Cup.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014
Comment15 comments  |  Read  |  Post a Comment
A New Age in Cyber Security: Public Cyberhealth
Brian Foster, CTO, DamballaCommentary
The cleanup aimed at disrupting GameOver Zeus and CryptoLocker offers an instructive template for managing mass cyber infections.
By Brian Foster CTO, Damballa, 7/17/2014
Comment5 comments  |  Read  |  Post a Comment
Ransomware: 5 Threats To Watch
Kelly Jackson Higgins, Senior Editor, Dark Reading
Cyber criminals have kicked it up a notch with nasty malware that locks you out of your machine and holds it for ransom.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/17/2014
Comment13 comments  |  Read  |  Post a Comment
Senate Hearing Calls for Changes to Cybercrime Law
Sara Peters, News
In the wake of Microsoft's seizure of No-IP servers and domains, private and public sector representatives met to discuss what can be done to address the problem of botnets.
By Sara Peters , 7/16/2014
Comment10 comments  |  Read  |  Post a Comment
Passwords & The Future Of Identity: Payment Networks?
Andre Boysen, EVP, Digital Identity Evangelist, SecureKeyCommentary
The solution to the omnipresent and enduring password problem may be closer than you think.
By Andre Boysen EVP, Digital Identity Evangelist, SecureKey, 7/16/2014
Comment17 comments  |  Read  |  Post a Comment
Automobile Industry Accelerates Into Security
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Industry looking at intelligence-sharing platform or an Auto-ISAC in anticipation of more automated, connected -- and vulnerable -- vehicles.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/15/2014
Comment13 comments  |  Read  |  Post a Comment
Payment Card Data Theft: Tips For Small Business
Chris Nutt, Director, Incident Response & Malware, MandiantCommentary
For small businesses looking to reduce their exposure to data theft the good news is the advantage of being small.
By Chris Nutt Director, Incident Response & Malware, Mandiant, 7/15/2014
Comment7 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Microsoft, No-IP, And The Need For Clarity
Microsoft, No-IP, And The Need For Clarity
The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
Products & Releases
IT Security Pros Surveyed: Poor password management leaves accounts open to attack
New Windows App to Detect WiFi Security
Global Study: Nearly 30 Percent of Security Professionals Would Completely Overhaul Their Current Enterprise Security System Given Resources & Opportunity
Half of Security Professionals Think Java Applications are Vulnerable to Attacks
ZeroFOX to Spotlight Social Risk Management at Black Hat 2014
Solutionary SERT 2014 Q2 Threat Intelligence Report: Amazon-Hosted Malware Nearly Triples in First Half 2014
39 Percent of IT Organizations Experienced More Than Two Significant Security Incidents
General Dynamics Fidelis Cybersecurity Solutions Joins Forces with Microsoft to Further Protect Customers
More Products & Releases
PR Newswire
CEO Report Card: Low Grades for Risk Management
Marilyn Cohodas, Community Editor, Dark Reading,  7/18/2014
Hacking Your Hotel Room
Brian Prince, Contributing Writer, Dark Reading,  7/18/2014
Infographic: With BYOD, Mobile Is The New Desktop
Adam Ely, COO, Bluebox,  7/22/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.
Flash Poll
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0607
Published: 2014-07-24
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.

CVE-2014-1419
Published: 2014-07-24
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

CVE-2014-2360
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

CVE-2014-2361
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVE-2014-2362
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

Best of the Web
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Cartoon