Database Security
Authentication
Privacy
Compliance
Careers & People
Identity & Access Management
Threat Intelligence
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Dark Reading Radio: Data Loss Prevention (DLP) Fail
7 Black Hat Sessions Sure To Cause A Stir
Myth-Busting Machine Learning In Security
DHS-Funded 'SWAMP' Helps Scour Code For Bugs
Infographic: With BYOD, Mobile Is The New Desktop
News & Commentary
'Energetic' Bear Under The Microscope
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Kaspersky Lab report finds more industries hit by the infamous cyber espionage campaign -- and evidence pointing to French and Swedish-speaking attackers as well as Eastern European ones.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/31/2014
Comment0 comments  |  Read  |  Post a Comment
InfoSec’s Holy Grail: Data Sharing & Collaboration
Levi Gundert, Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC)Commentary
Despite all the best intentions, cooperation around Internet security is a still a work in progress. Case in point: Microsoft’s unilateral action against No-IP.
By Levi Gundert Technical Lead, Cisco Threat Research, Analysis, and Communications (TRAC), 7/31/2014
Comment0 comments  |  Read  |  Post a Comment
10 Dramatic Moments In Black Hat History
Ericka Chickowski, Contributing Writer, Dark Reading
From Google hacking to ATM "jackpotting" to the NSA -- Black Hat has had some memorable moments over the years.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/31/2014
Comment3 comments  |  Read  |  Post a Comment
New Mobile Phone '0wnage' Threat Discovered
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Widespread major vulnerabilities discovered in client control software that affect nearly all smartphone platforms: Details to come at Black Hat USA next week.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/31/2014
Comment6 comments  |  Read  |  Post a Comment
Phishing: What Once Was Old Is New Again
Dave Kearns, Analyst, Kuppinger-ColeCommentary
I used to think the heyday of phishing had passed. But as Symantec notes in its 2014 Internet Security Threat Report, I was wrong!
By Dave Kearns Analyst, Kuppinger-Cole, 7/30/2014
Comment10 comments  |  Read  |  Post a Comment
Security Holes Found In Some DLP Products
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Researchers to reveal key security flaws in commercial and open-source data loss prevention software at Black Hat USA next week.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/30/2014
Comment3 comments  |  Read  |  Post a Comment
Dark Reading Radio: Data Loss Prevention (DLP) Fail
Kelly Jackson Higgins, Senior Editor, Dark ReadingCommentary
Learn about newly found vulnerabilities in commercial and open-source DLP software in our latest episode of Dark Reading Radio with security researchers Zach Lanier and Kelly Lum.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/29/2014
Comment8 comments  |  Read  |  Post a Comment
Scan Shows Possible Heartbleed Fix Failures
Kelly Jackson Higgins, Senior Editor, Dark ReadingQuick Hits
Study indicates many Global 2000 firms patched, but failed to replace digital certificates.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/29/2014
Comment5 comments  |  Read  |  Post a Comment
The Perfect InfoSec Mindset: Paranoia + Skepticism
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
A little skeptical paranoia will ensure that you have the impulse to react quickly to new threats while retaining the logic to separate fact from fiction.
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 7/29/2014
Comment5 comments  |  Read  |  Post a Comment
Internet Of Things Contains Average Of 25 Vulnerabilities Per Device
Ericka Chickowski, Contributing Writer, Dark ReadingNews
New study finds high volume of security flaws in such IoT devices as webcams, home thermostats, remote power outlets, sprinkler controllers, home alarms, and garage door openers.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/29/2014
Comment6 comments  |  Read  |  Post a Comment
DHS-Funded 'SWAMP' Helps Scour Code For Bugs
Kelly Jackson Higgins, Senior Editor, Dark ReadingNews
Cloud-based platform offering free secure coding tools for developers in government, enterprises, academia, gaining commercial attention as well.
By Kelly Jackson Higgins Senior Editor, Dark Reading, 7/28/2014
Comment5 comments  |  Read  |  Post a Comment
Weak Password Advice From Microsoft
Andrey Dulkin, Senior Director, Cyber Innovation, CyberArkCommentary
Tempting as it may seem to do away with strong passwords for low-risk websites, password reuse is still a significant threat to both users and business.
By Andrey Dulkin Senior Director, Cyber Innovation, CyberArk, 7/28/2014
Comment8 comments  |  Read  |  Post a Comment
Myth-Busting Machine Learning In Security
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Black Hat USA presentation to help quell misconceptions and confusion over machine learning methods in today's security tools.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/28/2014
Comment4 comments  |  Read  |  Post a Comment
Researchers Develop 'BlackForest' To Collect, Correlate Threat Intelligence
Brian Prince, Contributing Writer, Dark ReadingNews
Researchers at the Georgia Tech Research Institute develop the BlackForest system to help organizations uncover and anticipate cyberthreats.
By Brian Prince Contributing Writer, Dark Reading, 7/25/2014
Comment2 comments  |  Read  |  Post a Comment
Internet of Things: 4 Security Tips From The Military
Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & ServicesCommentary
The military has been connecting mobile command posts, unmanned vehicles, and wearable computers for decades. It’s time to take a page from their battle plan.
By Michael K. Daly CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services, 7/25/2014
Comment13 comments  |  Read  |  Post a Comment
Travel Agency Fined £150,000 For Violating Data Protection Act
Sara Peters, News
That'll teach them not to retain credit card data in perpetuity.
By Sara Peters , 7/24/2014
Comment1 Comment  |  Read  |  Post a Comment
Passwords Be Gone! Removing 4 Barriers To Strong Authentication
Phillip M. Dunkelberger, President & CEO, Nok Nok LabsCommentary
As biometric factors become more prevalent on mobile devices, FIDO Alliance standards will gain traction as an industry-wide authentication solution.
By Phillip M. Dunkelberger President & CEO, Nok Nok Labs, 7/24/2014
Comment9 comments  |  Read  |  Post a Comment
7 Arrested, 3 More Indicted For Roles In Cyber Fraud Ring That Stung StubHub
Sara Peters, News
Arrests made in New York state, London, Toronto, and Spain for money laundering, grand larceny, and using StubHub customers' credit cards to buy and sell 3,500 e-tickets to prime events.
By Sara Peters , 7/23/2014
Comment3 comments  |  Read  |  Post a Comment
RAM Scraper Malware: Why PCI DSS Can't Fix Retail
Brian Riley, Technical Director, Government Programs, Green Hills SoftwareCommentary
There is a gaping hole in the pre-eminent industry security standard aimed at protecting customers, credit card and personal data
By Brian Riley Technical Director, Government Programs, Green Hills Software, 7/23/2014
Comment8 comments  |  Read  |  Post a Comment
Dark Reading Radio: The Winners & Losers of Botnet Takedowns
Sara Peters, Commentary
Our guests are Cheri McGuire, VP of global government affairs and cyber security policy for Symantec, and Craig D. Spiezle, executive director and founder of the Online Trust Alliance.
By Sara Peters , 7/23/2014
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
Microsoft, No-IP, And The Need For Clarity
Microsoft, No-IP, And The Need For Clarity
The Microsoft vs. No-IP case highlights the need for clear standards of abuse handling and transparency on which service providers measure up.
Comment0 comments
Read | Post a Comment
More Sophos Security Insights
Products & Releases
Alert Logic Announces Security Solutions for Google Cloud Platform
Experian Launches Platform For Managing Cross-Channel Fraud Risk
Bayshore Networks Extends PallatonCapabilities for High-Value IP Protection
Microsoft and Akamai Join Forces in First Cyber-Security Focused Accelerator in Israel
Cyber security and big data innovator ThetaRay closes $10m oversubscribed series B funding round
Android Fake ID Vulnerability Lets Malware Impersonate Trusted Applications, Puts All Android Since January 2010 At Risk
Business and IT Emerge as Essential Allies in the Move to Social IDs and 'Bring Your Own Identity'
IT Security Pros Surveyed: Poor password management leaves accounts open to attack
More Products & Releases
PR Newswire
Internet of Things: 4 Security Tips From The Military
Michael K. Daly, CTO, Cybersecurity & Special Missions, Raytheon Intelligence, Information & Services,  7/25/2014
Phishing: What Once Was Old Is New Again
Dave Kearns, Analyst, Kuppinger-Cole,  7/30/2014
Weak Password Advice From Microsoft
Andrey Dulkin, Senior Director, Cyber Innovation, CyberArk,  7/28/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Archived Dark Reading Radio
Join us as security researcher Zach Lanier provides a peek at the surprising weaknesses in DLP
Flash Poll
White Papers
Current Issue
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-6651
Published: 2014-07-31
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.

CVE-2014-2970
Published: 2014-07-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...

CVE-2014-3488
Published: 2014-07-31
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.

CVE-2014-3554
Published: 2014-07-31
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.

CVE-2014-5171
Published: 2014-07-31
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.

Best of the Web
DevOps’ Impact on Application Security
DevOps’ Impact on Application Security
Managing the interdependency between software and infrastructure is a thorny challenge. Often, it’s a “developers are from Mars, systems engineers are from Venus” situation.
Video
Slideshows
Twitter Feed
Cartoon