DR Radio: A Grown-Up Conversation About Passwords
InfoSec Book Club: What's On Your Fall Reading List?
Home Depot Breach May Not Be Related To BlackPOS, Target
Privacy, Security & The Geography Of Data Protection
Black Hat & DEF CON: 3 Lessons From A Newbie
News & Commentary
Facebook Developing App For Private Sharing
Kristin Burnham, Senior Editor, InformationWeek.comCommentary
Facebook's in-development "Moments" app could make sharing with small groups easier. Here's what we know, plus tips to manage friend lists now.
By Kristin Burnham Senior Editor, InformationWeek.com, 9/17/2014
Comment0 comments  |  Read  |  Post a Comment
How To Build Battle-Tested Websites
Joe Masters Emison, CTO, BuildFaxCommentary
It doesn't matter whether your e-commerce D-Day is Black Friday, tax day, or some random Thursday when a post goes viral. Your websites need to be ready.
By Joe Masters Emison CTO, BuildFax, 9/17/2014
Comment0 comments  |  Read  |  Post a Comment
Data Privacy Etiquette: It's Not Just For Kids
Lysa Myers, Security Researcher, ESETCommentary
Children are the innocent victims of the worst effects of social media. That’s why it’s vital for adults to establish privacy values that are safe for them -- and the rest of us.
By Lysa Myers Security Researcher, ESET, 9/17/2014
Comment0 comments  |  Read  |  Post a Comment
Meet The Next Next-Gen Firewall
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
Or at least the latest iteration of one of the oldest-running security tools that continues to evolve and transform with the times.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/16/2014
Comment2 comments  |  Read  |  Post a Comment
Browser Vulnerability 'Privacy Disaster' For 3 Of 4 Android Users
Sara Peters, Senior Editor at Dark ReadingQuick Hits
An exploit of an unsupported Android browser bypasses the ever-important Same Origin Policy.
By Sara Peters Senior Editor at Dark Reading, 9/16/2014
Comment1 Comment  |  Read  |  Post a Comment
New CVE Naming Convention Could Break Vulnerability Management
Ericka Chickowski, Contributing Writer, Dark ReadingNews
MITRE sets deadline for releasing new CVEs with different ID format syntax, regardless of how many vulnerabilities we see in 2014.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/16/2014
Comment0 comments  |  Read  |  Post a Comment
DR Radio: A Grown-Up Conversation About Passwords
Sara Peters, Senior Editor at Dark ReadingCommentary
Cormac Herley of Microsoft Research will challenge everything you think you know about password management.
By Sara Peters Senior Editor at Dark Reading, 9/16/2014
Comment1 Comment  |  Read  |  Post a Comment
In Defense Of Passwords
Corey Nachreiner, Director, Security Strategy & Research, WatchGuard TechnologiesCommentary
Long live the password (as long as you use it correctly along with something else).
By Corey Nachreiner Director, Security Strategy & Research, WatchGuard Technologies, 9/16/2014
Comment7 comments  |  Read  |  Post a Comment
The Security Skills Shortage No One Talks About
Jeremy Bergsman & Emma Kinnucan, CEBCommentary
Lack of soft skills in information security is an even bigger problem than the shortage of technical expertise.
By Jeremy Bergsman & Emma Kinnucan CEB, 9/16/2014
Comment3 comments  |  Read  |  Post a Comment
Worm Illuminates Potential NAS Nightmare
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
A researcher at Black Hat Europe hopes to demonstrate a homegrown, self-replicating worm to illustrate major threats to popular network-attached storage systems.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/15/2014
Comment6 comments  |  Read  |  Post a Comment
Internet Of Things Devices Are Doomed
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Security researchers hack Canon printer firmware to run the classic 90s video game Doom as well as to wreak havoc with other manipulations.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/15/2014
Comment9 comments  |  Read  |  Post a Comment
5 Myths: Why We Are All Data Security Risks
Lance Cottrell, Chief Scientist, NtrepidCommentary
I am absolutely sure that I could be tricked by a well-crafted spear phishing attack, and I am equally sure I could do the same to you.
By Lance Cottrell Chief Scientist, Ntrepid, 9/15/2014
Comment5 comments  |  Read  |  Post a Comment
Security Ops Confidence Levels Drop
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Survey shows most organizations unable to keep up with new and emerging threats from state-sponsored attackers.
By Ericka Chickowski Contributing Writer, Dark Reading, 9/12/2014
Comment5 comments  |  Read  |  Post a Comment
Why Email Is Worth Saving
Daniel Ingevaldson, CTO, Easy SolutionsCommentary
What if an Internet-scale, federated policy, authentication, and enforcement framework for trusted email delivery were available? It is.
By Daniel Ingevaldson CTO, Easy Solutions, 9/12/2014
Comment11 comments  |  Read  |  Post a Comment
Veracode Secures $40M In Funding As IPO Looms
Brian Prince, Contributing Writer, Dark ReadingNews
Security firm plans to increase investments in sales, marketing, and research and development.
By Brian Prince Contributing Writer, Dark Reading, 9/12/2014
Comment1 Comment  |  Read  |  Post a Comment
Dyre Straits: Why This Cloud Attack's Different
Kaushik Narayan, Co-Founder and CTO at Skyhigh NetworksCommentary
Dyre is a new breed of Trojan, attacking cloud apps and using the cloud as a delivery vehicle.
By Kaushik Narayan Co-Founder and CTO at Skyhigh Networks, 9/12/2014
Comment3 comments  |  Read  |  Post a Comment
Franchising The Chinese APT
Kelly Jackson Higgins, Executive Editor at Dark ReadingNews
At least two different cyber espionage gangs in China appear to be employing uniform tools and techniques, FireEye finds.
By Kelly Jackson Higgins Executive Editor at Dark Reading, 9/11/2014
Comment7 comments  |  Read  |  Post a Comment
Home Depot Breach May Not Be Related To BlackPOS, Target
Sara Peters, Senior Editor at Dark ReadingNews
New analysis of the malware earlier identified as a BlackPOS variant leads some researchers to believe that they are two different malware families entirely.
By Sara Peters Senior Editor at Dark Reading, 9/11/2014
Comment5 comments  |  Read  |  Post a Comment
Apple Pay: A Necessary Push To Transform Consumer Payments
Lucas Zaichkowsky, Enterprise Defense Architect, AccessDataCommentary
Apple Pay is a strategic move that will rival PayPal and other contenders in the mobile wallet marketplace. The big question is whether consumers and businesses are ready to ditch the plastic.
By Lucas Zaichkowsky Enterprise Defense Architect, AccessData, 9/11/2014
Comment16 comments  |  Read  |  Post a Comment
Privacy, Security & The Geography Of Data Protection
Malte Pollmann, CEO, UtimacoCommentary
Data generation is global, so why do different parts of the world react differently to the same threat of security breaches and backdoors?
By Malte Pollmann CEO, Utimaco, 9/11/2014
Comment6 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Security Insights
3 Places to Enable 2-Factor Authentication Now
3 Places to Enable 2-Factor Authentication Now
Two-factor authentication is a ubiquitous, mature technology. Whether or not you use it for your network, here are three external services for which you should immediately enable it.
Comment1 comments
Read | Post a Comment
More Sophos Security Insights
PR Newswire
Apple Pay Ups Payment Security But PoS Threats Remain
Sara Peters, Senior Editor at Dark Reading,  9/10/2014
Apple Pay: A Necessary Push To Transform Consumer Payments
Lucas Zaichkowsky, Enterprise Defense Architect, AccessData,  9/11/2014
Why Email Is Worth Saving
Daniel Ingevaldson, CTO, Easy Solutions,  9/12/2014
Register for Dark Reading Newsletters
Dark Reading Radio
Listen Now A Grown-Up Conversation About Passwords
A Grown-Up Conversation About Passwords
Cartoon
White Papers
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1032
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker module 3.x before 3.4.5 for EPiServer allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party inf...

CVE-2012-1417
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.

CVE-2012-1506
Published: 2014-09-17
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from th...

CVE-2012-1507
Published: 2014-09-17
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) newHspStatus parameter to plugins/ajaxCalls/haltResumeHsp.php, (2) sortOrder1 parameter to templates/hrfunct/emppop.php, or (3) uri parameter to index...

CVE-2012-2583
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email.

Best of the Web
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Flash Poll
Video
Slideshows
Twitter Feed